microsoftgraph · KenitoInc · Oct 31, 2024 · Oct 25, 2024 · Oct 25, 2024 · Oct 27, 2024
@@ -50,35 +50,7 @@ Get-EntraBetaContract
 
 The `Get-EntraBetaContract` cmdlet gets a contract information associated to a partner tenant.
 
-The contract object contains the following attributes:
-
-- `contractType` - type of the contract.
-
-Possible values are:  
-
-1. SyndicationPartner - indicates a partner that exclusively resells and manages O365 and Intune for this customer.
-They resell and support their customers.
-1. BreadthPartner - indicates that the partner has the ability to provide administrative support for this customer.
-However the partner isn't allowed to resell to the customer.
-1. ResellerPartner - indicates a partner that is similar to a syndication partner, except that it doesn't have exclusive access to a tenant. In the syndication case, the customer can't buy additional direct subscriptions from Microsoft or from other partners.
-
-- `customerContextId` - unique identifier for the customer tenant referenced by this partnership.
-
-Corresponds to the ObjectId property of the customer tenant's TenantDetail object.
-
-- `defaultDomainName` - a copy of the customer tenant's default domain name.
-The copy is made when the partnership with the customer is established.
-It isn't automatically updated if the customer tenant's default domain name changes.
-
-- `deletionTimestamp` - this property isn't valid for contracts and always returns null.
-
-- `displayName` - a copy of the customer tenant's display name.
-The copy is made when the partnership with the customer is established.
-It isn't automatically updated if the customer tenant's display name changes.
-
-- `objectType` - a string that identifies the object type. The value is always `Contract`.
-
-- `ContractId` - the unique identifier for the partnership.
+In delegated scenarios with work or school accounts, the `Directory Readers` role is the only least privileged role that supports this operation for the signed-in user
 
 ## Examples
 
@@ -193,4 +165,29 @@ This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVar
 
 ## Notes
 
+The contract object contains the following attributes:
+
+`contractType` - type of the contract.
+
+Possible values are:  
+
+**SyndicationPartner** - indicates a partner that exclusively resells and manages O365 and Intune for this customer.
+They resell and support their customers.
+**BreadthPartner** - indicates that the partner has the ability to provide administrative support for this customer. However the partner isn't allowed to resell to the customer.
+**ResellerPartner** - indicates a partner that is similar to a syndication partner, except that it doesn't have exclusive access to a tenant. In the syndication case, the customer can't buy additional direct subscriptions from Microsoft or from other partners.
+
+`customerContextId` - unique identifier for the customer tenant referenced by this partnership.
+
+Corresponds to the ObjectId property of the customer tenant's TenantDetail object.
+
+`defaultDomainName` - a copy of the customer tenant's default domain name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's default domain name changes.
+
+`deletionTimestamp` - this property isn't valid for contracts and always returns null.
+
+`displayName` - a copy of the customer tenant's display name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's display name changes.
+
+`objectType` - a string that identifies the object type. The value is always `Contract`.
+
+`ContractId` - the unique identifier for the partnership.
+
 ## Related Links
@@ -72,7 +72,7 @@ aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb My Application    #microsoft.graph.serviceP
 cccccccc-8888-9999-0000-dddddddddddd Contoso Group     #microsoft.graph.group
 ```
 
-This example retrieves the members of a specified group by its `GroupId`.
+This example retrieves the members of a specified group by its `GroupId` and selects only the `Id`, `DisplayName` and `@odata.type` properties for each member.
 
 - `-GroupId` specifies the ID of a group.
 
@@ -133,7 +133,7 @@ bbbbbbbb-7777-8888-9999-cccccccccccc
 
 This example demonstrates how to retrieve group member by ID.
 
-- `-GroupId` specifies the ID of a group.
+- `-GroupId` Specifies the ID of a group.
 
 ## Parameters
 

@@ -47,6 +47,8 @@ Get-EntraBetaTrustFrameworkPolicy
 
 The `Get-EntraBetaTrustFrameworkPolicy` cmdlet retrieves the trust framework policies that have been created in the directory.
 
+In delegated scenarios with work or school accounts, the admin must have a supported Microsoft Entra role or a custom role with the required permissions. The `B2C IEF Policy Administrator` is the least privileged role that supports this operation.
+
 ## Examples
 
 ### Example 1: Retrieves the list of all trust framework policies in the directory

@@ -146,7 +146,7 @@ In this example, we retrieve all users whose MailNickname starts with Ada.
 
