From a34d2c15d093dd31c7b4e1c1349b398227ecea88 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Fri, 25 Oct 2024 20:00:50 +0000 Subject: [PATCH 1/9] Example enhancements based on customer feedback. --- .../Get-EntraBetaGroupMember.md | 43 ++++++++-------- .../Get-EntraBetaUser.md | 5 +- .../Get-EntraGroupMember.md | 49 ++++++++++--------- .../Microsoft.Graph.Entra/Get-EntraUser.md | 5 +- 4 files changed, 57 insertions(+), 45 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md index 765718a58..a811bf39c 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md @@ -55,28 +55,32 @@ To list members of a hidden group, the `Member.Read.Hidden` permission is also r ## Examples -### Example 1: Get a group member by ID +### Example 1: Retrieve and Select Group Member Properties ```powershell -Connect-Entra -Scopes 'GroupMember.Read.All' -Get-EntraBetaGroupMember -GroupId 'eeeeeeee-4444-5555-6666-ffffffffffff' +$group = Get-EntraBetaGroup -Filter "DisplayName eq 'Sales and Marketing'" +Get-EntraBetaGroup -GroupId $group.Id | Get-EntraBetaGroupMember | Select-Object Id, DisplayName, '@odata.type' ``` ```Output -Id DeletedDateTime --- --------------- -bbbbbbbb-7777-8888-9999-cccccccccccc +Id DisplayName @odata.type +------------------------------------ ----------------- ------------------------------- +dddddddd-3333-4444-5555-eeeeeeeeeeee Sawyer Miller #microsoft.graph.user +eeeeeeee-4444-5555-6666-ffffffffffff Alex Wilber #microsoft.graph.user +aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb My Application #microsoft.graph.servicePrincipal +cccccccc-8888-9999-0000-dddddddddddd Contoso Group #microsoft.graph.group ``` -This example demonstrates how to retrieve group member by ID. +This example retrieves the members of a specified group by its `GroupId` and selects only the `Id`, `DisplayName` and `@odata.type` properties for each member. -- `-GroupId` Specifies the ID of a group. +- `-GroupId` specifies the ID of a group. ### Example 2: Get two group member ```powershell Connect-Entra -Scopes 'GroupMember.Read.All' -Get-EntraBetaGroupMember -GroupId 'bbbbbbbb-7777-8888-9999-cccccccccccc' -Top 2 +$group = Get-EntraBetaGroup -Filter "DisplayName eq 'Sales and Marketing'" +Get-EntraBetaGroupMember -GroupId $group.Id -Top 2 ``` ```Output @@ -94,7 +98,8 @@ This example demonstrates how to retrieve top two groups from Microsoft Entra ID ```powershell Connect-Entra -Scopes 'GroupMember.Read.All' -Get-EntraBetaGroupMember -GroupId 'dddddddd-9999-0000-1111-eeeeeeeeeeee' -All +$group = Get-EntraBetaGroup -Filter "DisplayName eq 'Sales and Marketing'" +Get-EntraBetaGroupMember -GroupId $group.Id -All ``` ```Output @@ -111,25 +116,23 @@ This example retrieves all members within a group by group ID. - `-GroupId` specifies the ID of a group. -### Example 4: Retrieve and Select Group Member Properties +### Example 4: Get a group member by ID ```powershell Connect-Entra -Scopes 'GroupMember.Read.All' -Get-EntraBetaGroupMember -GroupId 'tttttttt-0000-2222-0000-aaaaaaaaaaaa' | Select-Object DisplayName, '@odata.type' +$group = Get-EntraBetaGroup -Filter "DisplayName eq 'Sales and Marketing'" +Get-EntraBetaGroupMember -GroupId $group.Id ``` ```Output -displayName @odata.type ------------ ----------- -test1 #microsoft.graph.user -test2 #microsoft.graph.user -test2 #microsoft.graph.servicePrincipal -test3 #microsoft.graph.servicePrincipal +Id DeletedDateTime +-- --------------- +bbbbbbbb-7777-8888-9999-cccccccccccc ``` -This example retrieves the members of a specified group by its `GroupId` and selects only the `DisplayName` and `@odata.type` properties for each member. +This example demonstrates how to retrieve group member by ID. -- `-GroupId` specifies the ID of a group. +- `-GroupId` Specifies the ID of a group. ## Parameters diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUser.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUser.md index 898d47ed3..3baac885d 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUser.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaUser.md @@ -146,7 +146,7 @@ In this example, we retrieve all users whose MailNickname starts with Ada. ```powershell Connect-Entra -Scopes 'User.Read.All','AuditLog.Read.All' -Get-EntraBetaUser -UserId 'SawyerM@contoso.com' -Property 'SignInActivity' | Select-Object -ExpandProperty 'SignInActivity' +Get-EntraBetaUser -UserId 'SawyerM@contoso.com' -Property 'SignInActivity' | Select-Object -Property Id, DisplayName, UserPrincipalName -ExpandProperty 'SignInActivity' ``` ```Output @@ -156,6 +156,9 @@ lastSuccessfulSignInDateTime : 9/9/2024 1:12:13 PM lastNonInteractiveSignInDateTime : 9/9/2024 1:12:13 PM lastSuccessfulSignInRequestId : bbbbbbbb-1111-2222-3333-aaaaaaaaaaaa lastSignInDateTime : 9/7/2024 9:15:41 AM +id : aaaaaaaa-bbbb-cccc-1111-222222222222 +displayName : Sawyer Miller +userPrincipalName : SawyerM@contoso.com ``` This example demonstrates how to retrieve the SignInActivity of a specific user by selecting a property. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md index bdd0673a0..b9f55bfb0 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md @@ -55,46 +55,51 @@ To list members of a hidden group, the `Member.Read.Hidden` permission is also r ## Examples -### Example 1: Get a group member by ID +### Example 1: Retrieve and Select Group Member Properties ```powershell -Connect-Entra -Scopes 'GroupMember.Read.All' -Get-EntraGroupMember -GroupId 'bbbbbbbb-1111-2222-3333-cccccccccccc' +$group = Get-EntraGroup -Filter "DisplayName eq 'Sales and Marketing'" +Get-EntraGroup -GroupId $group.Id | Get-EntraGroupMember | Select-Object Id, DisplayName, '@odata.type' ``` ```Output -Id DeletedDateTime --- --------------- -bbbbbbbb-7777-8888-9999-cccccccccccc +Id DisplayName @odata.type +------------------------------------ ----------------- ------------------------------- +dddddddd-3333-4444-5555-eeeeeeeeeeee Sawyer Miller #microsoft.graph.user +eeeeeeee-4444-5555-6666-ffffffffffff Alex Wilber #microsoft.graph.user +aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb My Application #microsoft.graph.servicePrincipal +cccccccc-8888-9999-0000-dddddddddddd Contoso Group #microsoft.graph.group ``` -This example demonstrates how to retrieve group member by ID. +This example retrieves the members of a specified group by its `GroupId` and selects only the `Id`, `DisplayName` and `@odata.type` properties for each member. -- `-GroupId` Specifies the ID of a group. +- `-GroupId` specifies the ID of a group. ### Example 2: Get two group member ```powershell Connect-Entra -Scopes 'GroupMember.Read.All' -Get-EntraGroupMember -GroupId 'hhhhhhhh-8888-9999-8888-cccccccccccc' -Top 2 +$group = Get-EntraGroup -Filter "DisplayName eq 'Sales and Marketing'" +Get-EntraGroupMember -GroupId $group.Id -Top 2 ``` ```Output Id DeletedDateTime -- --------------- -00aa00aa-bb11-cc22-dd33-44ee44ee44ee -11bb11bb-cc22-dd33-ee44-55ff55ff55ff +cccccccc-8888-9999-0000-dddddddddddd +dddddddd-9999-0000-1111-eeeeeeeeeeee ``` This example demonstrates how to retrieve top two groups from Microsoft Entra ID. -- `-GroupId` specifies the ID of a group. +- `-GroupId` specifies the ID of a group. ### Example 3: Get all members within a group by group ID ```powershell Connect-Entra -Scopes 'GroupMember.Read.All' -Get-EntraGroupMember -GroupId 'tttttttt-0000-2222-0000-aaaaaaaaaaaa' -All +$group = Get-EntraGroup -Filter "DisplayName eq 'Sales and Marketing'" +Get-EntraGroupMember -GroupId $group.Id -All ``` ```Output @@ -111,25 +116,23 @@ This example retrieves all members within a group by group ID. - `-GroupId` specifies the ID of a group. -### Example 4: Retrieve and Select Group Member Properties +### Example 4: Get a group member by ID ```powershell Connect-Entra -Scopes 'GroupMember.Read.All' -Get-EntraGroupMember -GroupId 'tttttttt-0000-2222-0000-aaaaaaaaaaaa' | Select-Object DisplayName, '@odata.type' +$group = Get-EntraGroup -Filter "DisplayName eq 'Sales and Marketing'" +Get-EntraGroupMember -GroupId $group.Id ``` ```Output -displayName @odata.type ------------ ----------- -test1 #microsoft.graph.user -test2 #microsoft.graph.user -test2 #microsoft.graph.servicePrincipal -test3 #microsoft.graph.servicePrincipal +Id DeletedDateTime +-- --------------- +bbbbbbbb-7777-8888-9999-cccccccccccc ``` -This example retrieves the members of a specified group by its `GroupId` and selects only the `DisplayName` and `@odata.type` properties for each member. +This example demonstrates how to retrieve group member by ID. -- `-GroupId` specifies the ID of a group. +- `-GroupId` Specifies the ID of a group. ## Parameters diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUser.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUser.md index b463aa703..b0b93e6c3 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUser.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraUser.md @@ -145,7 +145,7 @@ In this example, we retrieve all users whose MailNickname starts with Ada. ```powershell Connect-Entra -Scopes 'User.Read.All','AuditLog.Read.All' -Get-EntraUser -UserId 'SawyerM@contoso.com' -Property 'SignInActivity' | Select-Object -ExpandProperty 'SignInActivity' +Get-EntraUser -UserId 'SawyerM@contoso.com' -Property 'SignInActivity' | Select-Object -Property Id, DisplayName, UserPrincipalName -ExpandProperty 'SignInActivity' ``` ```Output @@ -155,6 +155,9 @@ lastSuccessfulSignInDateTime : 9/9/2024 1:12:13 PM lastNonInteractiveSignInDateTime : 9/9/2024 1:12:13 PM lastSuccessfulSignInRequestId : bbbbbbbb-1111-2222-3333-aaaaaaaaaaaa lastSignInDateTime : 9/7/2024 9:15:41 AM +id : aaaaaaaa-bbbb-cccc-1111-222222222222 +displayName : Sawyer Miller +userPrincipalName : SawyerM@contoso.com ``` This example demonstrates how to retrieve the SignInActivity of a specific user by selecting a property. From 1304d1ae8421bc5962397d257c3a10aa8fe16a66 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Fri, 25 Oct 2024 20:29:04 +0000 Subject: [PATCH 2/9] Update groups via pipelining --- .../Microsoft.Graph.Entra.Beta/Set-EntraBetaGroup.md | 7 +------ .../Microsoft.Graph.Entra/Set-EntraGroup.md | 7 +------ 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaGroup.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaGroup.md index d301fc442..183c7367e 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaGroup.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaGroup.md @@ -64,12 +64,7 @@ This command updates the display name of a specified group in Microsoft Entra ID ```powershell Connect-Entra -Scopes 'Group.ReadWrite.All' -$group = Get-EntraBetaGroup -Filter "DisplayName eq 'HelpDesk Team Leaders'" -$params = @{ - GroupId = $group.ObjectId - Description = 'This is my new group' -} -Set-EntraBetaGroup @params +Get-EntraBetaGroup -Filter "displayName eq 'HelpDesk Team Leaders'" | Set-EntraBetaGroup -Description 'HelpDesk Team Leaders Global' ``` This example demonstrates how to update a group description. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraGroup.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraGroup.md index 1886cefa8..5abf7f2c1 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraGroup.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraGroup.md @@ -62,12 +62,7 @@ This command updates the display name of a specified group in Microsoft Entra ID ```powershell Connect-Entra -Scopes 'Group.ReadWrite.All' -$group = Get-EntraGroup -Filter "DisplayName eq 'HelpDesk Team Leaders'" -$params = @{ - GroupId = $group.ObjectId - Description = 'This is my new group' -} -Set-EntraGroup @params +Get-EntraGroup -Filter "displayName eq 'HelpDesk Team Leaders'" | Set-EntraGroup -Description 'HelpDesk Team Leaders Global' ``` This example demonstrates how to update a group description. From cddb06092a75ebcf423ba4930af9558b7dcff592 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Sun, 27 Oct 2024 05:42:44 +0000 Subject: [PATCH 3/9] Adding required scopes based on reviewer comments --- .../Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md | 1 + .../Microsoft.Graph.Entra/Get-EntraGroupMember.md | 1 + 2 files changed, 2 insertions(+) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md index a811bf39c..0dc7b5f8a 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md @@ -58,6 +58,7 @@ To list members of a hidden group, the `Member.Read.Hidden` permission is also r ### Example 1: Retrieve and Select Group Member Properties ```powershell +Connect-Entra -Scopes 'GroupMember.Read.All' $group = Get-EntraBetaGroup -Filter "DisplayName eq 'Sales and Marketing'" Get-EntraBetaGroup -GroupId $group.Id | Get-EntraBetaGroupMember | Select-Object Id, DisplayName, '@odata.type' ``` diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md index b9f55bfb0..8631bf438 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md @@ -58,6 +58,7 @@ To list members of a hidden group, the `Member.Read.Hidden` permission is also r ### Example 1: Retrieve and Select Group Member Properties ```powershell +Connect-Entra -Scopes 'GroupMember.Read.All' $group = Get-EntraGroup -Filter "DisplayName eq 'Sales and Marketing'" Get-EntraGroup -GroupId $group.Id | Get-EntraGroupMember | Select-Object Id, DisplayName, '@odata.type' ``` From cec5318def2dbc2fb0f094d82ac21efe30c3ddb4 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Mon, 28 Oct 2024 08:29:51 +0000 Subject: [PATCH 4/9] Adding contract object in the output section. --- .../Get-EntraBetaContract.md | 52 ++++++++----------- .../Get-EntraContract.md | 52 ++++++++----------- 2 files changed, 46 insertions(+), 58 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaContract.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaContract.md index 075f0c3cb..3abb61fe7 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaContract.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaContract.md @@ -50,35 +50,7 @@ Get-EntraBetaContract The `Get-EntraBetaContract` cmdlet gets a contract information associated to a partner tenant. -The contract object contains the following attributes: - -- `contractType` - type of the contract. - -Possible values are: - -1. SyndicationPartner - indicates a partner that exclusively resells and manages O365 and Intune for this customer. -They resell and support their customers. -1. BreadthPartner - indicates that the partner has the ability to provide administrative support for this customer. -However the partner isn't allowed to resell to the customer. -1. ResellerPartner - indicates a partner that is similar to a syndication partner, except that it doesn't have exclusive access to a tenant. In the syndication case, the customer can't buy additional direct subscriptions from Microsoft or from other partners. - -- `customerContextId` - unique identifier for the customer tenant referenced by this partnership. - -Corresponds to the ObjectId property of the customer tenant's TenantDetail object. - -- `defaultDomainName` - a copy of the customer tenant's default domain name. -The copy is made when the partnership with the customer is established. -It isn't automatically updated if the customer tenant's default domain name changes. - -- `deletionTimestamp` - this property isn't valid for contracts and always returns null. - -- `displayName` - a copy of the customer tenant's display name. -The copy is made when the partnership with the customer is established. -It isn't automatically updated if the customer tenant's display name changes. - -- `objectType` - a string that identifies the object type. The value is always `Contract`. - -- `ContractId` - the unique identifier for the partnership. +In delegated scenarios with work or school accounts, the `Directory Readers` role is the only least privileged role that supports this operation for the signed-in user ## Examples @@ -191,6 +163,28 @@ This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVar ## Outputs +The contract object contains the following attributes: + +- `contractType` - type of the contract. + +Possible values are: + +1. SyndicationPartner - indicates a partner that exclusively resells and manages O365 and Intune for this customer. +They resell and support their customers. +1. BreadthPartner - indicates that the partner has the ability to provide administrative support for this customer. +However the partner isn't allowed to resell to the customer. +1. ResellerPartner - indicates a partner that is similar to a syndication partner, except that it doesn't have exclusive access to a tenant. In the syndication case, the customer can't buy additional direct subscriptions from Microsoft or from other partners. + +- `customerContextId` - unique identifier for the customer tenant referenced by this partnership. + +Corresponds to the ObjectId property of the customer tenant's TenantDetail object. + +- `defaultDomainName` - a copy of the customer tenant's default domain name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's default domain name changes. +- `deletionTimestamp` - this property isn't valid for contracts and always returns null. +- `displayName` - a copy of the customer tenant's display name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's display name changes. +- `objectType` - a string that identifies the object type. The value is always `Contract`. +- `ContractId` - the unique identifier for the partnership. + ## Notes ## Related Links diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraContract.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraContract.md index c65dae7c2..1ee2d9bac 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraContract.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraContract.md @@ -49,35 +49,7 @@ Get-EntraContract The `Get-EntraContract` cmdlet gets a contract information associated to a partner tenant. -The contract object contains the following attributes: - -- `contractType` - type of the contract. - -Possible values are: - -1. SyndicationPartner - indicates a partner that exclusively resells and manages O365 and Intune for this customer. -They resell and support their customers. -1. BreadthPartner - indicates that the partner has the ability to provide administrative support for this customer. -However the partner isn't allowed to resell to the customer. -1. ResellerPartner - indicates a partner that is similar to a syndication partner, except that it doesn't have exclusive access to a tenant. In the syndication case, the customer can't buy additional direct subscriptions from Microsoft or from other partners. - -- `customerContextId` - unique identifier for the customer tenant referenced by this partnership. - -Corresponds to the ObjectId property of the customer tenant's TenantDetail object. - -- `defaultDomainName` - a copy of the customer tenant's default domain name. -The copy is made when the partnership with the customer is established. -It isn't automatically updated if the customer tenant's default domain name changes. - -- `deletionTimestamp` - this property isn't valid for contracts and always returns null. - -- `displayName` - a copy of the customer tenant's display name. -The copy is made when the partnership with the customer is established. -It isn't automatically updated if the customer tenant's display name changes. - -- `objectType` - a string that identifies the object type. The value is always `Contract`. - -- `ContractId` - the unique identifier for the partnership. +In delegated scenarios with work or school accounts, the `Directory Readers` role is the only least privileged role that supports this operation for the signed-in user ## Examples @@ -190,6 +162,28 @@ This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVar ## Outputs +The contract object contains the following attributes: + +- `contractType` - type of the contract. + +Possible values are: + +1. SyndicationPartner - indicates a partner that exclusively resells and manages O365 and Intune for this customer. +They resell and support their customers. +1. BreadthPartner - indicates that the partner has the ability to provide administrative support for this customer. +However the partner isn't allowed to resell to the customer. +1. ResellerPartner - indicates a partner that is similar to a syndication partner, except that it doesn't have exclusive access to a tenant. In the syndication case, the customer can't buy additional direct subscriptions from Microsoft or from other partners. + +- `customerContextId` - unique identifier for the customer tenant referenced by this partnership. + +Corresponds to the ObjectId property of the customer tenant's TenantDetail object. + +- `defaultDomainName` - a copy of the customer tenant's default domain name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's default domain name changes. +- `deletionTimestamp` - this property isn't valid for contracts and always returns null. +- `displayName` - a copy of the customer tenant's display name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's display name changes. +- `objectType` - a string that identifies the object type. The value is always `Contract`. +- `ContractId` - the unique identifier for the partnership. + ## Notes ## Related Links From ba1389370fb3f5270b5894f2b0ed49175613c651 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Mon, 28 Oct 2024 09:09:04 +0000 Subject: [PATCH 5/9] Adding required roles to Trust framework --- .../Get-EntraBetaTrustFrameworkPolicy.md | 2 ++ .../New-EntraBetaTrustFrameworkPolicy.md | 4 +--- .../Remove-EntraBetaTrustFrameworkPolicy.md | 2 +- .../Set-EntraBetaTrustFrameworkPolicy.md | 4 +--- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaTrustFrameworkPolicy.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaTrustFrameworkPolicy.md index a7ccc572a..5e485bf9b 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaTrustFrameworkPolicy.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaTrustFrameworkPolicy.md @@ -47,6 +47,8 @@ Get-EntraBetaTrustFrameworkPolicy The `Get-EntraBetaTrustFrameworkPolicy` cmdlet retrieves the trust framework policies that have been created in the directory. +In delegated scenarios with work or school accounts, the admin must have a supported Microsoft Entra role or a custom role with the required permissions. The `B2C IEF Policy Administrator` is the least privileged role that supports this operation. + ## Examples ### Example 1: Retrieves the list of all trust framework policies in the directory diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaTrustFrameworkPolicy.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaTrustFrameworkPolicy.md index 4847d156a..151a8a191 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaTrustFrameworkPolicy.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaTrustFrameworkPolicy.md @@ -47,9 +47,7 @@ New-EntraBetaTrustFrameworkPolicy The `New-EntraBetaTrustFrameworkPolicy` cmdlet is used to create a trust framework policy in the directory. -The contents of the trust framework policy to be created can be provided using a file or a command line variable. - -The contents of the created trust framework policy can be written to an output file or to the screen. +In delegated scenarios with work or school accounts, the admin must have a supported Microsoft Entra role or a custom role with the required permissions. The `B2C IEF Policy Administrator` is the least privileged role that supports this operation. ## Examples diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaTrustFrameworkPolicy.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaTrustFrameworkPolicy.md index 3ceb52820..0c0805d7f 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaTrustFrameworkPolicy.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaTrustFrameworkPolicy.md @@ -35,7 +35,7 @@ Remove-EntraBetaTrustFrameworkPolicy The `Remove-EntraBetaTrustFrameworkPolicy` cmdlet deletes a trust framework policy in the Microsoft Entra ID. The trust framework policy is permanently deleted. -The work or school account must have the `B2C IEF Keyset Administrator` role in Microsoft Entra. +In delegated scenarios with work or school accounts, the admin must have a supported Microsoft Entra role or a custom role with the required permissions. The `B2C IEF Policy Administrator` is the least privileged role that supports this operation. ## Examples diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaTrustFrameworkPolicy.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaTrustFrameworkPolicy.md index bfa558b6e..29b0953fb 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaTrustFrameworkPolicy.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaTrustFrameworkPolicy.md @@ -49,9 +49,7 @@ Set-EntraBetaTrustFrameworkPolicy The `Set-EntraBetaTrustFrameworkPolicy` cmdlet is used to update a trust framework policy in the directory. -The contents of the trust framework policy to be updated can be provided using a file or a command line variable. - -The contents of the updated trust framework policy can be written to an output file or to the screen. +In delegated scenarios with work or school accounts, the admin must have a supported Microsoft Entra role or a custom role with the required permissions. The `B2C IEF Policy Administrator` is the least privileged role that supports this operation. ## Examples From 9fcb08abba188fbb50fa53fcfce575a091379b08 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 31 Oct 2024 10:33:22 +0300 Subject: [PATCH 6/9] Update module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md Co-authored-by: Kennedy Kang'ethe --- .../Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md index 0dc7b5f8a..24d75ccb7 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaGroupMember.md @@ -60,7 +60,7 @@ To list members of a hidden group, the `Member.Read.Hidden` permission is also r ```powershell Connect-Entra -Scopes 'GroupMember.Read.All' $group = Get-EntraBetaGroup -Filter "DisplayName eq 'Sales and Marketing'" -Get-EntraBetaGroup -GroupId $group.Id | Get-EntraBetaGroupMember | Select-Object Id, DisplayName, '@odata.type' +Get-EntraBetaGroup -GroupId $group.Id | Get-EntraBetaGroupMember | Select-Object Id, DisplayName, '@odata.type' ``` ```Output From 1c6df6b98f68f6ebe4829e12ed2d18fb11cf3ca5 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 31 Oct 2024 10:33:30 +0300 Subject: [PATCH 7/9] Update module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md Co-authored-by: Kennedy Kang'ethe --- .../Microsoft.Graph.Entra/Get-EntraGroupMember.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md index 8631bf438..a73ab1a4f 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md @@ -60,7 +60,7 @@ To list members of a hidden group, the `Member.Read.Hidden` permission is also r ```powershell Connect-Entra -Scopes 'GroupMember.Read.All' $group = Get-EntraGroup -Filter "DisplayName eq 'Sales and Marketing'" -Get-EntraGroup -GroupId $group.Id | Get-EntraGroupMember | Select-Object Id, DisplayName, '@odata.type' +Get-EntraGroup -GroupId $group.Id | Get-EntraGroupMember | Select-Object Id, DisplayName, '@odata.type' ``` ```Output From 9c47960c11844e91bcc5ceb2609bec5097b92d70 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 31 Oct 2024 10:33:38 +0300 Subject: [PATCH 8/9] Update module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md Co-authored-by: Kennedy Kang'ethe --- .../Microsoft.Graph.Entra/Get-EntraGroupMember.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md index a73ab1a4f..ff3f1cfb0 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraGroupMember.md @@ -93,7 +93,7 @@ dddddddd-9999-0000-1111-eeeeeeeeeeee This example demonstrates how to retrieve top two groups from Microsoft Entra ID. -- `-GroupId` specifies the ID of a group. +- `-GroupId` specifies the ID of a group. ### Example 3: Get all members within a group by group ID From dc04822c8a370c856d444fabb7fcb56d174f3acc Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Thu, 31 Oct 2024 07:40:13 +0000 Subject: [PATCH 9/9] Fixing build errors --- .../Get-EntraBetaContract.md | 27 ++++++++++--------- .../Get-EntraContract.md | 27 ++++++++++--------- 2 files changed, 30 insertions(+), 24 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaContract.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaContract.md index 3abb61fe7..5b8fd137a 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaContract.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaContract.md @@ -163,28 +163,31 @@ This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVar ## Outputs +## Notes + The contract object contains the following attributes: -- `contractType` - type of the contract. +`contractType` - type of the contract. Possible values are: -1. SyndicationPartner - indicates a partner that exclusively resells and manages O365 and Intune for this customer. +**SyndicationPartner** - indicates a partner that exclusively resells and manages O365 and Intune for this customer. They resell and support their customers. -1. BreadthPartner - indicates that the partner has the ability to provide administrative support for this customer. -However the partner isn't allowed to resell to the customer. -1. ResellerPartner - indicates a partner that is similar to a syndication partner, except that it doesn't have exclusive access to a tenant. In the syndication case, the customer can't buy additional direct subscriptions from Microsoft or from other partners. +**BreadthPartner** - indicates that the partner has the ability to provide administrative support for this customer. However the partner isn't allowed to resell to the customer. +**ResellerPartner** - indicates a partner that is similar to a syndication partner, except that it doesn't have exclusive access to a tenant. In the syndication case, the customer can't buy additional direct subscriptions from Microsoft or from other partners. -- `customerContextId` - unique identifier for the customer tenant referenced by this partnership. +`customerContextId` - unique identifier for the customer tenant referenced by this partnership. Corresponds to the ObjectId property of the customer tenant's TenantDetail object. -- `defaultDomainName` - a copy of the customer tenant's default domain name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's default domain name changes. -- `deletionTimestamp` - this property isn't valid for contracts and always returns null. -- `displayName` - a copy of the customer tenant's display name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's display name changes. -- `objectType` - a string that identifies the object type. The value is always `Contract`. -- `ContractId` - the unique identifier for the partnership. +`defaultDomainName` - a copy of the customer tenant's default domain name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's default domain name changes. -## Notes +`deletionTimestamp` - this property isn't valid for contracts and always returns null. + +`displayName` - a copy of the customer tenant's display name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's display name changes. + +`objectType` - a string that identifies the object type. The value is always `Contract`. + +`ContractId` - the unique identifier for the partnership. ## Related Links diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraContract.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraContract.md index 1ee2d9bac..b2b482094 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraContract.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraContract.md @@ -162,28 +162,31 @@ This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVar ## Outputs +## Notes + The contract object contains the following attributes: -- `contractType` - type of the contract. +`contractType` - type of the contract. Possible values are: -1. SyndicationPartner - indicates a partner that exclusively resells and manages O365 and Intune for this customer. +**SyndicationPartner** - indicates a partner that exclusively resells and manages O365 and Intune for this customer. They resell and support their customers. -1. BreadthPartner - indicates that the partner has the ability to provide administrative support for this customer. -However the partner isn't allowed to resell to the customer. -1. ResellerPartner - indicates a partner that is similar to a syndication partner, except that it doesn't have exclusive access to a tenant. In the syndication case, the customer can't buy additional direct subscriptions from Microsoft or from other partners. +**BreadthPartner** - indicates that the partner has the ability to provide administrative support for this customer. However the partner isn't allowed to resell to the customer. +**ResellerPartner** - indicates a partner that is similar to a syndication partner, except that it doesn't have exclusive access to a tenant. In the syndication case, the customer can't buy additional direct subscriptions from Microsoft or from other partners. -- `customerContextId` - unique identifier for the customer tenant referenced by this partnership. +`customerContextId` - unique identifier for the customer tenant referenced by this partnership. Corresponds to the ObjectId property of the customer tenant's TenantDetail object. -- `defaultDomainName` - a copy of the customer tenant's default domain name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's default domain name changes. -- `deletionTimestamp` - this property isn't valid for contracts and always returns null. -- `displayName` - a copy of the customer tenant's display name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's display name changes. -- `objectType` - a string that identifies the object type. The value is always `Contract`. -- `ContractId` - the unique identifier for the partnership. +`defaultDomainName` - a copy of the customer tenant's default domain name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's default domain name changes. -## Notes +`deletionTimestamp` - this property isn't valid for contracts and always returns null. + +`displayName` - a copy of the customer tenant's display name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's display name changes. + +`objectType` - a string that identifies the object type. The value is always `Contract`. + +`ContractId` - the unique identifier for the partnership. ## Related Links