
Create a new scheduledPermissionsRequest object.


   [-ResponseHeadersVariable <String>]
   [-Action <String>]
   [-AdditionalProperties <Hashtable>]
   [-CreatedDateTime <DateTime>]
   [-Id <String>]
   [-Justification <String>]
   [-Notes <String>]
   [-RequestedPermissions <IMicrosoftGraphPermissionsDefinition>]
   [-ScheduleInfo <IMicrosoftGraphRequestSchedule>]
   [-StatusDetail <String>]
   [-TicketInfo <IMicrosoftGraphTicketInfo>]
   [-Headers <IDictionary>]
   [-ProgressAction <ActionPreference>]
   -BodyParameter <IMicrosoftGraphScheduledPermissionsRequest>
   [-ResponseHeadersVariable <String>]
   [-Headers <IDictionary>]
   [-ProgressAction <ActionPreference>]


Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) ScheduledPermissions.ReadWrite.All Not available.
Delegated (personal Microsoft account) Not supported. Not supported.
Application Not supported. Not supported.


Example 1: AWS policy request

Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	requestedPermissions = @{
		"@odata.type" = "#microsoft.graph.awsPermissionsDefinition"
		authorizationSystemInfo = @{
			authorizationSystemId = "956987887735"
			authorizationSystemType = "AWS"
		actionInfo = @{
			"@odata.type" = "microsoft.graph.awsPolicyPermissionsDefinitionAction"
			policies = @(
					id = "arn:aws:iam::956987887735:policy/AddUserToGroup"
			assignToRoleId = "arn:aws:aim::956987887735:role/saml-user"
		identityInfo = @{
			externalId = ""
			source = @{
				"@odata.type" = "microsoft.graph.samlIdentitySource"
			identityType = "user"
	justification = "I need to do this because I want to add a user to a group"
	notes = "Pretty Please"
	scheduleInfo = @{
		expiration = @{
			duration = "PT1H"
	ticketInfo = @{
		ticketNumber = "INC1234567"
		ticketSystem = "ServiceNow"
		ticketSubmitterIdentityId = ""
		ticketApproverIdentityId = ""

New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params

This example will aws policy request

Example 2: Azure roles request

Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	requestedPermissions = @{
		"@odata.type" = "microsoft.graph.singleResourceAzurePermissionsDefinition"
		authorizationSystemInfo = @{
			authorizationSystemId = "87eefd90-95a3-480a-ba42-56ff299a05ee"
			authorizationSystemType = "AZURE"
		actionInfo = @{
			"@odata.type" = "microsoft.graph.azureRolePermissionsDefinitionAction"
			roles = @(
					id = "cdda3590-29a3-44f6-95f2-9f980659eb04"
					id = "312a565d-c81f-4fd8-895a-4e21e48d571c"
		identityInfo = @{
			externalId = ""
			source = @{
				"@odata.type" = "microsoft.graph.edIdentitySource"
			identityType = "user"
		resourceId = "/subscriptions/87eefd90-95a3-480a-ba42-56ff299a05ee"
	justification = "I need to do this because I want to some new azure roles"
	notes = "Pretty Pleaseeeee"
	scheduleInfo = @{
		expiration = @{
			duration = "PT1H"
		recurrence = $null
	ticketInfo = @{
		ticketNumber = "INC1234567"
		ticketSystem = "ServiceNow"
		ticketSubmitterIdentityId = ""
		ticketApproverIdentityId = ""

New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params

This example will azure roles request

Example 3: GCP actions request

Import-Module Microsoft.Graph.Beta.Identity.Governance

$params = @{
	requestedPermissions = @{
		"@odata.type" = "microsoft.graph.singleResourceGcpPermissionsDefinition"
		authorizationSystemInfo = @{
			authorizationSystemId = "carbide-bonsai-205017"
			authorizationSystemType = "GCP"
		actionInfo = @{
			"@odata.type" = "microsoft.graph.gcpActionPermissionsDefinitionAction"
			actions = @(
	identityInfo = @{
		externalId = ""
		source = @{
			"@odata.type" = "microsoft.graph.edIdentitySource"
		identityType = "user"
	resourceId = "carbide-bonsai-205017"
justification = "I need to do this because I want to code my own chat GPT-3 bot on GCP"
notes = "Pretty Pleaseeeee"
scheduleInfo = @{
	expiration = @{
		duration = "PT1H"
ticketInfo = @{
	ticketNumber = "INC1234567"
	ticketSystem = "ServiceNow"
	ticketSubmitterIdentityId = ""
	ticketApproverIdentityId = ""

