From bcee61cd0e263de10832a519c8e832f6d063bb3e Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Sun, 17 Nov 2024 17:00:29 +0000 Subject: [PATCH 1/2] Cleaning up non-implemented command --- .../Get-CrossCloudVerificationCode.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) rename module/docs/{entra-powershell-v1.0 => future}/Microsoft.Graph.Entra/Get-CrossCloudVerificationCode.md (75%) diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-CrossCloudVerificationCode.md b/module/docs/future/Microsoft.Graph.Entra/Get-CrossCloudVerificationCode.md similarity index 75% rename from module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-CrossCloudVerificationCode.md rename to module/docs/future/Microsoft.Graph.Entra/Get-CrossCloudVerificationCode.md index 9271fdef4..dcae13b5b 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-CrossCloudVerificationCode.md +++ b/module/docs/future/Microsoft.Graph.Entra/Get-CrossCloudVerificationCode.md @@ -20,6 +20,7 @@ schema: 2.0.0 # Get-CrossCloudVerificationCode ## Synopsis + Gets the verification code used to validate the ownership of the domain in another connected cloud. Important: Only applies to a verified domain. @@ -36,8 +37,9 @@ Get-CrossCloudVerificationCode ## Examples ### Example 1: Get the cross cloud verification code + ```powershell -PS C:\>Get-CrossCloudVerificationCode -Name Contoso.com +Get-CrossCloudVerificationCode -Name Contoso.com ``` This command returns a string that can be used to enable cross cloud federation scenarios. @@ -45,10 +47,11 @@ This command returns a string that can be used to enable cross cloud federation ## Parameters ### -Name + Specifies the name of a domain. ```yaml -Type: String +Type: System.String Parameter Sets: (All) Aliases: @@ -60,13 +63,15 @@ Accept wildcard characters: False ``` ### CommonParameters -This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). + +This cmdlet supports the common parameters: `-Debug`, `-ErrorAction`, `-ErrorVariable`, `-InformationAction`, `-InformationVariable`, `-OutVariable`, `-OutBuffer`, `-PipelineVariable`, `-Verbose`, `-WarningAction`, and `-WarningVariable`. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## Inputs ## Outputs ### Microsoft.Online.Administration.GetCrossCloudVerificationCodeResponse + ## Notes -## RELATED LINKS \ No newline at end of file +## RELATED LINKS From a930e674530b2d73962a254cb87f8e260f8e2232 Mon Sep 17 00:00:00 2001 From: Steve Mutungi <132555836+SteveMutungi254@users.noreply.github.com> Date: Sun, 17 Nov 2024 17:59:06 +0000 Subject: [PATCH 2/2] Example enhancements --- .../Get-EntraBetaDomainNameReference.md | 21 ++++++++++--------- ...traBetaDomainServiceConfigurationRecord.md | 5 +++++ ...et-EntraBetaDomainVerificationDnsRecord.md | 5 ++++- .../Get-EntraBetaPasswordPolicy.md | 2 +- .../New-EntraBetaDomain.md | 4 +++- .../Remove-EntraBetaDomain.md | 4 +++- .../Set-EntraBetaDomainFederationSettings.md | 11 ++++------ .../Get-EntraDomainNameReference.md | 21 ++++++++++--------- ...t-EntraDomainServiceConfigurationRecord.md | 5 +++++ .../Get-EntraDomainVerificationDnsRecord.md | 5 ++++- .../Get-EntraPasswordPolicy.md | 2 +- .../Microsoft.Graph.Entra/New-EntraDomain.md | 4 +++- .../Remove-EntraDomain.md | 4 +++- .../Set-EntraDomainFederationSettings.md | 11 ++++------ 14 files changed, 62 insertions(+), 42 deletions(-) diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDomainNameReference.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDomainNameReference.md index 42f218244..93deb8d4e 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDomainNameReference.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDomainNameReference.md @@ -35,7 +35,10 @@ Get-EntraBetaDomainNameReference The `Get-EntraBetaDomainNameReference` cmdlet retrieves the objects that are referenced with a given domain name. Specify `Name` parameter retrieve the objects. -The work or school account needs to belong to at least the Domain Name Administrator or Global Reader Microsoft Entra role. +In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are: + +- Domain Name Administrator +- Global Reader ## Examples @@ -43,18 +46,16 @@ The work or school account needs to belong to at least the Domain Name Administr ```powershell Connect-Entra -Scopes 'Domain.Read.All' -Get-EntraBetaDomainNameReference -Name contoso.com +Get-EntraBetaDomainNameReference -Name contoso.com | Select Id, DisplayName, '@odata.type' ``` ```Output -Id DeletedDateTime --- --------------- -aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -bbbbbbbb-1111-2222-3333-cccccccccccc -cccccccc-2222-3333-4444-dddddddddddd -dddddddd-3333-4444-5555-eeeeeeeeeeee -ffffffff-4444-5555-6666-gggggggggggg -hhhhhhhh-5555-6666-7777-iiiiiiiiiiii +ID Display Name @odata.type +-- ------------- ------------------------ +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Sawyer MIller #microsoft.graph.user +bbbbbbbb-1111-2222-3333-cccccccccccc Adele Vance #microsoft.graph.user +ffffffff-4444-5555-6666-gggggggggggg Contoso marketing #microsoft.graph.group +hhhhhhhh-5555-6666-7777-iiiiiiiiiiii Contoso App #microsoft.graph.application ``` This example shows how to retrieve the domain name reference objects for a domain that is specified through the -Name parameter. diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDomainServiceConfigurationRecord.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDomainServiceConfigurationRecord.md index e72564c81..807568d21 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDomainServiceConfigurationRecord.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDomainServiceConfigurationRecord.md @@ -38,6 +38,11 @@ Gets the domain's service configuration records from the `serviceConfigurationRe After you have successfully verified the ownership of a domain and you have indicated what services you plan to use with the domain, you can request Microsoft Entra ID to return you a set of DNS records which you need to add to the zone file of the domain so that the services can work properly with your domain. +In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are: + +- Domain Name Administrator +- Global Reader + ## Examples ### Example 1: Retrieve domain service configuration records by Name diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDomainVerificationDnsRecord.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDomainVerificationDnsRecord.md index 2b6f7e6a8..741065756 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDomainVerificationDnsRecord.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaDomainVerificationDnsRecord.md @@ -42,7 +42,10 @@ To verify the ownership of the domain, you need to first retrieve a set of domai Root domains require verification. For example, contoso.com requires verification. If a root domain is verified, subdomains of the root domain are automatically verified. For example, subdomain.contoso.com is automatically be verified if contoso.com has been verified. -The work or school account needs to belong to at least the Domain Name Administrator or Global Reader Microsoft Entra role. +In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are: + +- Domain Name Administrator +- Global Reader ## Examples diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPasswordPolicy.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPasswordPolicy.md index 7a7e1206d..b8954f861 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPasswordPolicy.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Get-EntraBetaPasswordPolicy.md @@ -47,7 +47,7 @@ window or Password Expiry Notification window for a tenant or specified domain. When a domain name is specified, it must be a verified domain for the company. -The work or school account needs to belong to one of the following Microsoft Entra roles: +In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are: - Domain Name Administrator diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaDomain.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaDomain.md index 37c21d562..a4e83d78b 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaDomain.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/New-EntraBetaDomain.md @@ -37,7 +37,9 @@ New-EntraBetaDomain The `New-EntraBetaDomain` cmdlet creates a domain in Microsoft Entra ID. -The work or school account needs to belong to at least the Domain Name Administrator role. +In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are: + +- Domain Name Administrator ## Examples diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDomain.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDomain.md index 8dcd7c00a..8a390bda1 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDomain.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Remove-EntraBetaDomain.md @@ -40,7 +40,9 @@ Important: - Deleted domains are not recoverable. - Attempts to delete will fail if there are any resources or objects still dependent on the domain. -The work or school account needs to belong to at least the `Domain Name Administrator` Microsoft Entra role. +In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are: + +- Domain Name Administrator ## Examples diff --git a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaDomainFederationSettings.md b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaDomainFederationSettings.md index 4a724198a..e9fd04483 100644 --- a/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaDomainFederationSettings.md +++ b/module/docs/entra-powershell-beta/Microsoft.Graph.Entra.Beta/Set-EntraBetaDomainFederationSettings.md @@ -58,13 +58,10 @@ For delegated scenarios, the calling user must be assigned at least one of the f ```powershell Connect-Entra -Scopes 'Domain.ReadWrite.All' - -$params = @{ - DomainName = 'contoso.com' - PreferredAuthenticationProtocol = 'WsFed' - PromptLoginBehavior = 'TranslateToFreshPasswordAuth' # Or 'NativeSupport' or 'Disabled', depending on the requirement -} -Set-EntraBetaDomainFederationSettings @params +$domain = 'contoso.com' +$authProtocol = 'WsFed' +$promptLoginBehavior = 'TranslateToFreshPasswordAuth' # Or 'NativeSupport' or 'Disabled', depending on the requirement +Set-EntraBetaDomainFederationSettings -DomainName $domain -PreferredAuthenticationProtocol $authProtocol -PromptLoginBehavior $promptLoginBehavior ``` This command updates the `PromptLoginBehavior` to either `TranslateToFreshPasswordAuth`, `NativeSupport`, or `Disabled`. These possible values are described: diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDomainNameReference.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDomainNameReference.md index d6e7a88bf..99c6f4bea 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDomainNameReference.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDomainNameReference.md @@ -36,7 +36,10 @@ Get-EntraDomainNameReference The `Get-EntraDomainNameReference` cmdlet retrieves the objects that are referenced with a given domain name. Specify `Name` parameter retrieve the objects. -The work or school account needs to belong to at least the Domain Name Administrator or Global Reader Microsoft Entra role. +In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are: + +- Domain Name Administrator +- Global Reader ## Examples @@ -44,18 +47,16 @@ The work or school account needs to belong to at least the Domain Name Administr ```powershell Connect-Entra -Scopes 'Domain.Read.All' -Get-EntraDomainNameReference -Name contoso.com +Get-EntraDomainNameReference -Name contoso.com | Select Id, DisplayName, '@odata.type' ``` ```Output -Id DeletedDateTime --- --------------- -aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb -bbbbbbbb-1111-2222-3333-cccccccccccc -cccccccc-2222-3333-4444-dddddddddddd -dddddddd-3333-4444-5555-eeeeeeeeeeee -ffffffff-4444-5555-6666-gggggggggggg -hhhhhhhh-5555-6666-7777-iiiiiiiiiiii +ID Display Name @odata.type +-- ------------- ------------------------ +aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb Sawyer MIller #microsoft.graph.user +bbbbbbbb-1111-2222-3333-cccccccccccc Adele Vance #microsoft.graph.user +ffffffff-4444-5555-6666-gggggggggggg Contoso marketing #microsoft.graph.group +hhhhhhhh-5555-6666-7777-iiiiiiiiiiii Contoso App #microsoft.graph.application ``` This example shows how to retrieve the domain name reference objects for a domain that is specified through the -Name parameter. diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDomainServiceConfigurationRecord.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDomainServiceConfigurationRecord.md index df14887de..17e47d73a 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDomainServiceConfigurationRecord.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDomainServiceConfigurationRecord.md @@ -37,6 +37,11 @@ Gets the domain's service configuration records from the `serviceConfigurationRe After you have successfully verified the ownership of a domain and you have indicated what services you plan to use with the domain, you can request Microsoft Entra ID to return you a set of DNS records which you need to add to the zone file of the domain so that the services can work properly with your domain. +In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are: + +- Domain Name Administrator +- Global Reader + ## Examples ### Example 1: Retrieve domain service configuration records by Name diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDomainVerificationDnsRecord.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDomainVerificationDnsRecord.md index cd3821fc6..b5497d617 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDomainVerificationDnsRecord.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraDomainVerificationDnsRecord.md @@ -41,7 +41,10 @@ To verify the ownership of the domain, you need to first retrieve a set of domai Root domains require verification. For example, contoso.com requires verification. If a root domain is verified, subdomains of the root domain are automatically verified. For example, subdomain.contoso.com is automatically be verified if contoso.com has been verified. -The work or school account needs to belong to at least the Domain Name Administrator or Global Reader Microsoft Entra role. +In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are: + +- Domain Name Administrator +- Global Reader ## Examples diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraPasswordPolicy.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraPasswordPolicy.md index ea27374f1..756180117 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraPasswordPolicy.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Get-EntraPasswordPolicy.md @@ -47,7 +47,7 @@ window or Password Expiry Notification window for a tenant or specified domain. When a domain name is specified, it must be a verified domain for the company. -The work or school account needs to belong to one of the following Microsoft Entra roles: +In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are: - Domain Name Administrator diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraDomain.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraDomain.md index bba50a37c..fc0ce4a65 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraDomain.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/New-EntraDomain.md @@ -36,7 +36,9 @@ New-EntraDomain The `New-EntraDomain` cmdlet creates a domain in Microsoft Entra ID. -The work or school account needs to belong to at least the Domain Name Administrator role. +In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are: + +- Domain Name Administrator ## Examples diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDomain.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDomain.md index cfd13d092..934333e15 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDomain.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Remove-EntraDomain.md @@ -39,7 +39,9 @@ Important: - Deleted domains are not recoverable. - Attempts to delete will fail if there are any resources or objects still dependent on the domain. -The work or school account needs to belong to at least the `Domain Name Administrator` Microsoft Entra role. +In delegated scenarios, the signed-in user must have either a supported Microsoft Entra role or a custom role with the necessary permissions. The minimum roles required for this operation are: + +- Domain Name Administrator ## Examples diff --git a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraDomainFederationSettings.md b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraDomainFederationSettings.md index 21dbb0f66..8c9a3c769 100644 --- a/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraDomainFederationSettings.md +++ b/module/docs/entra-powershell-v1.0/Microsoft.Graph.Entra/Set-EntraDomainFederationSettings.md @@ -58,13 +58,10 @@ For delegated scenarios, the calling user must be assigned at least one of the f ```powershell Connect-Entra -Scopes 'Domain.ReadWrite.All' - -$params = @{ - DomainName = 'contoso.com' - PreferredAuthenticationProtocol = 'WsFed' - PromptLoginBehavior = 'TranslateToFreshPasswordAuth' # Or 'NativeSupport' or 'Disabled', depending on the requirement -} -Set-EntraDomainFederationSettings @params +$domain = 'contoso.com' +$authProtocol = 'WsFed' +$promptLoginBehavior = 'TranslateToFreshPasswordAuth' # Or 'NativeSupport' or 'Disabled', depending on the requirement +Set-EntraDomainFederationSettings -DomainName $domain -PreferredAuthenticationProtocol $authProtocol -PromptLoginBehavior $promptLoginBehavior ``` This command updates the `PromptLoginBehavior` to either `TranslateToFreshPasswordAuth`, `NativeSupport`, or `Disabled`. These possible values are described: