Update-MgBetaPolicyExternalIdentityPolicy
Update the settings of the tenant-wide externalIdentitiesPolicy object that controls whether external users can leave a Microsoft Entra tenant via self-service controls.
Syntax
Update-MgBetaPolicyExternalIdentityPolicy
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-AllowDeletedIdentitiesDataRemoval]
[-AllowExternalIdentitiesToLeave]
[-DeletedDateTime <DateTime>]
[-Description <String>]
[-DisplayName <String>]
[-Id <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Update-MgBetaPolicyExternalIdentityPolicy
-BodyParameter <IMicrosoftGraphExternalIdentitiesPolicy>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Update the settings of the tenant-wide externalIdentitiesPolicy object that controls whether external users can leave a Microsoft Entra tenant via self-service controls.
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | Policy.ReadWrite.ExternalIdentities | Not available. |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | Policy.ReadWrite.ExternalIdentities | Not available. |
Examples
Example 1: Code snippet
Import-Module Microsoft.Graph.Beta.Identity.SignIns
$params = @{
allowExternalIdentitiesToLeave = $false
}
Update-MgBetaPolicyExternalIdentityPolicy -BodyParameter $paramsThis example shows how to use the Update-MgBetaPolicyExternalIdentityPolicy Cmdlet.
Parameters
-AdditionalProperties
Additional Parameters
| Type: | Hashtable |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowDeletedIdentitiesDataRemoval
Reserved for future use.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AllowExternalIdentitiesToLeave
Defines whether external users can leave the guest tenant. If set to false, self-service controls are disabled, and the admin of the guest tenant must manually remove the external user from the guest tenant. When the external user leaves the tenant, their data in the guest tenant is first soft-deleted then permanently deleted in 30 days.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-BodyParameter
externalIdentitiesPolicy To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
| Type: | IMicrosoftGraphExternalIdentitiesPolicy |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DeletedDateTime
Date and time when this object was deleted. Always null when the object hasn't been deleted.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Description
Description for this policy. Required.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisplayName
Display name for this policy. Required.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
| Type: | IDictionary |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Id
The unique identifier for an entity. Read-only.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
| Type: | ActionPreference |
| Aliases: | proga |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
| Type: | String |
| Aliases: | RHV |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphExternalIdentitiesPolicy
System.Collections.IDictionary
Outputs
Microsoft.Graph.Beta.PowerShell.Models.IMicrosoftGraphExternalIdentitiesPolicy
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IMicrosoftGraphExternalIdentitiesPolicy>: externalIdentitiesPolicy
[(Any) <Object>]: This indicates any property can be added to this object.[Description <String>]: Description for this policy. Required.[DisplayName <String>]: Display name for this policy. Required.[DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.[Id <String>]: The unique identifier for an entity. Read-only.[AllowDeletedIdentitiesDataRemoval <Boolean?>]: Reserved for future use.[AllowExternalIdentitiesToLeave <Boolean?>]: Defines whether external users can leave the guest tenant. If set to false, self-service controls are disabled, and the admin of the guest tenant must manually remove the external user from the guest tenant. When the external user leaves the tenant, their data in the guest tenant is first soft-deleted then permanently deleted in 30 days.