Private/Invoke-365TuneElevation.ps1
|
function Invoke-365TuneElevation { <# .SYNOPSIS Elevates current user to User Access Administrator at root scope. #> $response = Invoke-AzRestMethod ` -Path "/providers/Microsoft.Authorization/elevateAccess?api-version=2015-07-01" ` -Method POST if ($response.StatusCode -notin @(200, 204)) { throw "Elevation failed with status: $($response.StatusCode). Ensure 'Access management for Azure resources' is enabled in Entra ID > Properties." } # Brief pause to allow elevation to propagate Start-Sleep -Seconds 3 Write-Host " ✅ Elevated to User Access Administrator." -ForegroundColor Green } |