exports/ProxyCmdletDefinitions.ps1
|
# ---------------------------------------------------------------------------------- # Code generated by Microsoft (R) AutoRest Code Generator (autorest: 3.9.4, generator: @autorest/powershell@3.0.498) # Changes may cause incorrect behavior and will be lost if the code is regenerated. # ---------------------------------------------------------------------------------- <# .Synopsis Start the process of applying hold on eDiscovery custodians. After the operation is created, you can get the status by retrieving the `Location` parameter from the response headers. The location provides a URL that will return an eDiscoveryHoldOperation object. .Description Start the process of applying hold on eDiscovery custodians. After the operation is created, you can get the status by retrieving the `Location` parameter from the response headers. The location provides a URL that will return an eDiscoveryHoldOperation object. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IPaths2560XySecurityCasesEdiscoverycasesEdiscoverycaseIdCustodiansMicrosoftGraphSecurityApplyholdPostRequestbodyContentApplicationJsonSchema .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IPaths2560XySecurityCasesEdiscoverycasesEdiscoverycaseIdCustodiansMicrosoftGraphSecurityApplyholdPostRequestbodyContentApplicationJsonSchema>: . [(Any) <Object>]: This indicates any property can be added to this object. [Ids <String[]>]: INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/add-mgsecuritycaseediscoverycasecustodianhold #> function Add-MgSecurityCaseEdiscoveryCaseCustodianHold { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='ApplyExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Apply', Mandatory)] [Parameter(ParameterSetName='Apply1', Mandatory)] [Parameter(ParameterSetName='ApplyExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Apply', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='ApplyViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='ApplyViaIdentity1', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='ApplyViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Apply1', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='ApplyViaIdentity1', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IPaths2560XySecurityCasesEdiscoverycasesEdiscoverycaseIdCustodiansMicrosoftGraphSecurityApplyholdPostRequestbodyContentApplicationJsonSchema] # . # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='ApplyExpanded')] [Parameter(ParameterSetName='ApplyViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='ApplyExpanded')] [Parameter(ParameterSetName='ApplyViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # . ${Ids}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Apply = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseCustodianHold_Apply'; Apply1 = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseCustodianHold_Apply1'; ApplyExpanded = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseCustodianHold_ApplyExpanded'; ApplyViaIdentity = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseCustodianHold_ApplyViaIdentity'; ApplyViaIdentity1 = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseCustodianHold_ApplyViaIdentity1'; ApplyViaIdentityExpanded = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseCustodianHold_ApplyViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Start the process of applying hold on eDiscovery non-custodial data sources. After the operation is created, you can get the status by retrieving the `Location` parameter from the response headers. The location provides a URL that will return an eDiscoveryHoldOperation object. .Description Start the process of applying hold on eDiscovery non-custodial data sources. After the operation is created, you can get the status by retrieving the `Location` parameter from the response headers. The location provides a URL that will return an eDiscoveryHoldOperation object. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IPathsUr2Sc1SecurityCasesEdiscoverycasesEdiscoverycaseIdNoncustodialdatasourcesMicrosoftGraphSecurityApplyholdPostRequestbodyContentApplicationJsonSchema .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IPathsUr2Sc1SecurityCasesEdiscoverycasesEdiscoverycaseIdNoncustodialdatasourcesMicrosoftGraphSecurityApplyholdPostRequestbodyContentApplicationJsonSchema>: . [(Any) <Object>]: This indicates any property can be added to this object. [Ids <String[]>]: INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/add-mgsecuritycaseediscoverycasenoncustodialdatasourcehold #> function Add-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='ApplyExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Apply', Mandatory)] [Parameter(ParameterSetName='Apply1', Mandatory)] [Parameter(ParameterSetName='ApplyExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Apply', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryNoncustodialDataSource ${EdiscoveryNoncustodialDataSourceId}, [Parameter(ParameterSetName='ApplyViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='ApplyViaIdentity1', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='ApplyViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Apply1', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='ApplyViaIdentity1', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IPathsUr2Sc1SecurityCasesEdiscoverycasesEdiscoverycaseIdNoncustodialdatasourcesMicrosoftGraphSecurityApplyholdPostRequestbodyContentApplicationJsonSchema] # . # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='ApplyExpanded')] [Parameter(ParameterSetName='ApplyViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='ApplyExpanded')] [Parameter(ParameterSetName='ApplyViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # . ${Ids}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Apply = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold_Apply'; Apply1 = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold_Apply1'; ApplyExpanded = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold_ApplyExpanded'; ApplyViaIdentity = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold_ApplyViaIdentity'; ApplyViaIdentity1 = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold_ApplyViaIdentity1'; ApplyViaIdentityExpanded = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold_ApplyViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Apply tags to files in an eDiscovery review set. For details, see Tag documents in a review set in eDiscovery. .Description Apply tags to files in an eDiscovery review set. For details, see Tag documents in a review set in eDiscovery. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IPathsA2Ja7OSecurityCasesEdiscoverycasesEdiscoverycaseIdReviewsetsEdiscoveryreviewsetIdQueriesEdiscoveryreviewsetqueryIdMicrosoftGraphSecurityApplytagsPostRequestbodyContentApplicationJsonSchema .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IPathsA2Ja7OSecurityCasesEdiscoverycasesEdiscoverycaseIdReviewsetsEdiscoveryreviewsetIdQueriesEdiscoveryreviewsetqueryIdMicrosoftGraphSecurityApplytagsPostRequestbodyContentApplicationJsonSchema>: . [(Any) <Object>]: This indicates any property can be added to this object. [TagsToAdd <IMicrosoftGraphSecurityEdiscoveryReviewTag[]>]: [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [Description <String>]: [DisplayName <String>]: [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [ChildSelectability <String>]: childSelectability [Parent <IMicrosoftGraphSecurityEdiscoveryReviewTag>]: ediscoveryReviewTag [TagsToRemove <IMicrosoftGraphSecurityEdiscoveryReviewTag[]>]: INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource TAGSTOADD <IMicrosoftGraphSecurityEdiscoveryReviewTag[]>: . [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [Description <String>]: [DisplayName <String>]: [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [ChildSelectability <String>]: childSelectability [Parent <IMicrosoftGraphSecurityEdiscoveryReviewTag>]: ediscoveryReviewTag TAGSTOREMOVE <IMicrosoftGraphSecurityEdiscoveryReviewTag[]>: . [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [Description <String>]: [DisplayName <String>]: [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [ChildSelectability <String>]: childSelectability [Parent <IMicrosoftGraphSecurityEdiscoveryReviewTag>]: ediscoveryReviewTag .