@pnp/cli-microsoft365 10.3.0-beta.d1b978f → 10.3.0-beta.df85113

package/dist/utils/validation.js

@@ -357,6 +357,10 @@ export const validation = {
             .split(' ')
             .filter(permission => permission.indexOf('/') < 0);
         return invalidPermissions.length > 0 ? invalidPermissions : true;
+    },
+    isValidPowerPagesUrl(url) {
+        const powerPagesUrlPattern = /^https:\/\/[a-zA-Z0-9-]+\.powerappsportals\.com$/;
+        return powerPagesUrlPattern.test(url);
     }
 };
 //# sourceMappingURL=validation.js.map

package/docs/docs/cmd/entra/app/app-add.mdx

@@ -31,7 +31,7 @@ m365 entra appregistration add [options]
 : Comma-separated list of redirect URIs. Requires `platform` to be specified.
 
 `-p, --platform [platform]`
-: Platform for which the `redirectUris` should be configured. Allowed values `spa`, `web`, `publicClient`.
+: Platform for which the `redirectUris` should be configured. Allowed values `spa`, `web`, `publicClient`. Requires `redirectUris` to be specified.
 
 `--implicitFlow`
 : Specify, to indicate that the authorization endpoint should return ID and access tokens.

package/docs/docs/cmd/entra/pim/pim-role-assignment-remove.mdx

@@ -0,0 +1,197 @@
+import Global from '/docs/cmd/_global.mdx';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# entra pim role assignment remove
+
+Request deactivation of an Entra role assignment for a user or group.
+
+## Usage
+
+```sh
+m365 entra pim role assignment remove [options]
+```
+
+## Options
+
+```md definition-list
+`-n, --roleDefinitionName [roleDefinitionName]`	
+: Name of the role definition that should be assigned. Specify either `roleDefinitionName` or `roleDefinitionId` but not both.
+
+`-i, --roleDefinitionId [roleDefinitionId]`	
+: Id of the role definition that is being assigned. Specify either `roleDefinitionName` or `roleDefinitionId` but not both.
+
+`--userId [userId]`	
+: Id of the user that will be granted the assignment. Specify either `userId`, `userName`, `groupId` or `groupName`. If not specified, the current user will be used.
+
+`--userName [userName]`	
+: UPN of the user that will be granted the assignment. Specify either `userId`, `userName`, `groupId` or `groupName`. If not specified, the current user will be used.
+
+`--groupId [groupId]`
+: Id of the group that will be granted the assignment. Specify either `userId`, `userName`, `groupId` or `groupName`. If not specified, the current user will be used.
+
+`--groupName [groupName]`
+: Display name of the group that will be granted the assignment. Specify either `userId`, `userName`, `groupId` or `groupName`. If not specified, the current user will be used.
+
+`--administrativeUnitId [administrativeUnitId]`
+: Id of the administrative unit representing the scope of the assignment. Specify either `administrativeUnitId` or `applicationId`. If not specified, default scope will be tenant-wide.
+
+`--applicationId [applicationId]`
+: Object Id of the application representing the scope of the assignment. Specify either `administrativeUnitId` or `applicationId`. If not specified, default scope will be tenant-wide.
+
+`-j, --justification [justification]`
+: An optional justification message.
+
+`--ticketNumber [ticketNumber]`
+: Optional ticket number value to communicate with the request.
+
+`--ticketSystem [ticketSystem]`
+: Optional ticket system to communicate with the request.
+```
+
+<Global />
+
+## Remarks
+
+:::info
+
+When deactivating a role for other users, you must be **Privileged Role Administrator**.
+
+:::
+
+## Examples
+
+Request deactivation of the SharePoint Administrator Entra role assignment for the current user.
+
+```sh
+m365 entra pim role assignment remove --roleDefinitionName 'SharePoint Administrator'
+```
+
+Request deactivation of an Entra role assignment for the current user.
+
+```sh
+m365 entra pim role assignment remove --roleDefinitionId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690'
+```
+
+Request deactivation of an Entra role assignment for the current user with a justification
+
+```sh
+m365 entra pim role assignment remove --roleDefinitionId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --justification 'Need Global Admin to release application xyz to production'
+```
+
+Request deactivation of an Entra role assignment for a specified user with tenant scope.
+
+```sh
+m365 entra pim role assignment remove --roleDefinitionId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --userId '3488d6b8-6b2e-41c3-9583-1991205323c2'
+```
+
+Request deactivation of the User Administrator Entra role assignment for a specified group with administrative unit scope.
+
+```sh
+m365 entra pim role assignment remove --roleDefinitionName 'User Administrator' --groupId '3488d6b8-6b2e-41c3-9583-1991205323c2' --administrativeUnitId '03c4c9dc-6f0c-4c4f-a4e6-0c9ed80f54c7'
+```
+
+Request deactivation of the Application Administrator Entra role assignment for a specified group with scope to a specific application.
+
+```sh
+m365 entra pim role assignment remove --roleDefinitionName 'Application Administrator' --groupName 'Applications admins' --applicationId '03c4c9dc-6f0c-4c4f-a4e6-0c9ed80f54c7'
+```
+
+## Response
+
+<Tabs>
+  <TabItem value="JSON">
+
+  ```json
+  {
+    "id": "3f7d1bd6-a9a5-45bc-b831-00cfa3e3c649",
+    "status": "Revoked",
+    "createdDateTime": "2024-07-30T12:08:29.7734603Z",
+    "completedDateTime": null,
+    "approvalId": null,
+    "customData": null,
+    "action": "adminRemove",
+    "principalId": "61b0c52f-a902-4769-9a09-c6628335b00a",
+    "roleDefinitionId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c",
+    "directoryScopeId": "/",
+    "appScopeId": null,
+    "isValidationOnly": false,
+    "targetScheduleId": null,
+    "justification": "Removing SharePoint Administrator role",
+    "createdBy": {
+      "application": null,
+      "device": null,
+      "user": {
+        "displayName": null,
+        "id": "893f9116-e024-4bc6-8e98-54c245129485"
+      }
+    },
+    "scheduleInfo": null,
+    "ticketInfo": {
+      "ticketNumber": null,
+      "ticketSystem": null
+    }
+  }
+  ```
+
+  </TabItem>
+  <TabItem value="Text">
+
+  ```text
+  action           : adminRemove
+  appScopeId       : null
+  approvalId       : null
+  completedDateTime: null
+  createdBy        : null
+  createdDateTime  : 2024-07-30T12:08:29.7734603Z
+  customData       : null
+  directoryScopeId : /
+  id               : c221e106-0711-470a-83cf-f8d7cbc51ecd
+  isValidationOnly : false
+  justification    : Removing SharePoint Administrator role
+  principalId      : 61b0c52f-a902-4769-9a09-c6628335b00a
+  roleDefinitionId : f28a1f50-f6e7-4571-818b-6a12f2af6b6c
+  scheduleInfo     : null
+  status           : Revoked
+  targetScheduleId : c221e106-0711-470a-83cf-f8d7cbc51ecd
+  ticketInfo       : {"ticketNumber":null,"ticketSystem":null}
+  ```
+
+  </TabItem>
+  <TabItem value="CSV">
+
+  ```csv
+  id,status,createdDateTime,completedDateTime,approvalId,customData,action,principalId,roleDefinitionId,directoryScopeId,appScopeId,isValidationOnly,targetScheduleId,justification
+  7d727f44-c2dd-459e-8665-99ce003d12a9,Revoked,2024-07-30T12:08:29.7734603Z,,,,adminRemove,61b0c52f-a902-4769-9a09-c6628335b00a,f28a1f50-f6e7-4571-818b-6a12f2af6b6c,/,,,7d727f44-c2dd-459e-8665-99ce003d12a9,Removing SharePoint Administrator role
+  ```
+
+  </TabItem>
+  <TabItem value="Markdown">
+
+  ```md
+  # entra pim roleassignment remove --roleDefinitionId "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" --userId "61b0c52f-a902-4769-9a09-c6628335b00a" --justification "Removing SharePoint Administrator role"
+
+  Date: 7/30/2024
+
+  ## 7622802f-648b-4dd9-820f-dccaf8bbbab5
+
+  Property | Value
+  ---------|-------
+  id | 7622802f-648b-4dd9-820f-dccaf8bbbab5
+  status | Revoked
+  createdDateTime | 2024-07-30T12:08:29.7734603Z
+  action | adminRemove
+  principalId | 61b0c52f-a902-4769-9a09-c6628335b00a
+  roleDefinitionId | f28a1f50-f6e7-4571-818b-6a12f2af6b6c
+  directoryScopeId | /
+  isValidationOnly | false
+  targetScheduleId | 7622802f-648b-4dd9-820f-dccaf8bbbab5
+  justification | Removing SharePoint Administrator role
+  ```
+
+  </TabItem>
+</Tabs>
+
+## More information
+
+- Role assignment request: https://learn.microsoft.com/graph/api/rbacapplication-post-roleassignmentschedulerequests

package/docs/docs/cmd/entra/roledefinition/roledefinition-add.mdx

@@ -0,0 +1,131 @@
+import Global from '/docs/cmd/_global.mdx';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# entra roledefinition add
+
+Creates a custom Microsoft Entra ID role definition
+
+## Usage
+
+```sh
+m365 entra roledefinition add [options]
+```
+
+## Options
+
+```md definition-list
+`-n, --displayName <displayName>`
+: The display name for the role definition.
+
+`-a, --allowedResourceActions <allowedResourceActions>`	
+: Comma-separated list of resource actions allowed for the role.
+
+`-d, --description [description]`
+: The description for the role definition.
+
+`-e, --enabled [enabled]`
+: Indicates if the role is enabled for the assignment. If not specified, the role is enabled by default.
+
+`-v, --version [version]`
+: The version of the role definition.
+```
+
+<Global />
+
+## Remarks
+
+Use the `m365 entra rolepermission list --resourceNamespace microsoft.directory` command to get a list of available resource actions.
+
+## Examples
+
+Create a custom Microsoft Entra ID role
+
+```sh
+m365 entra roledefinition add --displayName 'Application Remover' --description 'Allows to remove any Entra ID application' --allowedResourceActions 'microsoft.directory/applications/delete'
+```
+
+Create a custom Microsoft Entra ID role, but disable it for the assignment
+
+```sh
+m365 entra roledefinition add --displayName 'Application Remover' --version '1.0' --enabled false --allowedResourceActions 'microsoft.directory/applications/delete,microsoft.directory/applications/owners/update'
+```
+
+## Response
+
+<Tabs>
+  <TabItem value="JSON">
+
+  ```json
+  {
+    "id": "3844129d-f748-4c03-8165-4412ee9b4ceb",
+    "description": null,
+    "displayName": "Custom Role",
+    "isBuiltIn": false,
+    "isEnabled": true,
+    "resourceScopes": [
+      "/"
+    ],
+    "templateId": "3844129d-f748-4c03-8165-4412ee9b4ceb",
+    "version": "1",
+    "rolePermissions": [
+      {
+        "allowedResourceActions": [
+          "microsoft.directory/groups.unified/create",
+          "microsoft.directory/groups.unified/delete"
+        ],
+        "condition": null
+      }
+    ]
+  }
+  ```
+
+  </TabItem>
+  <TabItem value="Text">
+
+  ```text
+  description    : null
+  displayName    : Custom Role
+  id             : 3844129d-f748-4c03-8165-4412ee9b4ceb
+  isBuiltIn      : false
+  isEnabled      : true
+  resourceScopes : ["/"]
+  rolePermissions: [{"allowedResourceActions":["microsoft.directory/groups.unified/create","microsoft.directory/groups.unified/delete"],"condition":null}]
+  templateId     : 3844129d-f748-4c03-8165-4412ee9b4ceb
+  version        : 1
+  ```
+
+  </TabItem>
+  <TabItem value="CSV">
+
+  ```csv
+  id,description,displayName,isBuiltIn,isEnabled,templateId,version
+  3844129d-f748-4c03-8165-4412ee9b4ceb,,Custom Role,0,1,3844129d-f748-4c03-8165-4412ee9b4ceb,1
+  ```
+
+  </TabItem>
+  <TabItem value="Markdown">
+
+  ```md
+  # entra roledefinition add --displayName "Custom Role" --allowedResourceActions "microsoft.directory/groups.unified/create,microsoft.directory/groups.unified/delete" --version 1
+
+  Date: 12/15/2024
+
+  ## Custom Role (3844129d-f748-4c03-8165-4412ee9b4ceb)
+
+  Property | Value
+  ---------|-------
+  id | 3844129d-f748-4c03-8165-4412ee9b4ceb
+  displayName | Custom Role
+  isBuiltIn | false
+  isEnabled | true
+  templateId | 3844129d-f748-4c03-8165-4412ee9b4ceb
+  version | 1
+  ```
+
+  </TabItem>
+</Tabs>
+
+## More information
+
+- https://learn.microsoft.com/graph/api/rbacapplication-post-roledefinitions

