@pnp/cli-microsoft365 10.6.0-beta.a7465c9 → 10.6.0

package/dist/m365/spo/commands/folder/folder-roleassignment-remove.js

@@ -11,8 +11,6 @@ import { urlUtil } from '../../../../utils/urlUtil.js';
 import { validation } from '../../../../utils/validation.js';
 import SpoCommand from '../../../base/SpoCommand.js';
 import commands from '../../commands.js';
-import spoGroupGetCommand from '../group/group-get.js';
-import spoUserGetCommand from '../user/user-get.js';
 import { entraGroup } from '../../../../utils/entraGroup.js';
 import { spo } from '../../../../utils/spo.js';
 class SpoFolderRoleAssignmentRemoveCommand extends SpoCommand {
@@ -38,11 +36,12 @@ class SpoFolderRoleAssignmentRemoveCommand extends SpoCommand {
             const serverRelativeUrl = urlUtil.getServerRelativePath(args.options.webUrl, args.options.folderUrl);
             const requestUrl = `${args.options.webUrl}/_api/web/GetFolderByServerRelativePath(DecodedUrl='${formatting.encodeQueryParameter(serverRelativeUrl)}')/ListItemAllFields`;
             try {
+                let principalId = args.options.principalId;
                 if (args.options.upn) {
-                    args.options.principalId = await this.getUserPrincipalId(args.options);
+                    principalId = await this.getUserPrincipalId(args.options, logger);
                 }
                 else if (args.options.groupName) {
-                    args.options.principalId = await this.getGroupPrincipalId(args.options);
+                    principalId = await this.getGroupPrincipalId(args.options, logger);
                 }
                 else if (args.options.entraGroupId || args.options.entraGroupName) {
                     if (this.verbose) {
@@ -52,9 +51,9 @@ class SpoFolderRoleAssignmentRemoveCommand extends SpoCommand {
                         ? await entraGroup.getGroupById(args.options.entraGroupId)
                         : await entraGroup.getGroupByDisplayName(args.options.entraGroupName);
                     const siteUser = await spo.ensureEntraGroup(args.options.webUrl, group);
-                    args.options.principalId = siteUser.Id;
+                    principalId = siteUser.Id;
                 }
-                await this.removeRoleAssignment(requestUrl, logger, args.options);
+                await this.removeRoleAssignment(requestUrl, principalId);
             }
             catch (err) {
                 this.handleRejectedODataJsonPromise(err);
@@ -70,9 +69,9 @@ class SpoFolderRoleAssignmentRemoveCommand extends SpoCommand {
             }
         }
     }
-    async removeRoleAssignment(requestUrl, logger, options) {
+    async removeRoleAssignment(requestUrl, principalId) {
         const requestOptions = {
-            url: `${requestUrl}/roleassignments/removeroleassignment(principalid='${options.principalId}')`,
+            url: `${requestUrl}/roleassignments/removeroleassignment(principalid='${principalId}')`,
             method: 'POST',
             headers: {
                 'accept': 'application/json;odata=nometadata',
@@ -82,30 +81,13 @@ class SpoFolderRoleAssignmentRemoveCommand extends SpoCommand {
         };
         return request.post(requestOptions);
     }
-    async getGroupPrincipalId(options) {
-        const groupGetCommandOptions = {
-            webUrl: options.webUrl,
-            name: options.groupName,
-            output: 'json',
-            debug: this.debug,
-            verbose: this.verbose
-        };
-        const output = await cli.executeCommandWithOutput(spoGroupGetCommand, { options: { ...groupGetCommandOptions, _: [] } });
-        const getGroupOutput = JSON.parse(output.stdout);
-        return getGroupOutput.Id;
+    async getGroupPrincipalId(options, logger) {
+        const group = await spo.getGroupByName(options.webUrl, options.groupName, logger, this.verbose);
+        return group.Id;
     }
-    async getUserPrincipalId(options) {
-        const userGetCommandOptions = {
-            webUrl: options.webUrl,
-            email: options.upn,
-            id: undefined,
-            output: 'json',
-            debug: this.debug,
-            verbose: this.verbose
-        };
-        const output = await cli.executeCommandWithOutput(spoUserGetCommand, { options: { ...userGetCommandOptions, _: [] } });
-        const getUserOutput = JSON.parse(output.stdout);
-        return getUserOutput.Id;
+    async getUserPrincipalId(options, logger) {
+        const user = await spo.getUserByEmail(options.webUrl, options.upn, logger, this.verbose);
+        return user.Id;
     }
 }
 _SpoFolderRoleAssignmentRemoveCommand_instances = new WeakSet(), _SpoFolderRoleAssignmentRemoveCommand_initTelemetry = function _SpoFolderRoleAssignmentRemoveCommand_initTelemetry() {