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/add-mgsecuritycaseediscoverycasereviewsetquerytag #> function Add-MgSecurityCaseEdiscoveryCaseReviewSetQueryTag { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='ApplyExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Apply', Mandatory)] [Parameter(ParameterSetName='ApplyExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Apply', Mandatory)] [Parameter(ParameterSetName='ApplyExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewSet ${EdiscoveryReviewSetId}, [Parameter(ParameterSetName='Apply', Mandatory)] [Parameter(ParameterSetName='ApplyExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewSetQuery ${EdiscoveryReviewSetQueryId}, [Parameter(ParameterSetName='ApplyViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='ApplyViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Apply', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='ApplyViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IPathsA2Ja7OSecurityCasesEdiscoverycasesEdiscoverycaseIdReviewsetsEdiscoveryreviewsetIdQueriesEdiscoveryreviewsetqueryIdMicrosoftGraphSecurityApplytagsPostRequestbodyContentApplicationJsonSchema] # . # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='ApplyExpanded')] [Parameter(ParameterSetName='ApplyViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='ApplyExpanded')] [Parameter(ParameterSetName='ApplyViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag[]] # . # To construct, see NOTES section for TAGSTOADD properties and create a hash table. ${TagsToAdd}, [Parameter(ParameterSetName='ApplyExpanded')] [Parameter(ParameterSetName='ApplyViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag[]] # . # To construct, see NOTES section for TAGSTOREMOVE properties and create a hash table. ${TagsToRemove}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Apply = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseReviewSetQueryTag_Apply'; ApplyExpanded = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseReviewSetQueryTag_ApplyExpanded'; ApplyViaIdentity = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseReviewSetQueryTag_ApplyViaIdentity'; ApplyViaIdentityExpanded = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseReviewSetQueryTag_ApplyViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Start the process of adding a collection from Microsoft 365 services to a review set. After the operation is created, you can get the status of the operation by retrieving the `Location` parameter from the response headers. The location provides a URL that will return a Add to review set operation. .Description Start the process of adding a collection from Microsoft 365 services to a review set. After the operation is created, you can get the status of the operation by retrieving the `Location` parameter from the response headers. The location provides a URL that will return a Add to review set operation. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IPathsZszldxSecurityCasesEdiscoverycasesEdiscoverycaseIdReviewsetsEdiscoveryreviewsetIdMicrosoftGraphSecurityAddtoreviewsetPostRequestbodyContentApplicationJsonSchema .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IPathsZszldxSecurityCasesEdiscoverycasesEdiscoverycaseIdReviewsetsEdiscoveryreviewsetIdMicrosoftGraphSecurityAddtoreviewsetPostRequestbodyContentApplicationJsonSchema>: . [(Any) <Object>]: This indicates any property can be added to this object. [AdditionalDataOptions <String>]: additionalDataOptions [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [(Any) <Object>]: This indicates any property can be added to this object. [ContentQuery <String>]: [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: [Description <String>]: [DisplayName <String>]: [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [AddToReviewSetOperation <IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation>]: ediscoveryAddToReviewSetOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [ReviewSet <IMicrosoftGraphSecurityEdiscoveryReviewSet>]: ediscoveryReviewSet [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: [DisplayName <String>]: [Id <String>]: The unique idenfier for an entity. Read-only. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [DataSourceScopes <String>]: dataSourceScopes [LastEstimateStatisticsOperation <IMicrosoftGraphSecurityEdiscoveryEstimateOperation>]: ediscoveryEstimateOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [IndexedItemCount <Int64?>]: The estimated count of items for the search that matched the content query. [IndexedItemsSize <Int64?>]: The estimated size of items for the search that matched the content query. [MailboxCount <Int32?>]: The number of mailboxes that had search hits. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [SiteCount <Int32?>]: The number of mailboxes that had search hits. [UnindexedItemCount <Int64?>]: The estimated count of unindexed items for the collection. [UnindexedItemsSize <Int64?>]: The estimated size of unindexed items for the collection. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource SEARCH <IMicrosoftGraphSecurityEdiscoverySearch>: ediscoverySearch [(Any) <Object>]: This indicates any property can be added to this object. [ContentQuery <String>]: [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: [Description <String>]: [DisplayName <String>]: [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [AddToReviewSetOperation <IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation>]: ediscoveryAddToReviewSetOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [ReviewSet <IMicrosoftGraphSecurityEdiscoveryReviewSet>]: ediscoveryReviewSet [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: [DisplayName <String>]: [Id <String>]: The unique idenfier for an entity. Read-only. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [DataSourceScopes <String>]: dataSourceScopes [LastEstimateStatisticsOperation <IMicrosoftGraphSecurityEdiscoveryEstimateOperation>]: ediscoveryEstimateOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [IndexedItemCount <Int64?>]: The estimated count of items for the search that matched the content query. [IndexedItemsSize <Int64?>]: The estimated size of items for the search that matched the content query. [MailboxCount <Int32?>]: The number of mailboxes that had search hits. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [SiteCount <Int32?>]: The number of mailboxes that had search hits. [UnindexedItemCount <Int64?>]: The estimated count of unindexed items for the collection. [UnindexedItemsSize <Int64?>]: The estimated size of unindexed items for the collection. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/add-mgsecuritycaseediscoverycasereviewsettoreviewset #> function Add-MgSecurityCaseEdiscoveryCaseReviewSetToReviewSet { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='AddExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Add', Mandatory)] [Parameter(ParameterSetName='AddExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Add', Mandatory)] [Parameter(ParameterSetName='AddExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewSet ${EdiscoveryReviewSetId}, [Parameter(ParameterSetName='AddViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='AddViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Add', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='AddViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IPathsZszldxSecurityCasesEdiscoverycasesEdiscoverycaseIdReviewsetsEdiscoveryreviewsetIdMicrosoftGraphSecurityAddtoreviewsetPostRequestbodyContentApplicationJsonSchema] # . # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='AddExpanded')] [Parameter(ParameterSetName='AddViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # additionalDataOptions ${AdditionalDataOptions}, [Parameter(ParameterSetName='AddExpanded')] [Parameter(ParameterSetName='AddViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='AddExpanded')] [Parameter(ParameterSetName='AddViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoverySearch] # ediscoverySearch # To construct, see NOTES section for SEARCH properties and create a hash table. ${Search}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Add = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseReviewSetToReviewSet_Add'; AddExpanded = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseReviewSetToReviewSet_AddExpanded'; AddViaIdentity = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseReviewSetToReviewSet_AddViaIdentity'; AddViaIdentityExpanded = 'Microsoft.Graph.Security.private\Add-MgSecurityCaseEdiscoveryCaseReviewSetToReviewSet_AddViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Invoke action purgeData .Description Invoke action purgeData .