MS Graph PS commands to elevate/join users to privileged security group
A user who is eligible to enter this group should be able to activate his memebership just like any other priviaged role.
I am writing a script that can be used to elevate a user to a privileged role or a privileged security group
I can use Get-MgRoleManagementDirectoryRoleEligibilityScheduleInstance to activate an eligible role assignment for a user.
Is there a similar command that activates Privileged Identity Management for Groups?
I have one eligible assignment under Groups for a user in PIM like this:
To retrieve these details via PowerShell, you can run below MS Graph PowerShell command:
Connect-MgGraph -Scope "PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup"
Invoke-MgFilterIdentityGovernancePrivilegedAccessGroupEligibilityScheduleInstanceByCurrentUser -On "principal" | fl
Response:
To activate this eligible assignment via PowerShell, I ran below script and got response like this:
Connect-MgGraph -Scope "PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup"
Import-Module Microsoft.Graph.Identity.Governance
$params = @{
accessId = "member"
principalId = "userId"
groupId = "groupId"
action = "selfActivate"
scheduleInfo = @{
startDateTime = Get-Date
expiration = @{
type = "afterDuration"
duration = "PT2H"
}
}
justification = "Activate assignment."
}
New-MgIdentityGovernancePrivilegedAccessGroupAssignmentScheduleRequest -BodyParameter $params
Response:
When I checked the same in Portal, role activated successfully to group as below:
Reference: Create eligibilityScheduleRequest - Microsoft Graph v1.0