package/dist/m365/spo/commands/listitem/listitem-roleassignment-add.js

@@ -4,7 +4,6 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
     return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
 };
 var _SpoListItemRoleAssignmentAddCommand_instances, _SpoListItemRoleAssignmentAddCommand_initTelemetry, _SpoListItemRoleAssignmentAddCommand_initOptions, _SpoListItemRoleAssignmentAddCommand_initValidators;
-import { cli } from '../../../../cli/cli.js';
 import request from '../../../../request.js';
 import { entraGroup } from '../../../../utils/entraGroup.js';
 import { formatting } from '../../../../utils/formatting.js';
@@ -12,9 +11,6 @@ import { urlUtil } from '../../../../utils/urlUtil.js';
 import { validation } from '../../../../utils/validation.js';
 import SpoCommand from '../../../base/SpoCommand.js';
 import commands from '../../commands.js';
-import spoGroupGetCommand from '../group/group-get.js';
-import spoRoleDefinitionListCommand from '../roledefinition/roledefinition-list.js';
-import spoUserGetCommand from '../user/user-get.js';
 import { spo } from '../../../../utils/spo.js';
 class SpoListItemRoleAssignmentAddCommand extends SpoCommand {
     get name() {
@@ -47,15 +43,13 @@ class SpoListItemRoleAssignmentAddCommand extends SpoCommand {
                 requestUrl += `GetList('${formatting.encodeQueryParameter(listServerRelativeUrl)}')/`;
             }
             requestUrl += `items(${args.options.listItemId})/`;
-            const roleDefinitionId = await this.getRoleDefinitionId(args.options);
+            const roleDefinitionId = await this.getRoleDefinitionId(args.options, logger);
             let principalId = args.options.principalId;
             if (args.options.upn) {
-                principalId = await this.getUserPrincipalId(args.options);
-                await this.addRoleAssignment(requestUrl, roleDefinitionId, principalId);
+                principalId = await this.getUserPrincipalId(args.options, logger);
             }
             else if (args.options.groupName) {
-                principalId = await this.getGroupPrincipalId(args.options);
-                await this.addRoleAssignment(requestUrl, roleDefinitionId, principalId);
+                principalId = await this.getGroupPrincipalId(args.options, logger);
             }
             else if (args.options.entraGroupId || args.options.entraGroupName) {
                 if (this.verbose) {
@@ -85,45 +79,20 @@ class SpoListItemRoleAssignmentAddCommand extends SpoCommand {
         };
         await request.post(requestOptions);
     }
-    async getRoleDefinitionId(options) {
+    async getRoleDefinitionId(options, logger) {
         if (!options.roleDefinitionName) {
             return options.roleDefinitionId;
         }
-        const roleDefinitionListCommandOptions = {
-            webUrl: options.webUrl,
-            output: 'json',
-            debug: this.debug,
-            verbose: this.verbose
-        };
-        const output = await cli.executeCommandWithOutput(spoRoleDefinitionListCommand, { options: { ...roleDefinitionListCommandOptions, _: [] } });
-        const getRoleDefinitionListOutput = JSON.parse(output.stdout);
-        const roleDefinitionId = getRoleDefinitionListOutput.find((role) => role.Name === options.roleDefinitionName).Id;
-        return roleDefinitionId;
+        const roleDefintion = await spo.getRoleDefinitionByName(options.webUrl, options.roleDefinitionName, logger, this.verbose);
+        return roleDefintion.Id;
     }
-    async getGroupPrincipalId(options) {
-        const groupGetCommandOptions = {
-            webUrl: options.webUrl,
-            name: options.groupName,
-            output: 'json',
-            debug: this.debug,
-            verbose: this.verbose
-        };
-        const output = await cli.executeCommandWithOutput(spoGroupGetCommand, { options: { ...groupGetCommandOptions, _: [] } });
-        const getGroupOutput = JSON.parse(output.stdout);
-        return getGroupOutput.Id;
+    async getGroupPrincipalId(options, logger) {
+        const group = await spo.getGroupByName(options.webUrl, options.groupName, logger, this.verbose);
+        return group.Id;
     }
-    async getUserPrincipalId(options) {
-        const userGetCommandOptions = {
-            webUrl: options.webUrl,
-            email: options.upn,
-            id: undefined,
-            output: 'json',
-            debug: this.debug,
-            verbose: this.verbose
-        };
-        const output = await cli.executeCommandWithOutput(spoUserGetCommand, { options: { ...userGetCommandOptions, _: [] } });
-        const getUserOutput = JSON.parse(output.stdout);
-        return getUserOutput.Id;
+    async getUserPrincipalId(options, logger) {
+        const user = await spo.getUserByEmail(options.webUrl, options.upn, logger, this.verbose);
+        return user.Id;
     }
 }
 _SpoListItemRoleAssignmentAddCommand_instances = new WeakSet(), _SpoListItemRoleAssignmentAddCommand_initTelemetry = function _SpoListItemRoleAssignmentAddCommand_initTelemetry() {

