Public/generated/Get-KriticalUtcmAADEntitlementManagementRoleAssignment.ps1

# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit
# (c) 2026 Kritical Pty Ltd | https://kritical.net
# Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner.

function Get-KriticalUtcmAADEntitlementManagementRoleAssignment {
<#
.SYNOPSIS
    Kritical.UTCM shim for M365DSC resource AADEntitlementManagementRoleAssignment.

.DESCRIPTION

    Search-replace safe: callers that today invoke
        Get-M365DSCAADEntitlementManagementRoleAssignment -Credential $cred -TenantId $tid
    can rename to
        Get-KriticalUtcmAADEntitlementManagementRoleAssignment -Credential $cred -TenantId $tid
    with ZERO other edits. Parameter shape matches the M365DSC .schema.mof
    exactly. By default -PreferM365DscBehavior is true.

    Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge.
    Bridge maps resource → Graph endpoint per per-resource wave; where mapping
    is not yet shipped, bridge returns an object with Verdict='UNMAPPED'.

.NOTES
    Workload: Entra
    Param count: 14
#>

[CmdletBinding()]
param(
        # Unique Id of the role assignment.
[string]$Id,
        # Identifier of the principal to which the assignment is granted.
[Parameter(Mandatory)] [string]$Principal,
        # Identifier of the unifiedRoleDefinition the assignment is for.
[Parameter(Mandatory)] [string]$RoleDefinition,
        # Identifier of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by a resource application only.
[string]$AppScopeId,
        # Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications, unlike app scopes that are defined and understood by a resource application only.
[string]$DirectoryScopeId,
        # Present ensures the policy exists, absent ensures it is removed.
[ValidateSet('Present','Absent')] [string]$Ensure,
        # Credentials of the Intune Admin
[string]$Credential,
        # Id of the Azure Active Directory application to authenticate with.
[string]$ApplicationId,
        # Id of the Azure Active Directory tenant used for authentication.
[string]$TenantId,
        # Secret of the Azure Active Directory tenant used for authentication.
[string]$ApplicationSecret,
        # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
[string]$CertificateThumbprint,
        # Username can be made up to anything but password will be used for CertificatePassword
[string]$CertificatePassword,
        # Path to certificate used in service principal usually a PFX file.
[string]$CertificatePath,
        # Managed ID being used for authentication.
[bool]$ManagedIdentity
)
    Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'AADEntitlementManagementRoleAssignment' -Workload 'Entra' -Verb 'Get' -CallerParams $PSBoundParameters
}