New-MgBetaIdentityGovernancePermissionManagementScheduledPermissionRequest -BodyParameter $params

This example will gcp actions request




Type:String
Accept pipeline input:False
Accept wildcard characters:False


Type:Hashtable

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Type:IMicrosoftGraphScheduledPermissionsRequest

Default value:None
Accept pipeline input:True
Accept wildcard characters:False


Type:SwitchParameter
Aliases:cf

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Type:DateTime

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Type:IDictionary

Default value:None
Accept pipeline input:True
Accept wildcard characters:False


Type:String

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Type:String

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Type:String

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Type:ActionPreference
Aliases:proga

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Type:IMicrosoftGraphPermissionsDefinition

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Type:String
Aliases:RHV

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Type:IMicrosoftGraphRequestSchedule

Default value:None
Accept pipeline input:False
Accept wildcard characters:False



Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Type:IMicrosoftGraphTicketInfo

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Type:SwitchParameter
Aliases:wi

Default value:None
Accept pipeline input:False
Accept wildcard characters:False








To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IMicrosoftGraphScheduledPermissionsRequest>: scheduledPermissionsRequest

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Id <String>]: The unique identifier for an entity. Read-only.
  • [Action <String>]: unifiedRoleScheduleRequestActions
  • [CreatedDateTime <DateTime?>]: Defines when the identity created the request.
  • [Justification <String>]: The identity's justification for the request.
  • [Notes <String>]: Additional context for the permissions request.
  • [RequestedPermissions <IMicrosoftGraphPermissionsDefinition>]: permissionsDefinition
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [AuthorizationSystemInfo <IMicrosoftGraphPermissionsDefinitionAuthorizationSystem>]: permissionsDefinitionAuthorizationSystem
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [AuthorizationSystemId <String>]: ID of the authorization system retrieved from the customer cloud environment.
      • [AuthorizationSystemType <String>]: The type of authorization system.
    • [IdentityInfo <IMicrosoftGraphPermissionsDefinitionAuthorizationSystemIdentity>]: permissionsDefinitionAuthorizationSystemIdentity
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [ExternalId <String>]: Unique ID of the identity within the external system. Prefixed with rsn: if this is a SAML or ED user in AWS. Alternate key.
      • [IdentityType <String>]: permissionsDefinitionIdentityType
      • [Source <IMicrosoftGraphPermissionsDefinitionIdentitySource>]: permissionsDefinitionIdentitySource
        • [(Any) <Object>]: This indicates any property can be added to this object.
  • [ScheduleInfo <IMicrosoftGraphRequestSchedule>]: requestSchedule
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [Expiration <IMicrosoftGraphExpirationPattern>]: expirationPattern
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [Duration <TimeSpan?>]: The requestor's desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours. If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.
      • [EndDateTime <DateTime?>]: Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
      • [Type <String>]: expirationPatternType
    • [Recurrence <IMicrosoftGraphPatternedRecurrence>]: patternedRecurrence
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [Pattern <IMicrosoftGraphRecurrencePattern>]: recurrencePattern
        • [(Any) <Object>]: This indicates any property can be added to this object.
        • [DayOfMonth <Int32?>]: The day of the month on which the event occurs. Required if type is absoluteMonthly or absoluteYearly.
        • [DaysOfWeek <String- []>]: A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. If type is relativeMonthly or relativeYearly, and daysOfWeek specifies more than one day, the event falls on the first day that satisfies the pattern. Required if type is weekly, relativeMonthly, or relativeYearly.
        • [FirstDayOfWeek <String>]: dayOfWeek
        • [Index <String>]: weekIndex
        • [Interval <Int32?>]: The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type. Required.
        • [Month <Int32?>]: The month in which the event occurs. This is a number from 1 to 12.
        • [Type <String>]: recurrencePatternType
      • [Range <IMicrosoftGraphRecurrenceRange>]: recurrenceRange
        • [(Any) <Object>]: This indicates any property can be added to this object.
        • [EndDate <DateTime?>]: The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date. Required if type is endDate.
        • [NumberOfOccurrences <Int32?>]: The number of times to repeat the event. Required and must be positive if type is numbered.
        • [RecurrenceTimeZone <String>]: Time zone for the startDate and endDate properties. Optional. If not specified, the time zone of the event is used.
        • [StartDate <DateTime?>]: The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event. Required.
        • [Type <String>]: recurrenceRangeType
    • [StartDateTime <DateTime?>]: The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. In PIM, when the eligible or active assignment becomes active.
  • [StatusDetail <String>]: statusDetail
  • [TicketInfo <IMicrosoftGraphTicketInfo>]: ticketInfo
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [TicketApproverIdentityId <String>]: ID for the request approver.
    • [TicketNumber <String>]: The ticket number.
    • [TicketSubmitterIdentityId <String>]: ID for the request submitter.
    • [TicketSystem <String>]: The description of the ticket system.