package/dist/m365/spo/commands/listitem/listitem-roleassignment-remove.js

@@ -11,8 +11,6 @@ import { urlUtil } from '../../../../utils/urlUtil.js';
 import { validation } from '../../../../utils/validation.js';
 import SpoCommand from '../../../base/SpoCommand.js';
 import commands from '../../commands.js';
-import spoGroupGetCommand from '../group/group-get.js';
-import spoUserGetCommand from '../user/user-get.js';
 import { entraGroup } from '../../../../utils/entraGroup.js';
 import { spo } from '../../../../utils/spo.js';
 class SpoListItemRoleAssignmentRemoveCommand extends SpoCommand {
@@ -59,10 +57,10 @@ class SpoListItemRoleAssignmentRemoveCommand extends SpoCommand {
             }
             requestUrl += `items(${options.listItemId})/`;
             if (options.upn) {
-                options.principalId = await this.getUserPrincipalId(options);
+                options.principalId = await this.getUserPrincipalId(options, logger);
             }
             else if (options.groupName) {
-                options.principalId = await this.getGroupPrincipalId(options);
+                options.principalId = await this.getGroupPrincipalId(options, logger);
             }
             else if (options.entraGroupId || options.entraGroupName) {
                 if (this.verbose) {
@@ -92,30 +90,13 @@ class SpoListItemRoleAssignmentRemoveCommand extends SpoCommand {
         };
         await request.post(requestOptions);
     }
-    async getGroupPrincipalId(options) {
-        const groupGetCommandOptions = {
-            webUrl: options.webUrl,
-            name: options.groupName,
-            output: 'json',
-            debug: this.debug,
-            verbose: this.verbose
-        };
-        const output = await cli.executeCommandWithOutput(spoGroupGetCommand, { options: { ...groupGetCommandOptions, _: [] } });
-        const getGroupOutput = JSON.parse(output.stdout);
-        return getGroupOutput.Id;
+    async getGroupPrincipalId(options, logger) {
+        const group = await spo.getGroupByName(options.webUrl, options.groupName, logger, this.verbose);
+        return group.Id;
     }
-    async getUserPrincipalId(options) {
-        const userGetCommandOptions = {
-            webUrl: options.webUrl,
-            email: options.upn,
-            id: undefined,
-            output: 'json',
-            debug: this.debug,
-            verbose: this.verbose
-        };
-        const output = await cli.executeCommandWithOutput(spoUserGetCommand, { options: { ...userGetCommandOptions, _: [] } });
-        const getUserOutput = JSON.parse(output.stdout);
-        return getUserOutput.Id;
+    async getUserPrincipalId(options, logger) {
+        const user = await spo.getUserByEmail(options.webUrl, options.upn, logger, this.verbose);
+        return user.Id;
     }
 }
 _SpoListItemRoleAssignmentRemoveCommand_instances = new WeakSet(), _SpoListItemRoleAssignmentRemoveCommand_initTelemetry = function _SpoListItemRoleAssignmentRemoveCommand_initTelemetry() {

package/dist/m365/util/commands/accesstoken/accesstoken-get.js

@@ -7,6 +7,7 @@ var _UtilAccessTokenGetCommand_instances, _UtilAccessTokenGetCommand_initTelemet
 import auth, { Auth } from '../../../../Auth.js';
 import Command from '../../../../Command.js';
 import commands from '../../commands.js';
+import { accessToken } from '../../../../utils/accessToken.js';
 class UtilAccessTokenGetCommand extends Command {
     get name() {
         return commands.ACCESSTOKEN_GET;
@@ -34,8 +35,14 @@ class UtilAccessTokenGetCommand extends Command {
             resource = Auth.getEndpointForResource('https://graph.microsoft.com', auth.connection.cloudType);
         }
         try {
-            const accessToken = await auth.ensureAccessToken(resource, logger, this.debug, args.options.new);
-            await logger.log(accessToken);
+            const token = await auth.ensureAccessToken(resource, logger, this.debug, args.options.new);
+            if (args.options.decoded) {
+                const { header, payload } = accessToken.getDecodedAccessToken(token);
+                await logger.logRaw(`${JSON.stringify(header, null, 2)}.${JSON.stringify(payload, null, 2)}.[signature]`);
+            }
+            else {
+                await logger.log(token);
+            }
         }
         catch (err) {
             this.handleRejectedODataJsonPromise(err);
@@ -45,7 +52,8 @@ class UtilAccessTokenGetCommand extends Command {
 _UtilAccessTokenGetCommand_instances = new WeakSet(), _UtilAccessTokenGetCommand_initTelemetry = function _UtilAccessTokenGetCommand_initTelemetry() {
     this.telemetry.push((args) => {
         Object.assign(this.telemetryProperties, {
-            new: args.options.new
+            new: args.options.new,
+            decoded: args.options.decoded
         });
     });
 }, _UtilAccessTokenGetCommand_initOptions = function _UtilAccessTokenGetCommand_initOptions() {
@@ -53,6 +61,8 @@ _UtilAccessTokenGetCommand_instances = new WeakSet(), _UtilAccessTokenGetCommand
         option: '-r, --resource <resource>'
     }, {
         option: '--new'
+    }, {
+        option: '--decoded'
     });
 };
 export default new UtilAccessTokenGetCommand();

package/dist/utils/accessToken.js

@@ -75,6 +75,14 @@ export const accessToken = {
         }
         return userId;
     },
+    getDecodedAccessToken(accessToken) {
+        const chunks = accessToken.split('.');
+        const headerString = Buffer.from(chunks[0], 'base64').toString();
+        const payloadString = Buffer.from(chunks[1], 'base64').toString();
+        const header = JSON.parse(headerString);
+        const payload = JSON.parse(payloadString);
+        return { header, payload };
+    },
     /**
      * Asserts the presence of a delegated access token.
      * @throws {CommandError} Will throw an error if the access token is not available.

