To query the azure resources in Graph, you will need to pass an ExternalId filter and the rest should be straight forward.
Below is an example of adding a user as Eligible Owner on a subscription.
The pre-requisite is that you have already installed Azure AD Preview PowerShell by following these steps https://docs.microsoft.com/en-us/powershell/azure/active-directory/install-adv2?view=azureadps-2.0
Connect-AzureAD
$resource = Get-AzureADMSPrivilegedResource -Provider azureResources -Filter "ExternalId eq '/subscriptions/38ab2ccc-3747-4567-b36b-9478f5602f0d'"
$roleDefinition = Get-AzureADMSPrivilegedRoleDefinition -ProviderId azureResources -ResourceId $resource.Id -Filter "DisplayName eq 'Owner'"
$subject = Get-AzureADUser -Filter "userPrincipalName eq 'upn'"
$schedule = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedSchedule
$schedule.Type = "Once"
$schedule.StartDateTime = (Get-Date).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
$schedule.EndDateTime = (Get-Date).AddDays(30).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffZ")
Open-AzureADMSPrivilegedRoleAssignmentRequest -ProviderId azureResources -Schedule $schedule -ResourceId $resource.Id -RoleDefinitionId $roleDefinition.Id -SubjectId $subject.ObjectId -AssignmentState "Eligible" -Type "AdminAdd" -Reason "Test"
No comments:
Post a Comment