REQUESTEDPERMISSIONS <IMicrosoftGraphPermissionsDefinition>: permissionsDefinition

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [AuthorizationSystemInfo <IMicrosoftGraphPermissionsDefinitionAuthorizationSystem>]: permissionsDefinitionAuthorizationSystem
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [AuthorizationSystemId <String>]: ID of the authorization system retrieved from the customer cloud environment.
    • [AuthorizationSystemType <String>]: The type of authorization system.
  • [IdentityInfo <IMicrosoftGraphPermissionsDefinitionAuthorizationSystemIdentity>]: permissionsDefinitionAuthorizationSystemIdentity
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [ExternalId <String>]: Unique ID of the identity within the external system. Prefixed with rsn: if this is a SAML or ED user in AWS. Alternate key.
    • [IdentityType <String>]: permissionsDefinitionIdentityType
    • [Source <IMicrosoftGraphPermissionsDefinitionIdentitySource>]: permissionsDefinitionIdentitySource
      • [(Any) <Object>]: This indicates any property can be added to this object.

SCHEDULEINFO <IMicrosoftGraphRequestSchedule>: requestSchedule

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [Expiration <IMicrosoftGraphExpirationPattern>]: expirationPattern
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [Duration <TimeSpan?>]: The requestor's desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours. If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.
    • [EndDateTime <DateTime?>]: Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
    • [Type <String>]: expirationPatternType
  • [Recurrence <IMicrosoftGraphPatternedRecurrence>]: patternedRecurrence
    • [(Any) <Object>]: This indicates any property can be added to this object.
    • [Pattern <IMicrosoftGraphRecurrencePattern>]: recurrencePattern
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [DayOfMonth <Int32?>]: The day of the month on which the event occurs. Required if type is absoluteMonthly or absoluteYearly.
      • [DaysOfWeek <String- []>]: A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. If type is relativeMonthly or relativeYearly, and daysOfWeek specifies more than one day, the event falls on the first day that satisfies the pattern. Required if type is weekly, relativeMonthly, or relativeYearly.
      • [FirstDayOfWeek <String>]: dayOfWeek
      • [Index <String>]: weekIndex
      • [Interval <Int32?>]: The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type. Required.
      • [Month <Int32?>]: The month in which the event occurs. This is a number from 1 to 12.
      • [Type <String>]: recurrencePatternType
    • [Range <IMicrosoftGraphRecurrenceRange>]: recurrenceRange
      • [(Any) <Object>]: This indicates any property can be added to this object.
      • [EndDate <DateTime?>]: The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date. Required if type is endDate.
      • [NumberOfOccurrences <Int32?>]: The number of times to repeat the event. Required and must be positive if type is numbered.
      • [RecurrenceTimeZone <String>]: Time zone for the startDate and endDate properties. Optional. If not specified, the time zone of the event is used.
      • [StartDate <DateTime?>]: The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event. Required.
      • [Type <String>]: recurrenceRangeType
  • [StartDateTime <DateTime?>]: The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. In PIM, when the eligible or active assignment becomes active.

TICKETINFO <IMicrosoftGraphTicketInfo>: ticketInfo

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [TicketApproverIdentityId <String>]: ID for the request approver.
  • [TicketNumber <String>]: The ticket number.
  • [TicketSubmitterIdentityId <String>]: ID for the request submitter.
  • [TicketSystem <String>]: The description of the ticket system.