package/dist/utils/powerPlatform.js

@@ -51,7 +51,7 @@ export const powerPlatform = {
         }
         if (items.length > 1) {
             const resultAsKeyValuePair = formatting.convertArrayToHashTable('websiteUrl', items);
-            return cli.handleMultipleResultsFound(`Multiple Power Page websites with name '${websiteName}' found`, resultAsKeyValuePair);
+            return cli.handleMultipleResultsFound(`Multiple Power Page websites with name '${websiteName}' found.`, resultAsKeyValuePair);
         }
         return items[0];
     },
@@ -62,6 +62,56 @@ export const powerPlatform = {
             throw Error(`The specified Power Page website with url '${url}' does not exist.`);
         }
         return items[0];
+    },
+    /**
+     * Get a card by name
+     * Returns a card object
+     * @param dynamicsApiUrl The dynamics api url of the environment
+     * @param name The name of the card
+     * @param logger The logger object
+     * @param verbose Set for verbose logging
+     */
+    async getCardByName(dynamicsApiUrl, name) {
+        const requestOptions = {
+            url: `${dynamicsApiUrl}/api/data/v9.1/cards?$filter=name eq '${name}'`,
+            headers: {
+                accept: 'application/json;odata.metadata=none'
+            },
+            responseType: 'json'
+        };
+        const result = await request.get(requestOptions);
+        if (result.value.length === 0) {
+            throw Error(`The specified card '${name}' does not exist.`);
+        }
+        if (result.value.length > 1) {
+            const resultAsKeyValuePair = formatting.convertArrayToHashTable('cardid', result.value);
+            return cli.handleMultipleResultsFound(`Multiple cards with name '${name}' found.`, resultAsKeyValuePair);
+        }
+        return result.value[0];
+    },
+    /**
+   * Get a solution by name
+   * Returns the solution object
+   * @param dynamicsApiUrl The dynamics api url of the environment
+   * @param name The name of the solution
+   */
+    async getSolutionByName(dynamicsApiUrl, name) {
+        const requestOptions = {
+            url: `${dynamicsApiUrl}/api/data/v9.0/solutions?$filter=isvisible eq true and uniquename eq \'${name}\'&$expand=publisherid($select=friendlyname)&$select=solutionid,uniquename,version,publisherid,installedon,solutionpackageversion,friendlyname,versionnumber&api-version=9.1`,
+            headers: {
+                accept: 'application/json;odata.metadata=none'
+            },
+            responseType: 'json'
+        };
+        const result = await request.get(requestOptions);
+        if (result.value.length === 0) {
+            throw Error(`The specified solution '${name}' does not exist.`);
+        }
+        if (result.value.length > 1) {
+            const resultAsKeyValuePair = formatting.convertArrayToHashTable('solutionid', result.value);
+            return cli.handleMultipleResultsFound(`Multiple solutions with name '${name}' found.`, resultAsKeyValuePair);
+        }
+        return result.value[0];
     }
 };
 //# sourceMappingURL=powerPlatform.js.map

package/dist/utils/prompt.js

@@ -6,13 +6,20 @@ let inquirerSelect;
 ;
 ;
 export const prompt = {
-    /* c8 ignore next 9 */
+    /* c8 ignore next 16 */
     async forInput(config) {
         if (!inquirerInput) {
             inquirerInput = await import('@inquirer/input');
         }
         const errorOutput = cli.getSettingWithDefaultValue(settingsNames.errorOutput, 'stderr');
-        return inquirerInput.default(config, { output: errorOutput === 'stderr' ? process.stderr : process.stdout });
+        return inquirerInput
+            .default(config, { output: errorOutput === 'stderr' ? process.stderr : process.stdout })
+            .catch(error => {
+            if (error instanceof Error && error.name === 'ExitPromptError') {
+                return ''; // noop; handle Ctrl + C
+            }
+            throw error;
+        });
     },
     /* c8 ignore next 9 */
     async forConfirmation(config) {

package/dist/utils/spo.js

@@ -618,10 +618,12 @@ export const spo = {
     /**
     * Retrieves the role definition by name.
     * Returns a RoleDefinition object
+    * Returns a RoleDefinition object
     * @param webUrl Web url
     * @param name the name of the role definition
     * @param logger the Logger object
     * @param verbose Set for verbose logging
+    * @param verbose Set for verbose logging
     */
     async getRoleDefinitionByName(webUrl, name, logger, verbose) {
         if (verbose && logger) {
@@ -1756,6 +1758,30 @@ export const spo = {
             responseType: 'json'
         };
         return request.post(requestOptions);
+    },
+    /**
+    * Get a role definition by name
+    * Returns a RoleDefinition object
+    * @param webUrl The web url
+    * @param name  the name of the role definition
+    * @param logger The logger object
+    * @param verbose Set for verbose logging
+    */
+    async getRoleDefintionByName(webUrl, name, logger, verbose) {
+        if (verbose && logger) {
+            await logger.logToStderr(`Retrieving the role definition by name ${name}`);
+        }
+        const response = await odata.getAllItems(`${webUrl}/_api/web/roledefinitions`);
+        const roleDefinition = response.find((role) => role.Name === name);
+        if (!roleDefinition) {
+            throw new Error(`The specified role definition name '${name}' does not exist.`);
+        }
+        const permissions = new BasePermissions();
+        permissions.high = roleDefinition.BasePermissions.High;
+        permissions.low = roleDefinition.BasePermissions.Low;
+        roleDefinition.BasePermissionsValue = permissions.parse();
+        roleDefinition.RoleTypeKindValue = RoleType[roleDefinition.RoleTypeKind];
+        return roleDefinition;
     }
 };
 //# sourceMappingURL=spo.js.map

package/dist/utils/types.js

@@ -1,2 +1,3 @@
 export {};
+// #endregion
 //# sourceMappingURL=types.js.map

package/docs/docs/cmd/entra/group/group-member-add.mdx

@@ -2,7 +2,7 @@ import Global from '/docs/cmd/_global.mdx';
 
