Privileged Identity Management - My roles
I've created an Azure security group called "contoso-ad-adm-teams-administrator". Under "Privileged Identity Management" I added an eligible assignment for the member Adele.
In the Azure portal, I can see all the groups available to me (Adele) via “Privileged Identity Management” -> “My roles” -> Groups under “Eligible assignments”.
I'm writing a tools with C# to manage or abstract Azure PIM. For that I'm using Graph API. For development I'm using https://developer.microsoft.com/en-us/graph/graph-explorer. How can I retrieve PIM -> My roles via the Graph API?
Initially, I created one security group named "contoso-ad-adm-teams-administrator" and added one eligible assignment under PIM for user 'Sri' as below:
You can also find this here: “Privileged Identity Management” -> “My roles” -> Groups under “Eligible assignments”:
To retrieve above details via Graph API, you can make use of this API call by granting consent to "PrivilegedEligibilitySchedule.Read.AzureADGroup" permission:
GET https://graph.microsoft.com/v1.0/identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/filterByCurrentUser(on='principal')
Response:
Reference:
privilegedAccessGroupEligibilityScheduleInstance: filterByCurrentUser - Microsoft Graph
- Can't signin into microsoft account
- TenantGuidNotFound when trying to send email using Microsfot GraphAPI
- Azure Function App Kudu Functions API with empty response
- Get Azure Active Directory password expiry date in PowerShell
- Provision new SQL Azure database into existing, non-terraform managed SQL Server instance
- Azure Logic App HTTP Request Authentication Scope
- Get Log analytics workspace ID of a virtual machine in Azure connected to a workspace in a different subscription
- Enabling minimum apiVersion to 2021-08-01 in Azure API Management causing saving issues or deployment errors for existing logic apps
- Privileged Identity Management - My roles
- Creating a VM in Azure using Powershell
- Creating multiple function apps with one Flex Consumption plan
- Azure Bicep reference existing resources from different subscriptions using ternary operators inside scope property
- Trigger azure function on user registration in b2c
- Migrating from validate-jwt to validate-azure-ad-token policy
- Azure DevOps Pipeline Expression Evaluation
- Using Event Hubs binding for Azure Functions with managed identities?
- How to connect a microsoft SQL Server database to Open Data Discovery (odd-odd-platform)?
- Cosmos DB for MongoDB private endpoint requests blocked by network firewall
- Specifying SAS Token Authorization header with Azure REST API
- Databricks ui is different between different Azure Tenants with activated SCIM Integration
- Download large files in Azure image builder process
- TriggerBuild Could not queue the build because there were validation errors or warnings
- How to filter users in directory by company name with Microsoft Graph Java SDK?
- How to get the azure subscription current cost using PowerShell
- How to automate Azure Data Factory (ADF) credential updates from development to production using Azure DevOps?
- Azure Form Recognizer Set API Version
- Is there a way to deploy a azure function directly to a storage account with private endpoint
- How do I flatten certain properties in a nested structure using Linq for Cosmos noSQL?
- Unable to locate executable file: 'bash'. Please verify either the file path exists
- "We're sorry, your sql database is unavailable" What does this mean exactly in Azure SQL?