AADGroupEligibilitySchedule

Parameters

Parameter Attribute DataType Description Allowed Values
AccessId Write String The identifier of the membership or ownership eligibility to the group that is governed by PIM. Required. The possible values are: owner, member. Supports $filter (eq). owner, member, unknownFutureValue
GroupId Write String The identifier of the group representing the scope of the membership or ownership eligibility through PIM for groups. Required. Supports $filter (eq).
GroupDisplayName Key String Displayname of the group representing the scope of the membership or ownership eligibility through PIM for groups.
MemberType Write String Indicates whether the assignment is derived from a group assignment. It can further imply whether the caller can manage the schedule. Required. The possible values are: direct, group, unknownFutureValue. Supports $filter (eq). direct, group, unknownFutureValue
PrincipalId Write String The identifier of the principal whose membership or ownership eligibility is granted through PIM for groups. Required. Supports $filter (eq).
PrincipalType Write String Principal type user or group user, group
PrincipalDisplayName Write String Displayname of the Principal
ScheduleInfo Write MSFT_MicrosoftGraphrequestSchedule Represents the period of the access assignment or eligibility. The scheduleInfo can represent a single occurrence or multiple recurring instances. Required.
Id Write String The unique identifier for an entity. Read-only.
Ensure Write String Present ensures the policy exists, absent ensures it is removed. Present, Absent
Credential Write PSCredential Credentials of the Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Id of the Azure Active Directory tenant used for authentication.
ApplicationSecret Write PSCredential Secret of the Azure Active Directory tenant used for authentication.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.
AccessTokens Write StringArray[] Access token used for authentication.

MSFT_MicrosoftGraphRequestSchedule

Parameters

Parameter Attribute DataType Description Allowed Values
Expiration Write MSFT_MicrosoftGraphExpirationPattern When the eligible or active assignment expires.
Recurrence Write MSFT_MicrosoftGraphPatternedRecurrence1 The frequency of the eligible or active assignment. This property is currently unsupported in PIM.
StartDateTime Write String When the eligible or active assignment becomes active.

MSFT_MicrosoftGraphExpirationPattern

Parameters

Parameter Attribute DataType Description Allowed Values
Duration Write String The requestor's desired duration of access represented in ISO 8601 format for durations. For example, PT3H refers to three hours. If specified in a request, endDateTime should not be present and the type property should be set to afterDuration.
EndDateTime Write String Timestamp of date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
Type Write String The requestor's desired expiration pattern type. The possible values are: notSpecified, noExpiration, afterDateTime, afterDuration. notSpecified, noExpiration, afterDateTime, afterDuration

MSFT_MicrosoftGraphPatternedRecurrence1

Parameters

Parameter Attribute DataType Description Allowed Values
Pattern Write MSFT_MicrosoftGraphRecurrencePattern1 The frequency of an event. For access reviews: Do not specify this property for a one-time access review. Only interval, dayOfMonth, and type (weekly, absoluteMonthly) properties of recurrencePattern are supported.
Range Write MSFT_MicrosoftGraphRecurrenceRange1 The duration of an event.

MSFT_MicrosoftGraphRecurrencePattern1

Parameters

Parameter Attribute DataType Description Allowed Values
DayOfMonth Write UInt32 The day of the month on which the event occurs. Required if type is absoluteMonthly or absoluteYearly.
DaysOfWeek Write StringArray[] A collection of the days of the week on which the event occurs. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. If type is relativeMonthly or relativeYearly, and daysOfWeek specifies more than one day, the event falls on the first day that satisfies the pattern. Required if type is weekly, relativeMonthly, or relativeYearly. sunday, monday, tuesday, wednesday, thursday, friday, saturday
FirstDayOfWeek Write String The first day of the week. The possible values are: sunday, monday, tuesday, wednesday, thursday, friday, saturday. Default is sunday. Required if type is weekly. sunday, monday, tuesday, wednesday, thursday, friday, saturday
Index Write String Specifies on which instance of the allowed days specified in daysOfWeek the event occurs, counted from the first instance in the month. The possible values are: first, second, third, fourth, last. Default is first. Optional and used if type is relativeMonthly or relativeYearly. first, second, third, fourth, last
Interval Write UInt32 The number of units between occurrences, where units can be in days, weeks, months, or years, depending on the type. Required.
Month Write UInt32 The month in which the event occurs. This is a number from 1 to 12.
Type Write String The recurrence pattern type: daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly. Required. For more information, see values of type property. daily, weekly, absoluteMonthly, relativeMonthly, absoluteYearly, relativeYearly

MSFT_MicrosoftGraphRecurrenceRange1

Parameters

Parameter Attribute DataType Description Allowed Values
EndDate Write String The date to stop applying the recurrence pattern. Depending on the recurrence pattern of the event, the last occurrence of the meeting may not be this date. Required if type is endDate.
NumberOfOccurrences Write UInt32 The number of times to repeat the event. Required and must be positive if type is numbered.
RecurrenceTimeZone Write String Time zone for the startDate and endDate properties. Optional. If not specified, the time zone of the event is used.
StartDate Write String The date to start applying the recurrence pattern. The first occurrence of the meeting may be this date or later, depending on the recurrence pattern of the event. Must be the same value as the start property of the recurring event. Required.
Type Write String The recurrence range. The possible values are: endDate, noEnd, numbered. Required. endDate, noEnd, numbered

Description

Azure AD Group Eligibility Schedule

Permissions

Microsoft Graph

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions

  • Read

    • PrivilegedEligibilitySchedule.Read.AzureADGroup
  • Update

    • None

Application permissions

  • Read

    • PrivilegedEligibilitySchedule.Read.AzureADGroup
  • Update

    • None

Examples

Example 1

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credscredential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        AADGroupEligibilitySchedule 'Example'
        {
            AccessId              = "member";
            Ensure                = "Present";
            GroupDisplayName      = "MyPIMGroup";
            MemberType            = "direct";
            PrincipalDisplayname  = "MyPrincipalGroup";
            PrincipalType         = "group";
            ScheduleInfo          = MSFT_MicrosoftGraphrequestSchedule{
                StartDateTime = '2024-12-23T08:59:28.1200000+00:00'
                Expiration = MSFT_MicrosoftGraphExpirationPattern{
                    EndDateTime = '12/23/2025 8:59:00 AM +00:00'
                    Type = 'afterDateTime'
                }
            };
        }
    }
}

Example 2

This example is used to test new resources and showcase the usage of new resources being worked on. It is not meant to use as a production baseline.

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credscredential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        AADGroupEligibilitySchedule 'Example'
        {
            AccessId              = "member";
            Ensure                = "Present";
            GroupDisplayName      = "MyPIMGroup";
            MemberType            = "direct";
            PrincipalDisplayname  = "MyPrincipalGroup";
            PrincipalType         = "group";
            ScheduleInfo          = MSFT_MicrosoftGraphrequestSchedule{
                Expiration = MSFT_MicrosoftGraphExpirationPattern{
                    Type = 'noExpiration'
                }
            };
        }
    }
}