 # entra group member add
 
-Adds a member to a Microsoft Entra ID group
+Adds members to a Microsoft Entra group
 
 ## Usage
 

package/docs/docs/cmd/entra/group/group-member-remove.mdx

@@ -0,0 +1,96 @@
+import Global from '/docs/cmd/_global.mdx';
+
+# entra group member remove
+
+Removes members from a Microsoft Entra group
+
+## Usage
+
+```sh
+m365 entra group member remove [options]
+```
+
+## Options
+
+```md definition-list
+`-i, --groupId [groupId]`
+: The ID of the Entra ID group. Specify `groupId` or `groupName` but not both.
+
+`-n, --groupName [groupName]`
+: The display name of the Entra ID group. Specify `groupId` or `groupName` but not both.
+
+`--userIds [userIds]`
+: Microsoft Entra user IDs. You can also pass a comma-separated list of IDs. Specify either `userIds`, `userNames`, `subgroupIds` or `subgroupNames` but not multiple.
+
+`--userNames [userNames]`
+: The user principal names of users. You can also pass a comma-separated list of UPNs. Specify either `userIds`, `userNames`, `subgroupIds` or `subgroupNames` but not multiple.
+
+`--subgroupIds [subgroupIds]`
+: Microsoft Entra group IDs. You can also pass a comma-separated list of IDs. Specify either `userIds`, `userNames`, `subgroupIds` or `subgroupNames` but not multiple.
+
+`--subgroupNames [subgroupNames]`
+: The display names of Microsoft Entra groups. You can also pass a comma-separated list of group display names. Specify either `userIds`, `userNames`, `subgroupIds` or `subgroupNames` but not multiple.
+
+`-r, --role [role]`
+: The role to be removed from the users. Valid values: `Owner`, `Member`. Defaults to both.
+
+`--suppressNotFound`
+: Suppress errors when a user was not found in a group.
+
+`-f, --force`
+: Don't prompt for confirmation.
+```
+
+<Global />
+
+## Remarks
+
+:::tip
+
+When you use the `suppressNotFound` option, the command will not return an error if a user is not found as either an owner or a member of the group.
+This feature proves useful when you need to remove a user from a group, but you are uncertain whether the user holds the role of a member or an owner within that group.
+Without using this option, you would need to manually verify the user's role in the group before proceeding with removal.
+
+:::
+
+## Examples
+
+Remove a single user specified by ID as member from a group specified by display name
+
+```sh
+m365 entra group member remove --groupName Developers --userIds 098b9f52-f48c-4401-819f-29c33794c3f5 --role Member
+```
+
+Remove multiple users specified by ID from a group specified by ID
+
+```sh
+m365 entra group member remove --groupId a03c0c35-ef9a-419b-8cab-f89e0a8d2d2a --userIds "098b9f52-f48c-4401-819f-29c33794c3f5,f1e06e31-3abf-4746-83c2-1513d71f38b8"
+```
+
+Remove a single user specified by UPN as an owner from a group specified by display name
+
+```sh
+m365 entra group member remove --groupName Developers --userNames john.doe@contoso.com --role Owner
+```
+
+Remove multiple users specified by UPN from a group specified by ID
+
+```sh
+m365 entra group member remove --groupId a03c0c35-ef9a-419b-8cab-f89e0a8d2d2a --userNames "john.doe@contoso.com,adele.vance@contoso.com"
+```
+
+Remove a single user specified by ID as owner and member of the group and suppress errors when the user was not found as owner or member
+
+```sh
+m365 entra group member remove --groupName Developers --userIds 098b9f52-f48c-4401-819f-29c33794c3f5 --suppressNotFound
+```
+
+Remove 2 nested groups referenced by id from a security group
+
+```sh
+m365 entra group member remove --groupName Developers --subgroupIds "b51b6157-839f-4d92-8dab-ac61b53c6c40,1e793f86-8dc6-4df6-8037-649ef9a22330" --role Member
+```
+
+## Response
+
+The command doesn't return a response on success.

package/docs/docs/cmd/entra/policy/policy-list.mdx

@@ -16,7 +16,7 @@ m365 entra policy list [options]
 
 ```md definition-list
 `-t, --type [type]`
-: The type of policies to return. Allowed values `activityBasedTimeout`, `authorization`, `claimsMapping`, `homeRealmDiscovery`, `identitySecurityDefaultsEnforcement`, `tokenIssuance`, `tokenLifetime`. If omitted, all policies are returned.
+: The type of policies to return. Allowed values `activityBasedTimeout`, `adminConsentRequest`, `appManagement`, `authenticationFlows`, `authenticationMethods`, `authenticationStrength`, `authorization`, `claimsMapping`, `conditionalAccess`, `crossTenantAccess`, `defaultAppManagement`, `deviceRegistration`, `featureRolloutPolicy`, `homeRealmDiscovery`, `identitySecurityDefaultsEnforcement`, `permissionGrant`, `roleManagement`, `tokenIssuance`, `tokenLifetime`. If omitted, all policies are returned.
 ```
 
 <Global />

package/docs/docs/cmd/graph/openextension/openextension-get.mdx

@@ -0,0 +1,111 @@
+import Global from '/docs/cmd/_global.mdx';
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+# graph openextension get
+
+Retrieves a specific open extension for a resource
+
+## Usage
+
+```sh
+m365 graph openextension get [options]
+```
+
+## Options
+
+```md definition-list
+`-n, --name <name>`
+: The name of the open extension to retrieve.
+
+`-i, --resourceId <resourceId>`
+: The Id of the resource for which to retrieve the open extension.
+
+`-t, --resourceType <resourceType>`
+: The type of resource. Allowed values are `user`, `group`, `device`, `organization`.
+```
+
+<Global />
+
+## Examples
+
+Retrieve a specified open extension for a user specified by id.
+
+```sh
+m365 graph openextension get --resourceId eb77fbcf-6fe8-458b-985d-1747284793bc --name 'com.contoso.roamingSettings' --resourceType user
+```
+
+Retrieve a specified open extension for a user specified by UPN.
+
+```sh
+m365 graph openextension get --resourceId john.doe@contoso.com --name 'com.contoso.roamingSettings' --resourceType user
+```
+
+## Response
+
+<Tabs>
+  <TabItem value="JSON">
+
+  ```json
+  {
+    "extensionName": "com.contoso.roamingSettings",
+    "name": "com.contoso.roamingSettings",
+    "resourceId": "john.doe@contoso.com",
+    "resourceType": "user",
+    "theme": "dark",
+    "color": "red",
+    "language": "English",
+    "id": "com.contoso.roamingSettings"
+  }
+  ```
+
+  </TabItem>
+  <TabItem value="Text">
+
+  ```text
+  color        : red
+  extensionName: com.contoso.roamingSettings
+  id           : com.contoso.roamingSettings
+  language     : English
+  name         : com.contoso.roamingSettings
+  resourceId   : john.doe@contoso.com
+  resourceType : user
+  theme        : dark
+  ```
+
+  </TabItem>
+  <TabItem value="CSV">
+
+  ```csv
+  extensionName,name,resourceId,resourceType,theme,color,language,id
+  com.contoso.roamingSettings,com.contoso.roamingSettings,john.doe@contoso.com,user,dark,red,English,com.contoso.roamingSettings
+  ```
+
+  </TabItem>
+  <TabItem value="Markdown">
+
+  ```md
+  # graph openextension get --debug "false" --verbose "false" --resourceId "john.doe@contoso.com" --resourceType "user" --name "com.contoso.roamingSettings"
+
+  Date: 2025-04-07
+
+  ## com.contoso.roamingSettings (com.contoso.roamingSettings)
+
+  Property | Value
+  ---------|-------
+  extensionName | com.contoso.roamingSettings
+  name | com.contoso.roamingSettings
+  resourceId | john.doe@contoso.com
+  resourceType | user
+  theme | dark
+  color | red
+  language | English
+  id | com.contoso.roamingSettings
+  ```
+  
+  </TabItem>
+</Tabs>
+
+## More information
+
+- Open extensions: https://learn.microsoft.com/graph/extensibility-overview?tabs=http#open-extensions