Public/generated/Get-KriticalUtcmEXOManagementRoleAssignment.ps1
|
# Kritical.PS.UTCM | Microsoft Graph UTCM REST API toolkit # (c) 2026 Kritical Pty Ltd | https://kritical.net # Kritical brand banner is rendered at module load via Write-KriticalUtcmBanner. function Get-KriticalUtcmEXOManagementRoleAssignment { <# .SYNOPSIS Kritical.UTCM shim for M365DSC resource EXOManagementRoleAssignment. .DESCRIPTION Search-replace safe: callers that today invoke Get-M365DSCEXOManagementRoleAssignment -Credential $cred -TenantId $tid can rename to Get-KriticalUtcmEXOManagementRoleAssignment -Credential $cred -TenantId $tid with ZERO other edits. Parameter shape matches the M365DSC .schema.mof exactly. By default -PreferM365DscBehavior is true. Actual Graph dispatch is delegated to Invoke-KriticalUtcmM365DscSchemaBridge. Bridge maps resource → Graph endpoint per per-resource wave; where mapping is not yet shipped, bridge returns an object with Verdict='UNMAPPED'. .NOTES Workload: Exchange Param count: 20 #> [CmdletBinding()] param( # The Name parameter specifies a name for the new management role assignment. The maximum length of the name is 64 characters. [Parameter(Mandatory)] [string]$Name, # The Role parameter specifies the existing role to assign. You can use any value that uniquely identifies the role. [Parameter(Mandatory)] [string]$Role, # The App parameter specifies the service principal to assign the management role to. Specifically, the ServiceId GUID value from the output of the Get-ServicePrincipal cmdlet (for example, 6233fba6-0198-4277-892f-9275bf728bcc). [string]$App, # The Policy parameter specifies the name of the management role assignment policy to assign the management role to. [string]$Policy, # The SecurityGroup parameter specifies the name of the management role group or mail-enabled universal security group to assign the management role to. [string]$SecurityGroup, # The User parameter specifies the name or alias of the user to assign the management role to. [string]$User, # The CustomRecipientWriteScope parameter specifies the existing recipient-based management scope to associate with this management role assignment. [string]$CustomRecipientWriteScope, # The CustomResourceScope parameter specifies the custom management scope to associate with this management role assignment. You can use any value that uniquely identifies the management scope. [string]$CustomResourceScope, # The ExclusiveConfigWriteScope parameter specifies the exclusive configuration-based management scope to associate with the new role assignment. [string]$ExclusiveRecipientWriteScope, # The RecipientAdministrativeUnitScope parameter specifies the administrative unit to scope the new role assignment to. [string]$RecipientAdministrativeUnitScope, # The RecipientOrganizationalUnitScope parameter specifies the OU to scope the new role assignment to. If you use the RecipientOrganizationalUnitScope parameter, you can't use the CustomRecipientWriteScope or ExclusiveRecipientWriteScope parameters. [string]$RecipientOrganizationalUnitScope, # The RecipientRelativeWriteScope parameter specifies the type of restriction to apply to a recipient scope. The available types are None, Organization, MyGAL, Self, and MyDistributionGroups. The RecipientRelativeWriteScope parameter is automatically set when the CustomRecipientWriteScope or RecipientOrganizationalUnitScope parameters are used. [string]$RecipientRelativeWriteScope, # Specify if the Management Role Assignment should exist or not. [ValidateSet('Present','Absent')] [string]$Ensure, # Credentials of the Exchange Global Admin [string]$Credential, # Id of the Azure Active Directory application to authenticate with. [string]$ApplicationId, # Id of the Azure Active Directory tenant used for authentication. [string]$TenantId, # Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. [string]$CertificateThumbprint, # Username can be made up to anything but password will be used for CertificatePassword [string]$CertificatePassword, # Path to certificate used in service principal usually a PFX file. [string]$CertificatePath, # Managed ID being used for authentication. [bool]$ManagedIdentity ) Invoke-KriticalUtcmM365DscSchemaBridge -ResourceName 'EXOManagementRoleAssignment' -Workload 'Exchange' -Verb 'Get' -CallerParams $PSBoundParameters } |