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IPathsMs4I8WSecurityCasesEdiscoverycasesEdiscoverycaseIdSearchesEdiscoverysearchIdMicrosoftGraphSecurityPurgedataPostRequestbodyContentApplicationJsonSchema .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IPathsMs4I8WSecurityCasesEdiscoverycasesEdiscoverycaseIdSearchesEdiscoverysearchIdMicrosoftGraphSecurityPurgedataPostRequestbodyContentApplicationJsonSchema>: . [(Any) <Object>]: This indicates any property can be added to this object. [PurgeAreas <String>]: purgeAreas [PurgeType <String>]: purgeType INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/clear-mgsecuritycaseediscoverycasesearchdata #> function Clear-MgSecurityCaseEdiscoveryCaseSearchData { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='PurgeExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Purge', Mandatory)] [Parameter(ParameterSetName='PurgeExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Purge', Mandatory)] [Parameter(ParameterSetName='PurgeExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoverySearch ${EdiscoverySearchId}, [Parameter(ParameterSetName='PurgeViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='PurgeViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Purge', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='PurgeViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IPathsMs4I8WSecurityCasesEdiscoverycasesEdiscoverycaseIdSearchesEdiscoverysearchIdMicrosoftGraphSecurityPurgedataPostRequestbodyContentApplicationJsonSchema] # . # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='PurgeExpanded')] [Parameter(ParameterSetName='PurgeViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='PurgeExpanded')] [Parameter(ParameterSetName='PurgeViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # purgeAreas ${PurgeAreas}, [Parameter(ParameterSetName='PurgeExpanded')] [Parameter(ParameterSetName='PurgeViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # purgeType ${PurgeType}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Purge = 'Microsoft.Graph.Security.private\Clear-MgSecurityCaseEdiscoveryCaseSearchData_Purge'; PurgeExpanded = 'Microsoft.Graph.Security.private\Clear-MgSecurityCaseEdiscoveryCaseSearchData_PurgeExpanded'; PurgeViaIdentity = 'Microsoft.Graph.Security.private\Clear-MgSecurityCaseEdiscoveryCaseSearchData_PurgeViaIdentity'; PurgeViaIdentityExpanded = 'Microsoft.Graph.Security.private\Clear-MgSecurityCaseEdiscoveryCaseSearchData_PurgeViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Close an eDiscovery case. For details, see Close a case. .Description Close an eDiscovery case. For details, see Close a case. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/close-mgsecuritycasesediscoverycase #> function Close-MgSecurityCasesEdiscoveryCase { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Close', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Close', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='CloseViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Close = 'Microsoft.Graph.Security.private\Close-MgSecurityCasesEdiscoveryCase_Close'; CloseViaIdentity = 'Microsoft.Graph.Security.private\Close-MgSecurityCasesEdiscoveryCase_CloseViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Get alerts from security .Description Get alerts from security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlert .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecurityalert #> function Get-MgSecurityAlert { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlert])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of alert ${AlertId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityAlert_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityAlert_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityAlert_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis A collection of simulation automation runs. .Description A collection of simulation automation runs. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomationRun .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecurityattacksimulationautomationrun #> function Get-MgSecurityAttackSimulationAutomationRun { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomationRun])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of simulationAutomation ${SimulationAutomationId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of simulationAutomationRun ${SimulationAutomationRunId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityAttackSimulationAutomationRun_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityAttackSimulationAutomationRun_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityAttackSimulationAutomationRun_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Represents simulation automation created to run on a tenant. .Description Represents simulation automation created to run on a tenant. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecurityattacksimulationautomation #> function Get-MgSecurityAttackSimulationAutomation { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomation])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of simulationAutomation ${SimulationAutomationId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityAttackSimulationAutomation_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityAttackSimulationAutomation_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityAttackSimulationAutomation_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Get attackSimulation from security .Description Get attackSimulation from security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAttackSimulationRoot .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecurityattacksimulation #> function Get-MgSecurityAttackSimulation { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAttackSimulationRoot], [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulation])] [CmdletBinding(DefaultParameterSetName='Get', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get1', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of simulation ${SimulationId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityAttackSimulation_Get'; Get1 = 'Microsoft.Graph.Security.private\Get-MgSecurityAttackSimulation_Get1'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityAttackSimulation_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityAttackSimulation_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Get a list of the ediscoveryIndexOperations associated with an ediscoveryCustodian. .Description Get a list of the ediscoveryIndexOperations associated with an ediscoveryCustodian. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryIndexOperation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasecustodianlastindexoperation #> function Get-MgSecurityCaseEdiscoveryCaseCustodianLastIndexOperation { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryIndexOperation])] [CmdletBinding(DefaultParameterSetName='Get', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianLastIndexOperation_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianLastIndexOperation_GetViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis The SharePoint site associated with the siteSource. .Description The SharePoint site associated with the siteSource. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSite .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasecustodiansitesourcesite #> function Get-MgSecurityCaseEdiscoveryCaseCustodianSiteSourceSite { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSite])] [CmdletBinding(DefaultParameterSetName='Get', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of siteSource ${SiteSourceId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianSiteSourceSite_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianSiteSourceSite_GetViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Data source entity for SharePoint sites associated with the custodian. .Description Data source entity for SharePoint sites associated with the custodian. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecuritySiteSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasecustodiansitesource #> function Get-MgSecurityCaseEdiscoveryCaseCustodianSiteSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecuritySiteSource])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of siteSource ${SiteSourceId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianSiteSource_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianSiteSource_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianSiteSource_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Represents a group. .Description Represents a group. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphGroup .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasecustodianunifiedgroupsourcegroup #> function Get-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSourceGroup { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphGroup])] [CmdletBinding(DefaultParameterSetName='Get', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of unifiedGroupSource ${UnifiedGroupSourceId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSourceGroup_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSourceGroup_GetViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Data source entity for groups associated with the custodian. .Description Data source entity for groups associated with the custodian. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUnifiedGroupSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasecustodianunifiedgroupsource #> function Get-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUnifiedGroupSource])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of unifiedGroupSource ${UnifiedGroupSourceId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Data source entity for a the custodian. This is the container for a custodian's mailbox and OneDrive for Business site. .Description Data source entity for a the custodian. This is the container for a custodian's mailbox and OneDrive for Business site. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUserSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasecustodianusersource #> function Get-MgSecurityCaseEdiscoveryCaseCustodianUserSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUserSource])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of userSource ${UserSourceId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianUserSource_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianUserSource_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodianUserSource_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Returns a list of case ediscoveryCustodian objects for this case. .Description Returns a list of case ediscoveryCustodian objects for this case. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCustodian .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasecustodian #> function Get-MgSecurityCaseEdiscoveryCaseCustodian { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCustodian])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodian_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodian_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseCustodian_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Operation entity that represents the latest indexing for the non-custodial data source. .Description Operation entity that represents the latest indexing for the non-custodial data source. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryIndexOperation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasenoncustodialdatasourcelastindexoperation #> function Get-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceLastIndexOperation { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryIndexOperation])] [CmdletBinding(DefaultParameterSetName='Get', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryNoncustodialDataSource ${EdiscoveryNoncustodialDataSourceId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceLastIndexOperation_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceLastIndexOperation_GetViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Returns a list of case ediscoveryNoncustodialDataSource objects for this case. .Description Returns a list of case ediscoveryNoncustodialDataSource objects for this case. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasenoncustodialdatasource #> function Get-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryNoncustodialDataSource ${EdiscoveryNoncustodialDataSourceId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Returns a list of case caseOperation objects for this case. .Description Returns a list of case caseOperation objects for this case. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCaseOperation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycaseoperation #> function Get-MgSecurityCaseEdiscoveryCaseOperation { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCaseOperation])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of caseOperation ${CaseOperationId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseOperation_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseOperation_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseOperation_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Represents queries within the review set. .Description Represents queries within the review set. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSetQuery .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasereviewsetquery #> function Get-MgSecurityCaseEdiscoveryCaseReviewSetQuery { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSetQuery])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewSet ${EdiscoveryReviewSetId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewSetQuery ${EdiscoveryReviewSetQueryId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseReviewSetQuery_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseReviewSetQuery_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseReviewSetQuery_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Returns a list of eDiscoveryReviewSet objects in the case. .Description Returns a list of eDiscoveryReviewSet objects in the case. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSet .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasereviewset #> function Get-MgSecurityCaseEdiscoveryCaseReviewSet { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSet])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewSet ${EdiscoveryReviewSetId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseReviewSet_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseReviewSet_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseReviewSet_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Adds an additional source to the eDiscovery search. .Description Adds an additional source to the eDiscovery search. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasesearchadditionalsource #> function Get-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of dataSource ${DataSourceId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoverySearch ${EdiscoverySearchId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Adds the results of the eDiscovery search to the specified reviewSet. .Description Adds the results of the eDiscovery search to the specified reviewSet. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasesearchaddtoreviewsetoperation #> function Get-MgSecurityCaseEdiscoveryCaseSearchAddToReviewSetOperation { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation])] [CmdletBinding(DefaultParameterSetName='Get', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoverySearch ${EdiscoverySearchId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearchAddToReviewSetOperation_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearchAddToReviewSetOperation_GetViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Custodian sources that are included in the eDiscovery search. .Description Custodian sources that are included in the eDiscovery search. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasesearchcustodiansource #> function Get-MgSecurityCaseEdiscoveryCaseSearchCustodianSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of dataSource ${DataSourceId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoverySearch ${EdiscoverySearchId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearchCustodianSource_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearchCustodianSource_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearchCustodianSource_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Get the last ediscoveryEstimateOperation objects and their properties. .Description Get the last ediscoveryEstimateOperation objects and their properties. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryEstimateOperation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasesearchlastestimatestatisticsoperation #> function Get-MgSecurityCaseEdiscoveryCaseSearchLastEstimateStatisticsOperation { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryEstimateOperation])] [CmdletBinding(DefaultParameterSetName='Get', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoverySearch ${EdiscoverySearchId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearchLastEstimateStatisticsOperation_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearchLastEstimateStatisticsOperation_GetViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis noncustodialDataSource sources that are included in the eDiscovery search .Description noncustodialDataSource sources that are included in the eDiscovery search .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasesearchnoncustodialsource #> function Get-MgSecurityCaseEdiscoveryCaseSearchNoncustodialSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryNoncustodialDataSource ${EdiscoveryNoncustodialDataSourceId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoverySearch ${EdiscoverySearchId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearchNoncustodialSource_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearchNoncustodialSource_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearchNoncustodialSource_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Returns a list of eDiscoverySearch objects associated with this case. .Description Returns a list of eDiscoverySearch objects associated with this case. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoverySearch .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasesearch #> function Get-MgSecurityCaseEdiscoveryCaseSearch { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoverySearch])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoverySearch ${EdiscoverySearchId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearch_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearch_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSearch_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Read the properties and relationships of an ediscoveryCaseSettings object. .Description Read the properties and relationships of an ediscoveryCaseSettings object. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCaseSettings .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasesetting #> function Get-MgSecurityCaseEdiscoveryCaseSetting { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCaseSettings])] [CmdletBinding(DefaultParameterSetName='Get', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSetting_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseSetting_GetViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Returns the tags that are a child of a tag. .Description Returns the tags that are a child of a tag. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasetagchildtag #> function Get-MgSecurityCaseEdiscoveryCaseTagChildTag { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewTag ${EdiscoveryReviewTagId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewTag ${EdiscoveryReviewTagId1}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseTagChildTag_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseTagChildTag_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseTagChildTag_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Returns the parent tag of the specified tag. .Description Returns the parent tag of the specified tag. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasetagparent #> function Get-MgSecurityCaseEdiscoveryCaseTagParent { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag])] [CmdletBinding(DefaultParameterSetName='Get', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewTag ${EdiscoveryReviewTagId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseTagParent_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseTagParent_GetViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Returns a list of ediscoveryReviewTag objects associated to this case. .Description Returns a list of ediscoveryReviewTag objects associated to this case. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycasetag #> function Get-MgSecurityCaseEdiscoveryCaseTag { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewTag ${EdiscoveryReviewTagId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseTag_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseTag_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCaseTag_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Get ediscoveryCases from security .Description Get ediscoveryCases from security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCase .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycaseediscoverycase #> function Get-MgSecurityCaseEdiscoveryCase { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCase])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCase_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCase_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityCaseEdiscoveryCase_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Get cases from security .Description Get cases from security .Example {{ Add code here }} .Example {{ Add code here }} .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCasesRoot .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritycase #> function Get-MgSecurityCase { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCasesRoot])] [CmdletBinding(DefaultParameterSetName='Get', PositionalBinding=$false)] param( [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityCase_Get'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis The list of related alerts. Supports $expand. .Description The list of related alerts. Supports $expand. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityAlert .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecurityincidentalert #> function Get-MgSecurityIncidentAlert { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityAlert])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of alert ${AlertId}, [Parameter(ParameterSetName='Get', Mandatory)] [Parameter(ParameterSetName='List', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of incident ${IncidentId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityIncidentAlert_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityIncidentAlert_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityIncidentAlert_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis A collection of incidents in Microsoft 365 Defender, each of which is a set of correlated alerts and associated metadata that reflects the story of an attack. .Description A collection of incidents in Microsoft 365 Defender, each of which is a set of correlated alerts and associated metadata that reflects the story of an attack. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityIncident .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecurityincident #> function Get-MgSecurityIncident { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityIncident])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of incident ${IncidentId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecurityIncident_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecurityIncident_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecurityIncident_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Get secureScoreControlProfiles from security .Description Get secureScoreControlProfiles from security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScoreControlProfile .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritysecurescorecontrolprofile #> function Get-MgSecuritySecureScoreControlProfile { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScoreControlProfile])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of secureScoreControlProfile ${SecureScoreControlProfileId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecuritySecureScoreControlProfile_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecuritySecureScoreControlProfile_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecuritySecureScoreControlProfile_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Get secureScores from security .Description Get secureScores from security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScore .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/get-mgsecuritysecurescore #> function Get-MgSecuritySecureScore { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScore])] [CmdletBinding(DefaultParameterSetName='List', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Get', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of secureScore ${SecureScoreId}, [Parameter(ParameterSetName='GetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Alias('Expand')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Expand related entities ${ExpandProperty}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter(ParameterSetName='List')] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter(ParameterSetName='List')] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Int32] # Sets the page size of results. ${PageSize}, [Parameter(ParameterSetName='List')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # List all pages. ${All}, [Parameter(ParameterSetName='List')] [Alias('CV')] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.String] # Specifies a count of the total number of items in a collection. # By default, this variable will be set in the global scope. ${CountVariable} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Get = 'Microsoft.Graph.Security.private\Get-MgSecuritySecureScore_Get'; GetViaIdentity = 'Microsoft.Graph.Security.private\Get-MgSecuritySecureScore_GetViaIdentity'; List = 'Microsoft.Graph.Security.private\Get-MgSecuritySecureScore_List'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Activate a custodian that has been released from a case to make them part of the case again. For details, see Manage custodians in an eDiscovery (Premium) case. .Description Activate a custodian that has been released from a case to make them part of the case again. For details, see Manage custodians in an eDiscovery (Premium) case. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/initialize-mgsecuritycasesediscoverycasescustodian #> function Initialize-MgSecurityCasesEdiscoveryCasesCustodian { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Activate', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Activate', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Activate', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='ActivateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Activate = 'Microsoft.Graph.Security.private\Initialize-MgSecurityCasesEdiscoveryCasesCustodian_Activate'; ActivateViaIdentity = 'Microsoft.Graph.Security.private\Initialize-MgSecurityCasesEdiscoveryCasesCustodian_ActivateViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Invoke function asHierarchy .Description Invoke function asHierarchy .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/invoke-mgassecuritycaseediscoverycasetaghierarchy #> function Invoke-MgAsSecurityCaseEdiscoveryCaseTagHierarchy { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag])] [CmdletBinding(DefaultParameterSetName='As', PositionalBinding=$false)] param( [Parameter(ParameterSetName='As', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='AsViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Query')] [System.Management.Automation.SwitchParameter] # Include count of items ${Count}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Filter items by property values ${Filter}, [Parameter()] [Alias('Select')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Select properties to be returned ${Property}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String] # Search items by search phrases ${Search}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Skip the first n items ${Skip}, [Parameter()] [Alias('OrderBy')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Query')] [System.String[]] # Order items by property values ${Sort}, [Parameter()] [Alias('Limit')] [Microsoft.Graph.PowerShell.Category('Query')] [System.Int32] # Show only the first n items ${Top}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ As = 'Microsoft.Graph.Security.private\Invoke-MgAsSecurityCaseEdiscoveryCaseTagHierarchy_As'; AsViaIdentity = 'Microsoft.Graph.Security.private\Invoke-MgAsSecurityCaseEdiscoveryCaseTagHierarchy_AsViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Run an estimate of the number of emails and documents in the eDiscovery search. To learn more about searches in eDiscovery, see Collect data for a case in eDiscovery (Premium). .Description Run an estimate of the number of emails and documents in the eDiscovery search. To learn more about searches in eDiscovery, see Collect data for a case in eDiscovery (Premium). .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/invoke-mgestimatesecuritycaseediscoverycasesearchstatistics #> function Invoke-MgEstimateSecurityCaseEdiscoveryCaseSearchStatistics { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Estimate', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Estimate', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Estimate', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoverySearch ${EdiscoverySearchId}, [Parameter(ParameterSetName='EstimateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Estimate = 'Microsoft.Graph.Security.private\Invoke-MgEstimateSecurityCaseEdiscoveryCaseSearchStatistics_Estimate'; EstimateViaIdentity = 'Microsoft.Graph.Security.private\Invoke-MgEstimateSecurityCaseEdiscoveryCaseSearchStatistics_EstimateViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Reopen an eDiscovery case that was closed. For details, see Reopen a closed case. .Description Reopen an eDiscovery case that was closed. For details, see Reopen a closed case. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/invoke-mgreopensecuritycaseediscoverycase #> function Invoke-MgReopenSecurityCaseEdiscoveryCase { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Reopen', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Reopen', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='ReopenViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Reopen = 'Microsoft.Graph.Security.private\Invoke-MgReopenSecurityCaseEdiscoveryCase_Reopen'; ReopenViaIdentity = 'Microsoft.Graph.Security.private\Invoke-MgReopenSecurityCaseEdiscoveryCase_ReopenViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create new navigation property to alerts for security .Description Create new navigation property to alerts for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlert .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlert .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. ALERTDETECTIONS <IMicrosoftGraphAlertDetection[]>: . [DetectionType <String>]: [Method <String>]: [Name <String>]: BODYPARAMETER <IMicrosoftGraphAlert>: alert [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ActivityGroupName <String>]: Name or alias of the activity group (attacker) this alert is attributed to. [AlertDetections <IMicrosoftGraphAlertDetection[]>]: [DetectionType <String>]: [Method <String>]: [Name <String>]: [AssignedTo <String>]: Name of the analyst the alert is assigned to for triage, investigation, or remediation (supports update). [AzureSubscriptionId <String>]: Azure subscription ID, present if this alert is related to an Azure resource. [AzureTenantId <String>]: Azure Active Directory tenant ID. Required. [Category <String>]: Category of the alert (for example, credentialTheft, ransomware, etc.). [ClosedDateTime <DateTime?>]: Time at which the alert was closed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z (supports update). [CloudAppStates <IMicrosoftGraphCloudAppSecurityState[]>]: Security-related stateful information generated by the provider about the cloud application/s related to this alert. [DestinationServiceIP <String>]: Destination IP Address of the connection to the cloud application/service. [DestinationServiceName <String>]: Cloud application/service name (for example 'Salesforce', 'DropBox', etc.). [RiskScore <String>]: Provider-generated/calculated risk score of the Cloud Application/Service. Recommended value range of 0-1, which equates to a percentage. [Comments <String[]>]: Customer-provided comments on alert (for customer alert management) (supports update). [Confidence <Int32?>]: Confidence of the detection logic (percentage between 1-100). [CreatedDateTime <DateTime?>]: Time at which the alert was created by the alert provider. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Required. [Description <String>]: Alert description. [DetectionIds <String[]>]: Set of alerts related to this alert entity (each alert is pushed to the SIEM as a separate record). [EventDateTime <DateTime?