Public/generated/Get-KriticalUtcmAzureRoleEligibilityScheduleSettings.ps1

# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit
# (c) 2026 Kritical Pty Ltd | https://kritical.net
# Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner.

function Get-KriticalUtcmAzureRoleEligibilityScheduleSettings {
<#
.SYNOPSIS
    Kritical.UTCM shim for M365DSC resource AzureRoleEligibilityScheduleSettings.

.DESCRIPTION

    Search-replace safe: callers that today invoke
        Get-M365DSCAzureRoleEligibilityScheduleSettings -Credential $cred -TenantId $tid
    can rename to
        Get-KriticalUtcmAzureRoleEligibilityScheduleSettings -Credential $cred -TenantId $tid
    with ZERO other edits. Parameter shape matches the M365DSC .schema.mof
    exactly. By default -PreferM365DscBehavior is true.

    Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge.
    Bridge maps resource → Graph endpoint per per-resource wave; where mapping
    is not yet shipped, bridge returns an object with Verdict='UNMAPPED'.

.NOTES
    Workload: Other
    Param count: 44
#>

[CmdletBinding()]
param(
        # Display name of the role definition being governed by this policy.
[Parameter(Mandatory)] [string]$RoleDefinitionDisplayName,
        # The scope of the role management policy. Supports subscriptions/{id}, subscriptions/{id}/resourceGroups/{name}, and providers/Microsoft.Management/managementGroups/{name} scopes.
[Parameter(Mandatory)] [string]$ScopeId,
        # Specifies the internal Policy Id.
[string]$PolicyId,
        # Activation maximum duration (hours).
[string]$ActivationMaxDuration,
        # Require justification on activation (True/False).
[bool]$ActivationReqJustification,
        # Require ticket information on activation (True/False).
[bool]$ActivationReqTicket,
        # Require MFA on activation (True/False).
[bool]$ActivationReqMFA,
        # Require approval to activate (True/False).
[bool]$ApprovaltoActivate,
        # Require authentication context on activation (True/False).
[bool]$ActivationReqAuthContext,
        # Authentication context claim value (Conditional Access policy id) for activation.
[string]$ActivationAuthContextId,
        # Allow permanent eligible assignment (True/False).
[bool]$PermanentEligibleAssignmentisExpirationRequired,
        # Expire eligible assignments after (Days).
[string]$ExpireEligibleAssignment,
        # Allow permanent active assignment (True/False).
[bool]$PermanentActiveAssignmentisExpirationRequired,
        # Expire active assignments after (Days).
[string]$ExpireActiveAssignment,
        # Require Azure Multi-Factor Authentication on active assignment (True/False).
[bool]$AssignmentReqMFA,
        # Require justification on active assignment (True/False).
[bool]$AssignmentReqJustification,
        # Require Azure Multi-Factor Authentication on eligible assignment (True/False).
[bool]$EligibilityAssignmentReqMFA,
        # Require justification on eligible assignment (True/False).
[bool]$EligibilityAssignmentReqJustification,
        # Send notifications when members are assigned as eligible to this role: Role assignment alert, default recipient (True/False).
[bool]$EligibleAlertNotificationDefaultRecipient,
        # Send notifications when members are assigned as eligible to this role: Role assignment alert, only critical Email (True/False).
[bool]$EligibleAlertNotificationOnlyCritical,
        # Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), default recipient (True/False).
[bool]$EligibleAssigneeNotificationDefaultRecipient,
        # Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee), only critical Email (True/False).
[bool]$EligibleAssigneeNotificationOnlyCritical,
        # Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, default recipient (True/False).
[bool]$EligibleApproveNotificationDefaultRecipient,
        # Send notifications when members are assigned as eligible to this role: Request to approve a role assignment renewal/extension, only critical Email (True/False).
[bool]$EligibleApproveNotificationOnlyCritical,
        # Send notifications when members are assigned as active to this role: Role assignment alert, default recipient (True/False).
[bool]$ActiveAlertNotificationDefaultRecipient,
        # Send notifications when members are assigned as active to this role: Role assignment alert, only critical Email (True/False).
[bool]$ActiveAlertNotificationOnlyCritical,
        # Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), default recipient (True/False).
[bool]$ActiveAssigneeNotificationDefaultRecipient,
        # Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee), only critical Email (True/False).
[bool]$ActiveAssigneeNotificationOnlyCritical,
        # Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, default recipient (True/False).
[bool]$ActiveApproveNotificationDefaultRecipient,
        # Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension, only critical Email (True/False).
[bool]$ActiveApproveNotificationOnlyCritical,
        # Send notifications when eligible members activate this role: Role activation alert, default recipient (True/False).
[bool]$ActivationAlertNotificationDefaultRecipient,
        # Send notifications when eligible members activate this role: Role activation alert, only critical Email (True/False).
[bool]$ActivationAlertNotificationOnlyCritical,
        # Send notifications when eligible members activate this role: Notification to activated user (requestor), default recipient (True/False).
[bool]$ActivationAssigneeNotificationDefaultRecipient,
        # Send notifications when eligible members activate this role: Notification to activated user (requestor), only critical Email (True/False).
[bool]$ActivationAssigneeNotificationOnlyCritical,
        # Send notifications when eligible members activate this role: Notification to approvers, default recipient (True/False).
[bool]$ActivationApproveNotificationDefaultRecipient,
        # Send notifications when eligible members activate this role: Notification to approvers, only critical Email (True/False).
[bool]$ActivationApproveNotificationOnlyCritical,
        # Credentials for the Microsoft Graph delegated permissions.
[string]$Credential,
        # Id of the Azure Active Directory application to authenticate with.
[string]$ApplicationId,
        # Id of the Azure Active Directory tenant used for authentication.
[string]$TenantId,
        # Secret of the Azure Active Directory application to authenticate with.
[string]$ApplicationSecret,
        # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
[string]$CertificateThumbprint,
        # Username can be made up to anything but password will be used for CertificatePassword
[string]$CertificatePassword,
        # Path to certificate used in service principal usually a PFX file.
[string]$CertificatePath,
        # Managed ID being used for authentication.
[bool]$ManagedIdentity
)
    Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'AzureRoleEligibilityScheduleSettings' -Workload 'Other' -Verb 'Get' -CallerParams $PSBoundParameters
}