package/docs/docs/cmd/entra/roledefinition/roledefinition-set.mdx

@@ -0,0 +1,64 @@
+import Global from '/docs/cmd/_global.mdx';
+
+# entra roledefinition set
+
+Updates a custom Microsoft Entra ID role definition
+
+## Usage
+
+```sh
+m365 entra roledefinition set [options]
+```
+
+## Options
+
+```md definition-list
+`-i, --id [id]`
+: The id of the role definition to be updated. Specify either `id` or `displayName`, but not both.
+
+`-n, --displayName [displayName]`
+: The display name of the role definition to be updated. Specify either `id` or `displayName`, but not both.
+
+`--newDisplayName [newDisplayName]`
+: Updated display name for the role definition.
+
+`-d, --description [description]`
+: Updated description for the role definition.
+
+`-e, --enabled [enabled]`
+: Indicates if the role is enabled for the assignment.
+
+`a-, --allowedResourceActions [allowedResourceActions]`
+: Updated comma-separated list of resource actions allowed for the role.
+
+`-v, --version [version]`
+: Updated version of the role definition.
+```
+
+<Global />
+
+## Remarks
+
+Use the `m365 entra rolepermission list --resourceNamespace microsoft.directory` command to get a list of available resource actions.
+
+## Examples
+
+Update a custom Microsoft Entra ID role specified by the id
+
+```sh
+m365 entra roledefinition set --id fadbc488-151d-4431-9143-6abbffae759f --newDisplayName 'Application Remover' --description 'Allows to remove any Entra ID application' --allowedResourceActions 'microsoft.directory/applications/delete'
+```
+
+Update a custom Microsoft Entra ID role specified by the display name
+
+```sh
+m365 entra roledefinition set --displayName 'Application Remover' --version '1.0' --enabled true --allowedResourceActions 'microsoft.directory/applications/delete,microsoft.directory/applications/owners/update'
+```
+
+## Response
+
+The command won't return a response on success
+
+## More information
+
+- https://learn.microsoft.com/graph/api/rbacapplication-post-roledefinitions

package/docs/docs/cmd/entra/rolepermission/rolepermission-list.mdx

@@ -0,0 +1,162 @@
+import Global from '/docs/cmd/_global.mdx';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# entra rolepermission list
+
+Lists all Microsoft Entra ID role permissions
+
+## Usage
+
+```sh
+m365 entra rolepermission list [options]
+```
+
+## Options
+
+```md definition-list
+`-n, --resourceNamespace [resourceNamespace]`
+: The namespace of the resource for which to retrieve role permissions.
+
+`-p, --privileged`
+: Retrieve only sensitive role permissions.
+```
+
+<Global />
+
+## Remarks
+
+:::warning
+
+The command is based on an API that is currently in preview and is subject to change once the API reached general availability.
+
+:::
+
+## Examples
+
+Get a list of role permissions
+
+```sh
+m365 entra rolepermission list --resourceNamespace 'microsoft.directory'
+```
+
+Get a list of sensitive role permissions
+
+```sh
+m365 entra rolepermission list --resourceNamespace 'microsoft.directory' --privileged
+```
+
+## Response
+
+<Tabs>
+  <TabItem value="JSON">
+
+  ```json
+  [
+    {
+      "actionVerb": null,
+      "description": "Create and delete access reviews, and read and update all properties of access reviews in Microsoft Entra ID",
+      "id": "microsoft.directory-accessReviews-allProperties-allTasks",
+      "isPrivileged": false,
+      "name": "microsoft.directory/accessReviews/allProperties/allTasks",
+      "resourceScopeId": null
+    },
+    {
+      "actionVerb": "GET",
+      "description": "Read all properties of access reviews",
+      "id": "microsoft.directory-accessReviews-allProperties-read-get",
+      "isPrivileged": false,
+      "name": "microsoft.directory/accessReviews/allProperties/read",
+      "resourceScopeId": null
+    },
+    {
+      "actionVerb": null,
+      "description": "Manage access reviews of application role assignments in Microsoft Entra ID",
+      "id": "microsoft.directory-accessReviews-definitions.applications-allProperties-allTasks",
+      "isPrivileged": false,
+      "name": "microsoft.directory/accessReviews/definitions.applications/allProperties/allTasks",
+      "resourceScopeId": null
+    },
+    {
+      "actionVerb": "GET",
+      "description": "Read all properties of access reviews of application role assignments in Microsoft Entra ID",
+      "id": "microsoft.directory-accessReviews-definitions.applications-allProperties-read-get",
+      "isPrivileged": false,
+      "name": "microsoft.directory/accessReviews/definitions.applications/allProperties/read",
+      "resourceScopeId": null
+    }
+  ]
+  ```
+
+  </TabItem>
+  <TabItem value="Text">
+
+  ```text
+  id                                                                                      name                                                                                     actionVerb  isPrivileged
+  --------------------------------------------------------------------------------------  ---------------------------------------------------------------------------------------  ----------  ------------
+  microsoft.directory-accessReviews-allProperties-allTasks                                microsoft.directory/accessReviews/allProperties/allTasks                                 null        false
+  microsoft.directory-accessReviews-allProperties-read-get                                microsoft.directory/accessReviews/allProperties/read                                     GET         false
+  microsoft.directory-accessReviews-definitions.applications-allProperties-allTasks       microsoft.directory/accessReviews/definitions.applications/allProperties/allTasks        null        false
+  microsoft.directory-accessReviews-definitions.applications-allProperties-read-get       microsoft.directory/accessReviews/definitions.applications/allProperties/read            GET         false
+  ```
+
+  </TabItem>
+  <TabItem value="CSV">
+
+  ```csv
+  actionVerb,description,id,isPrivileged,name,resourceScopeId
+  ,"Create and delete access reviews, and read and update all properties of access reviews in Microsoft Entra ID",microsoft.directory-accessReviews-allProperties-allTasks,0,microsoft.directory/accessReviews/allProperties/allTasks,
+  GET,Read all properties of access reviews,microsoft.directory-accessReviews-allProperties-read-get,0,microsoft.directory/accessReviews/allProperties/read,
+  ,Manage access reviews of application role assignments in Microsoft Entra ID,microsoft.directory-accessReviews-definitions.applications-allProperties-allTasks,0,microsoft.directory/accessReviews/definitions.applications/allProperties/allTasks,
+  GET,Read all properties of access reviews of application role assignments in Microsoft Entra ID,microsoft.directory-accessReviews-definitions.applications-allProperties-read-get,0,microsoft.directory/accessReviews/definitions.applications/allProperties/read,
+  ```
+
+  </TabItem>
+  <TabItem value="Markdown">
+
+  ```md
+  # entra rolepermission list --resourceNamespace "microsoft.directory"
+
+  Date: 1/16/2025
+
+  ## microsoft.directory/accessReviews/allProperties/allTasks (microsoft.directory-accessReviews-allProperties-allTasks)
+
+  Property | Value
+  ---------|-------
+  description | Create and delete access reviews, and read and update all properties of access reviews in Microsoft Entra ID
+  id | microsoft.directory-accessReviews-allProperties-allTasks
+  isPrivileged | false
+  name | microsoft.directory/accessReviews/allProperties/allTasks
+
+  ## microsoft.directory/accessReviews/allProperties/read (microsoft.directory-accessReviews-allProperties-read-get)
+
+  Property | Value
+  ---------|-------
+  actionVerb | GET
+  description | Read all properties of access reviews
+  id | microsoft.directory-accessReviews-allProperties-read-get
+  isPrivileged | false
+  name | microsoft.directory/accessReviews/allProperties/read
+
+  ## microsoft.directory/accessReviews/definitions.applications/allProperties/allTasks (microsoft.directory-accessReviews-definitions.applications-allProperties-allTasks)
+
+  Property | Value
+  ---------|-------
+  description | Manage access reviews of application role assignments in Microsoft Entra ID
+  id | microsoft.directory-accessReviews-definitions.applications-allProperties-allTasks
+  isPrivileged | false
+  name | microsoft.directory/accessReviews/definitions.applications/allProperties/allTasks
+
+  ## microsoft.directory/accessReviews/definitions.applications/allProperties/read (microsoft.directory-accessReviews-definitions.applications-allProperties-read-get)
+
+  Property | Value
+  ---------|-------
+  actionVerb | GET
+  description | Read all properties of access reviews of application role assignments in Microsoft Entra ID
+  id | microsoft.directory-accessReviews-definitions.applications-allProperties-read-get
+  isPrivileged | false
+  name | microsoft.directory/accessReviews/definitions.applications/allProperties/read
+  ```
+
+  </TabItem>
+</Tabs>