>]: Time at which the event(s) that served as the trigger(s) to generate the alert occurred. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Required. [Feedback <String>]: alertFeedback [FileStates <IMicrosoftGraphFileSecurityState[]>]: Security-related stateful information generated by the provider about the file(s) related to this alert. [FileHash <IMicrosoftGraphFileHash>]: fileHash [(Any) <Object>]: This indicates any property can be added to this object. [HashType <String>]: fileHashType [HashValue <String>]: Value of the file hash. [Name <String>]: File name (without path). [Path <String>]: Full file path of the file/imageFile. [RiskScore <String>]: Provider generated/calculated risk score of the alert file. Recommended value range of 0-1, which equates to a percentage. [HistoryStates <IMicrosoftGraphAlertHistoryState[]>]: [AppId <String>]: [AssignedTo <String>]: [Comments <String[]>]: [Feedback <String>]: alertFeedback [Status <String>]: alertStatus [UpdatedDateTime <DateTime?>]: [User <String>]: [HostStates <IMicrosoftGraphHostSecurityState[]>]: Security-related stateful information generated by the provider about the host(s) related to this alert. [Fqdn <String>]: Host FQDN (Fully Qualified Domain Name) (for example, machine.company.com). [IsAzureAdJoined <Boolean?>]: [IsAzureAdRegistered <Boolean?>]: [IsHybridAzureDomainJoined <Boolean?>]: True if the host is domain joined to an on-premises Active Directory domain. [NetBiosName <String>]: The local host name, without the DNS domain name. [OS <String>]: Host Operating System. (For example, Windows10, MacOS, RHEL, etc.). [PrivateIPAddress <String>]: Private (not routable) IPv4 or IPv6 address (see RFC 1918) at the time of the alert. [PublicIPAddress <String>]: Publicly routable IPv4 or IPv6 address (see RFC 1918) at time of the alert. [RiskScore <String>]: Provider-generated/calculated risk score of the host. Recommended value range of 0-1, which equates to a percentage. [IncidentIds <String[]>]: IDs of incidents related to current alert. [InvestigationSecurityStates <IMicrosoftGraphInvestigationSecurityState[]>]: [Name <String>]: [Status <String>]: [LastEventDateTime <DateTime?>]: [LastModifiedDateTime <DateTime?>]: Time at which the alert entity was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [MalwareStates <IMicrosoftGraphMalwareState[]>]: Threat Intelligence pertaining to malware related to this alert. [Category <String>]: Provider-generated malware category (for example, trojan, ransomware, etc.). [Family <String>]: Provider-generated malware family (for example, 'wannacry', 'notpetya', etc.). [Name <String>]: Provider-generated malware variant name (for example, Trojan:Win32/Powessere.H). [Severity <String>]: Provider-determined severity of this malware. [WasRunning <Boolean?>]: Indicates whether the detected file (malware/vulnerability) was running at the time of detection or was detected at rest on the disk. [MessageSecurityStates <IMicrosoftGraphMessageSecurityState[]>]: [ConnectingIP <String>]: [DeliveryAction <String>]: [DeliveryLocation <String>]: [Directionality <String>]: [InternetMessageId <String>]: [MessageFingerprint <String>]: [MessageReceivedDateTime <DateTime?>]: [MessageSubject <String>]: [NetworkMessageId <String>]: [NetworkConnections <IMicrosoftGraphNetworkConnection[]>]: Security-related stateful information generated by the provider about the network connection(s) related to this alert. [ApplicationName <String>]: Name of the application managing the network connection (for example, Facebook or SMTP). [DestinationAddress <String>]: Destination IP address (of the network connection). [DestinationDomain <String>]: Destination domain portion of the destination URL. (for example 'www.contoso.com'). [DestinationLocation <String>]: Location (by IP address mapping) associated with the destination of a network connection. [DestinationPort <String>]: Destination port (of the network connection). [DestinationUrl <String>]: Network connection URL/URI string - excluding parameters. (for example 'www.contoso.com/products/default.html') [Direction <String>]: connectionDirection [DomainRegisteredDateTime <DateTime?>]: Date when the destination domain was registered. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z [LocalDnsName <String>]: The local DNS name resolution as it appears in the host's local DNS cache (for example, in case the 'hosts' file was tampered with). [NatDestinationAddress <String>]: Network Address Translation destination IP address. [NatDestinationPort <String>]: Network Address Translation destination port. [NatSourceAddress <String>]: Network Address Translation source IP address. [NatSourcePort <String>]: Network Address Translation source port. [Protocol <String>]: securityNetworkProtocol [RiskScore <String>]: Provider generated/calculated risk score of the network connection. Recommended value range of 0-1, which equates to a percentage. [SourceAddress <String>]: Source (i.e. origin) IP address (of the network connection). [SourceLocation <String>]: Location (by IP address mapping) associated with the source of a network connection. [SourcePort <String>]: Source (i.e. origin) IP port (of the network connection). [Status <String>]: connectionStatus [UrlParameters <String>]: Parameters (suffix) of the destination URL. [Processes <IMicrosoftGraphProcess[]>]: Security-related stateful information generated by the provider about the process or processes related to this alert. [AccountName <String>]: User account identifier (user account context the process ran under) for example, AccountName, SID, and so on. [CommandLine <String>]: The full process invocation commandline including all parameters. [CreatedDateTime <DateTime?>]: Time at which the process was started. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FileHash <IMicrosoftGraphFileHash>]: fileHash [IntegrityLevel <String>]: processIntegrityLevel [IsElevated <Boolean?>]: True if the process is elevated. [Name <String>]: The name of the process' Image file. [ParentProcessCreatedDateTime <DateTime?>]: DateTime at which the parent process was started. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentProcessId <Int32?>]: The Process ID (PID) of the parent process. [ParentProcessName <String>]: The name of the image file of the parent process. [Path <String>]: Full path, including filename. [ProcessId <Int32?>]: The Process ID (PID) of the process. [RecommendedActions <String[]>]: Vendor/provider recommended action(s) to take as a result of the alert (for example, isolate machine, enforce2FA, reimage host). [RegistryKeyStates <IMicrosoftGraphRegistryKeyState[]>]: Security-related stateful information generated by the provider about the registry keys related to this alert. [Hive <String>]: registryHive [Key <String>]: Current (i.e. changed) registry key (excludes HIVE). [OldKey <String>]: Previous (i.e. before changed) registry key (excludes HIVE). [OldValueData <String>]: Previous (i.e. before changed) registry key value data (contents). [OldValueName <String>]: Previous (i.e. before changed) registry key value name. [Operation <String>]: registryOperation [ProcessId <Int32?>]: Process ID (PID) of the process that modified the registry key (process details will appear in the alert 'processes' collection). [ValueData <String>]: Current (i.e. changed) registry key value data (contents). [ValueName <String>]: Current (i.e. changed) registry key value name [ValueType <String>]: registryValueType [SecurityResources <IMicrosoftGraphSecurityResource[]>]: Resources related to current alert. For example, for some alerts this can have the Azure Resource value. [Resource <String>]: Name of the resource that is related to current alert. Required. [ResourceType <String>]: securityResourceType [Severity <String>]: alertSeverity [SourceMaterials <String[]>]: Hyperlinks (URIs) to the source material related to the alert, for example, provider's user interface for alerts or log search, etc. [Status <String>]: alertStatus [Tags <String[]>]: User-definable labels that can be applied to an alert and can serve as filter conditions (for example 'HVA', 'SAW', etc.) (supports update). [Title <String>]: Alert title. Required. [Triggers <IMicrosoftGraphAlertTrigger[]>]: Security-related information about the specific properties that triggered the alert (properties appearing in the alert). Alerts might contain information about multiple users, hosts, files, ip addresses. This field indicates which properties triggered the alert generation. [Name <String>]: Name of the property serving as a detection trigger. [Type <String>]: Type of the property in the key:value pair for interpretation. For example, String, Boolean etc. [Value <String>]: Value of the property serving as a detection trigger. [UriClickSecurityStates <IMicrosoftGraphUriClickSecurityState[]>]: [ClickAction <String>]: [ClickDateTime <DateTime?