You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, AADRoleEligibilityScheduleRequest allows PIM Role assignments to be scoped to a Directory Object. DirectoryScopeId = "/<guid>"; The method used to define the role scope requires that the object in question is defined prior to assignment. This is not ideal as it requires the configuration to be applied twice (once for resource provisioning, and the second for role assignment), and this makes the configuration specific to a tenant.
Recommended modifying DirectoryScopeId to accept an object in addition to a string.
Description of the issue
Currently,
AADRoleEligibilityScheduleRequest
allows PIM Role assignments to be scoped to a Directory Object.DirectoryScopeId = "/<guid>";
The method used to define the role scope requires that the object in question is defined prior to assignment. This is not ideal as it requires the configuration to be applied twice (once for resource provisioning, and the second for role assignment), and this makes the configuration specific to a tenant.Recommended modifying
DirectoryScopeId
to accept an object in addition to a string.Microsoft 365 DSC Version
1.24.1113.1
Which workloads are affected
Azure Active Directory (Entra ID)
The DSC configuration
Verbose logs showing the problem
Environment Information + PowerShell Version
The text was updated successfully, but these errors were encountered: