你好!
我想使用update - mgprivilegedaccessresourcerolessettingcmdlet,来自微软。图PowerShell模块,在我的Azure门户.
我想更新我的PIM角色的一些设置(例如MfaRule或ExpirationRule)
但是我得到了这个错误:
{"message":"No HTTP resource was found that matches the request URI 'https://api.azrbac.mspim.azure.com/api/v2/governanceResources('********-****-****-****-************')/roleSettings('********-****-****-****-************')?'."}
这个URL是什么?
在调试日志(我不能复制/粘贴。jpg在这里),我有:
DEBUG: [CmdletBeginProcessing]: - Update-MgPrivilegedAccessResourceRoleSetting begin processing with parameterSet 'UpdateExpanded'.
DEBUG: [Authentication]: - AuthType: 'Delegated', AuthProviderType: 'InteractiveAuthenticationProvider', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph PowerShell'.
DEBUG: [Authentication]: - Scopes: [Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Directory.Read.All, Domain.Read.All, Group.Read.All, openid, Policy.Read.All, Policy.Read.ConditionalAccess, Policy.ReadWrite.ConditionalAccess, PrivilegedAccess.Read.AzureAD, PrivilegedAccess.Read.AzureADGroup, PrivilegedAccess.Read.AzureResources, PrivilegedAccess.ReadWrite.AzureResources, profile, RoleAssignmentSchedule.Read.Directory, RoleEligibilitySchedule.Read.Directory, RoleEligibilitySchedule.ReadWrite.Directory, RoleManagement.Read.All, RoleManagement.Read.Directory, RoleManagement.ReadWrite.Directory, User.Read, User.ReadWrite.All, email].
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
PATCH
Absolute Uri:
https://graph.microsoft.com/beta/privilegedAccess/azureResources/resources/********-****-****-****-************/roleSettings/********-****-****-****-************
Headers:
FeatureFlag : 00000047
Cache-Control : no-store, no-cache
SdkVersion : graph-powershell/1.18.0,Graph-dotnet-1.25.1
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.22621; fr-CA),PowerShell/7.3.1
Accept-Encoding : gzip
Body:
{}
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
NotFound
Headers:
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 5fb90750-367b-4976-8913-659c5b5863ba
client-request-id : 5fb90750-367b-4976-8913-659c5b5863ba
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Canada East","Slice":"E","Ring":"2","ScaleUnit":"002","RoleInstance":"QB1PEPF00001038"}}
Date : Fri, 16 Dec 2022 21:00:48 GMT
Body:
{
"error": {
"code": "UnknownError",
"message": "{"message":"No HTTP resource was found that matches the request URI 'https://api.azrbac.mspim.azure.com/api/v2/governanceResources('********-****-****-****-************')/roleSettings('********-****-****-****-************')?'."}",
"innerError": {
"date": "2022-12-16T21:00:48",
"request-id": "5fb90750-367b-4976-8913-659c5b5863ba",
"client-request-id": "5fb90750-367b-4976-8913-659c5b5863ba"
}
}
}
Update-MgPrivilegedAccessResourceRoleSetting_UpdateExpanded:
Line |
20 | … Update-MgPrivilegedAccessResourceRoleSetting -PrivilegedA …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| {"message":"No HTTP resource was found that matches the request URI 'https://api.azrbac.mspim.azure.com/api/v2/governanceResources('********-****-****-****-************')/roleSettings('********-****-****-****-************')?'."}
DEBUG: [CmdletEndProcessing]: - Update-MgPrivilegedAccessResourceRoleSetting end processing.
第一个Id总是正确的资源Id,第二个Id总是角色设置Id
我的确切命令是:
Update-MgPrivilegedAccessResourceRoleSetting -PrivilegedAccessId azureResources -GovernanceResourceId $RoleSetting.ResourceId -GovernanceRoleSettingId $RoleSetting.Id
我确定有正确的id为ResourceId和RoleSettingsId。
也许我忘记什么了
这适用于AzureAD模块,但我不想再使用它了:
Set-AzureADMSPrivilegedRoleSetting -ProviderId AzureResources -Id $RoleSetting.Id -ResourceId $RoleSetting.ResourceId -RoleDefinitionId $RoleSetting.RoleDefinitionId -UserMemberSettings $setting
有人来帮我吗?
Microsoft文档页不太完整!
Thanks, a lot
安装管理模块以运行Graph Powershell Cmd.
模块名称:
Import-Module Microsoft.Graph.Identity.Goverance
点击此处查看微软文档:https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.governance/update-mgprivilegedaccessrolesetting?view=graph-powershell-beta
供你参考,我有我的回应(在这里)。
我必须使用这个cmd命令:Update-MgPrivilegedAccessRoleSetting
这个是无效的:Update-MgPrivilegedAccessResourceRoleSetting
所以,只需使用:
$setting = @{
UserMemberSettings = @(
@{
RuleIdentifier = "MfaRule"
Setting = '{"mfaRequired":true}'
}
)
}
Update-MgPrivilegedAccessRoleSetting -PrivilegedAccessId "azureResources" -GovernanceRoleSettingId $RoleSetting.Id -BodyParameter $setting