 ```powershell
 Connect-Entra -Scopes 'User.Read.All','AuditLog.Read.All'
-Get-EntraBetaUser -UserId 'SawyerM@contoso.com' -Property 'SignInActivity' | Select-Object -ExpandProperty 'SignInActivity'
+Get-EntraBetaUser -UserId 'SawyerM@contoso.com' -Property 'SignInActivity' | Select-Object -Property Id, DisplayName, UserPrincipalName -ExpandProperty 'SignInActivity'
 ```
 
 ```Output
@@ -156,6 +156,9 @@ lastSuccessfulSignInDateTime      : 9/9/2024 1:12:13 PM
 lastNonInteractiveSignInDateTime  : 9/9/2024 1:12:13 PM
 lastSuccessfulSignInRequestId     : bbbbbbbb-1111-2222-3333-aaaaaaaaaaaa
 lastSignInDateTime                : 9/7/2024 9:15:41 AM
+id                                : aaaaaaaa-bbbb-cccc-1111-222222222222
+displayName                       : Sawyer Miller
+userPrincipalName                 : SawyerM@contoso.com
 ```
 
 This example demonstrates how to retrieve the SignInActivity of a specific user by selecting a property.

@@ -47,9 +47,7 @@ New-EntraBetaTrustFrameworkPolicy
 
 The `New-EntraBetaTrustFrameworkPolicy` cmdlet is used to create a trust framework policy in the directory.
 
-The contents of the trust framework policy to be created can be provided using a file or a command line variable.
-
-The contents of the created trust framework policy can be written to an output file or to the screen.
+In delegated scenarios with work or school accounts, the admin must have a supported Microsoft Entra role or a custom role with the required permissions. The `B2C IEF Policy Administrator` is the least privileged role that supports this operation.
 
 ## Examples
 

@@ -35,7 +35,7 @@ Remove-EntraBetaTrustFrameworkPolicy
 
 The `Remove-EntraBetaTrustFrameworkPolicy` cmdlet deletes a trust framework policy in the Microsoft Entra ID. The trust framework policy is permanently deleted.
 
-The work or school account must have the `B2C IEF Keyset Administrator` role in Microsoft Entra.
+In delegated scenarios with work or school accounts, the admin must have a supported Microsoft Entra role or a custom role with the required permissions. The `B2C IEF Policy Administrator` is the least privileged role that supports this operation.
 
 ## Examples
 

@@ -60,8 +60,7 @@ This command updates the display name of a specified group in Microsoft Entra ID
 
 ```powershell
 Connect-Entra -Scopes 'Group.ReadWrite.All'
-$group = Get-EntraBetaGroup -Filter "DisplayName eq 'HelpDesk Team Leaders'"
-Set-EntraBetaGroup -GroupId $group.Id -Description 'Updated Group Description'
+Get-EntraBetaGroup -Filter "displayName eq 'HelpDesk Team Leaders'" | Set-EntraBetaGroup -Description 'HelpDesk Team Leaders Global'
 ```
 
 This example demonstrates how to update a group description.  

@@ -49,9 +49,7 @@ Set-EntraBetaTrustFrameworkPolicy
 
 The `Set-EntraBetaTrustFrameworkPolicy` cmdlet is used to update a trust framework policy in the directory.
 
-The contents of the trust framework policy to be updated can be provided using a file or a command line variable.
-
-The contents of the updated trust framework policy can be written to an output file or to the screen.
+In delegated scenarios with work or school accounts, the admin must have a supported Microsoft Entra role or a custom role with the required permissions. The `B2C IEF Policy Administrator` is the least privileged role that supports this operation.
 
 ## Examples
 

@@ -49,35 +49,7 @@ Get-EntraContract
 
 The `Get-EntraContract` cmdlet gets a contract information associated to a partner tenant.
 
-The contract object contains the following attributes:
-
-- `contractType` - type of the contract.
-
-Possible values are:  
-
-1. SyndicationPartner - indicates a partner that exclusively resells and manages O365 and Intune for this customer.
-They resell and support their customers.
-1. BreadthPartner - indicates that the partner has the ability to provide administrative support for this customer.
-However the partner isn't allowed to resell to the customer.
-1. ResellerPartner - indicates a partner that is similar to a syndication partner, except that it doesn't have exclusive access to a tenant. In the syndication case, the customer can't buy additional direct subscriptions from Microsoft or from other partners.
-
-- `customerContextId` - unique identifier for the customer tenant referenced by this partnership.
-
-Corresponds to the ObjectId property of the customer tenant's TenantDetail object.
-
-- `defaultDomainName` - a copy of the customer tenant's default domain name.
-The copy is made when the partnership with the customer is established.
-It isn't automatically updated if the customer tenant's default domain name changes.
-
-- `deletionTimestamp` - this property isn't valid for contracts and always returns null.
-
-- `displayName` - a copy of the customer tenant's display name.
-The copy is made when the partnership with the customer is established.
-It isn't automatically updated if the customer tenant's display name changes.
-
-- `objectType` - a string that identifies the object type. The value is always `Contract`.
-
-- `ContractId` - the unique identifier for the partnership.
+In delegated scenarios with work or school accounts, the `Directory Readers` role is the only least privileged role that supports this operation for the signed-in user
 
 ## Examples
 
@@ -192,4 +164,29 @@ This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVar
 
 ## Notes
 
+The contract object contains the following attributes:
+
+`contractType` - type of the contract.
+
+Possible values are:  
+
+**SyndicationPartner** - indicates a partner that exclusively resells and manages O365 and Intune for this customer.
+They resell and support their customers.
+**BreadthPartner** - indicates that the partner has the ability to provide administrative support for this customer. However the partner isn't allowed to resell to the customer.
+**ResellerPartner** - indicates a partner that is similar to a syndication partner, except that it doesn't have exclusive access to a tenant. In the syndication case, the customer can't buy additional direct subscriptions from Microsoft or from other partners.
+
+`customerContextId` - unique identifier for the customer tenant referenced by this partnership.
+
+Corresponds to the ObjectId property of the customer tenant's TenantDetail object.
+
+`defaultDomainName` - a copy of the customer tenant's default domain name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's default domain name changes.
+
+`deletionTimestamp` - this property isn't valid for contracts and always returns null.
+
+`displayName` - a copy of the customer tenant's display name. The copy is made when the partnership with the customer is established. It isn't automatically updated if the customer tenant's display name changes.
+
+`objectType` - a string that identifies the object type. The value is always `Contract`.
+
+`ContractId` - the unique identifier for the partnership.
+
 ## Related Links
@@ -72,7 +72,7 @@ aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb My Application    #microsoft.graph.serviceP
 cccccccc-8888-9999-0000-dddddddddddd Contoso Group     #microsoft.graph.group
 ```
 
-This example retrieves the members of a specified group by its `GroupId` and selects only the `DisplayName` and `@odata.type` properties for each member.
+This example retrieves the members of a specified group by its `GroupId` and selects only the `Id`, `DisplayName` and `@odata.type` properties for each member.
 
 - `-GroupId` specifies the ID of a group.
 
@@ -87,8 +87,8 @@ Get-EntraGroupMember -GroupId $group.Id -Top 2
 ```Output
 Id                                   DeletedDateTime
 --                                   ---------------
-00aa00aa-bb11-cc22-dd33-44ee44ee44ee
-11bb11bb-cc22-dd33-ee44-55ff55ff55ff
+cccccccc-8888-9999-0000-dddddddddddd
+dddddddd-9999-0000-1111-eeeeeeeeeeee
 ```
 
 This example demonstrates how to retrieve top two groups from Microsoft Entra ID.  

@@ -145,7 +145,7 @@ In this example, we retrieve all users whose MailNickname starts with Ada.
 
 ```powershell
 Connect-Entra -Scopes 'User.Read.All','AuditLog.Read.All'
-Get-EntraUser -UserId 'SawyerM@contoso.com' -Property 'SignInActivity' | Select-Object -ExpandProperty 'SignInActivity'
+Get-EntraUser -UserId 'SawyerM@contoso.com' -Property 'SignInActivity' | Select-Object -Property Id, DisplayName, UserPrincipalName -ExpandProperty 'SignInActivity'
 ```
 
 ```Output
@@ -155,6 +155,9 @@ lastSuccessfulSignInDateTime      : 9/9/2024 1:12:13 PM
 lastNonInteractiveSignInDateTime  : 9/9/2024 1:12:13 PM
 lastSuccessfulSignInRequestId     : bbbbbbbb-1111-2222-3333-aaaaaaaaaaaa
 lastSignInDateTime                : 9/7/2024 9:15:41 AM
+id                                : aaaaaaaa-bbbb-cccc-1111-222222222222
+displayName                       : Sawyer Miller
+userPrincipalName                 : SawyerM@contoso.com
 ```
 
 This example demonstrates how to retrieve the SignInActivity of a specific user by selecting a property.

@@ -58,8 +58,7 @@ This command updates the display name of a specified group in Microsoft Entra ID
 
 ```powershell
 Connect-Entra -Scopes 'Group.ReadWrite.All'
-$group = Get-EntraGroup -Filter "DisplayName eq 'HelpDesk Team Leaders'"
-Set-EntraGroup -GroupId $group.Id -Description 'Updated Group Description'
+Get-EntraGroup -Filter "displayName eq 'HelpDesk Team Leaders'" | Set-EntraGroup -Description 'HelpDesk Team Leaders Global'
 ```
 
 This example demonstrates how to update a group description.