>]: [Id <String>]: [SourceId <String>]: [UriDomain <String>]: [Verdict <String>]: [UserStates <IMicrosoftGraphUserSecurityState[]>]: Security-related stateful information generated by the provider about the user accounts related to this alert. [AadUserId <String>]: AAD User object identifier (GUID) - represents the physical/multi-account user entity. [AccountName <String>]: Account name of user account (without Active Directory domain or DNS domain) - (also called mailNickName). [DomainName <String>]: NetBIOS/Active Directory domain of user account (that is, domain/account format). [EmailRole <String>]: emailRole [IsVpn <Boolean?>]: Indicates whether the user logged on through a VPN. [LogonDateTime <DateTime?>]: Time at which the sign-in occurred. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LogonIP <String>]: IP Address the sign-in request originated from. [LogonId <String>]: User sign-in ID. [LogonLocation <String>]: Location (by IP address mapping) associated with a user sign-in event by this user. [LogonType <String>]: logonType [OnPremisesSecurityIdentifier <String>]: Active Directory (on-premises) Security Identifier (SID) of the user. [RiskScore <String>]: Provider-generated/calculated risk score of the user account. Recommended value range of 0-1, which equates to a percentage. [UserAccountType <String>]: userAccountSecurityType [UserPrincipalName <String>]: User sign-in name - internet format: (user account name)@(user account DNS domain name). [VendorInformation <IMicrosoftGraphSecurityVendorInformation>]: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required [VulnerabilityStates <IMicrosoftGraphVulnerabilityState[]>]: Threat intelligence pertaining to one or more vulnerabilities related to this alert. [Cve <String>]: Common Vulnerabilities and Exposures (CVE) for the vulnerability. [Severity <String>]: Base Common Vulnerability Scoring System (CVSS) severity score for this vulnerability. [WasRunning <Boolean?>]: Indicates whether the detected vulnerability (file) was running at the time of detection or was the file detected at rest on the disk. CLOUDAPPSTATES <IMicrosoftGraphCloudAppSecurityState[]>: Security-related stateful information generated by the provider about the cloud application/s related to this alert. [DestinationServiceIP <String>]: Destination IP Address of the connection to the cloud application/service. [DestinationServiceName <String>]: Cloud application/service name (for example 'Salesforce', 'DropBox', etc.). [RiskScore <String>]: Provider-generated/calculated risk score of the Cloud Application/Service. Recommended value range of 0-1, which equates to a percentage. FILESTATES <IMicrosoftGraphFileSecurityState[]>: Security-related stateful information generated by the provider about the file(s) related to this alert. [FileHash <IMicrosoftGraphFileHash>]: fileHash [(Any) <Object>]: This indicates any property can be added to this object. [HashType <String>]: fileHashType [HashValue <String>]: Value of the file hash. [Name <String>]: File name (without path). [Path <String>]: Full file path of the file/imageFile. [RiskScore <String>]: Provider generated/calculated risk score of the alert file. Recommended value range of 0-1, which equates to a percentage. HISTORYSTATES <IMicrosoftGraphAlertHistoryState[]>: . [AppId <String>]: [AssignedTo <String>]: [Comments <String[]>]: [Feedback <String>]: alertFeedback [Status <String>]: alertStatus [UpdatedDateTime <DateTime?>]: [User <String>]: HOSTSTATES <IMicrosoftGraphHostSecurityState[]>: Security-related stateful information generated by the provider about the host(s) related to this alert. [Fqdn <String>]: Host FQDN (Fully Qualified Domain Name) (for example, machine.company.com). [IsAzureAdJoined <Boolean?>]: [IsAzureAdRegistered <Boolean?>]: [IsHybridAzureDomainJoined <Boolean?>]: True if the host is domain joined to an on-premises Active Directory domain. [NetBiosName <String>]: The local host name, without the DNS domain name. [OS <String>]: Host Operating System. (For example, Windows10, MacOS, RHEL, etc.). [PrivateIPAddress <String>]: Private (not routable) IPv4 or IPv6 address (see RFC 1918) at the time of the alert. [PublicIPAddress <String>]: Publicly routable IPv4 or IPv6 address (see RFC 1918) at time of the alert. [RiskScore <String>]: Provider-generated/calculated risk score of the host. Recommended value range of 0-1, which equates to a percentage. INVESTIGATIONSECURITYSTATES <IMicrosoftGraphInvestigationSecurityState[]>: . [Name <String>]: [Status <String>]: MALWARESTATES <IMicrosoftGraphMalwareState[]>: Threat Intelligence pertaining to malware related to this alert. [Category <String>]: Provider-generated malware category (for example, trojan, ransomware, etc.). [Family <String>]: Provider-generated malware family (for example, 'wannacry', 'notpetya', etc.). [Name <String>]: Provider-generated malware variant name (for example, Trojan:Win32/Powessere.H). [Severity <String>]: Provider-determined severity of this malware. [WasRunning <Boolean?>]: Indicates whether the detected file (malware/vulnerability) was running at the time of detection or was detected at rest on the disk. MESSAGESECURITYSTATES <IMicrosoftGraphMessageSecurityState[]>: . [ConnectingIP <String>]: [DeliveryAction <String>]: [DeliveryLocation <String>]: [Directionality <String>]: [InternetMessageId <String>]: [MessageFingerprint <String>]: [MessageReceivedDateTime <DateTime?>]: [MessageSubject <String>]: [NetworkMessageId <String>]: NETWORKCONNECTIONS <IMicrosoftGraphNetworkConnection[]>: Security-related stateful information generated by the provider about the network connection(s) related to this alert. [ApplicationName <String>]: Name of the application managing the network connection (for example, Facebook or SMTP). [DestinationAddress <String>]: Destination IP address (of the network connection). [DestinationDomain <String>]: Destination domain portion of the destination URL. (for example 'www.contoso.com'). [DestinationLocation <String>]: Location (by IP address mapping) associated with the destination of a network connection. [DestinationPort <String>]: Destination port (of the network connection). [DestinationUrl <String>]: Network connection URL/URI string - excluding parameters. (for example 'www.contoso.com/products/default.html') [Direction <String>]: connectionDirection [DomainRegisteredDateTime <DateTime?>]: Date when the destination domain was registered. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z [LocalDnsName <String>]: The local DNS name resolution as it appears in the host's local DNS cache (for example, in case the 'hosts' file was tampered with). [NatDestinationAddress <String>]: Network Address Translation destination IP address. [NatDestinationPort <String>]: Network Address Translation destination port. [NatSourceAddress <String>]: Network Address Translation source IP address. [NatSourcePort <String>]: Network Address Translation source port. [Protocol <String>]: securityNetworkProtocol [RiskScore <String>]: Provider generated/calculated risk score of the network connection. Recommended value range of 0-1, which equates to a percentage. [SourceAddress <String>]: Source (i.e. origin) IP address (of the network connection). [SourceLocation <String>]: Location (by IP address mapping) associated with the source of a network connection. [SourcePort <String>]: Source (i.e. origin) IP port (of the network connection). [Status <String>]: connectionStatus [UrlParameters <String>]: Parameters (suffix) of the destination URL. PROCESSES <IMicrosoftGraphProcess[]>: Security-related stateful information generated by the provider about the process or processes related to this alert. [AccountName <String>]: User account identifier (user account context the process ran under) for example, AccountName, SID, and so on. [CommandLine <String>]: The full process invocation commandline including all parameters. [CreatedDateTime <DateTime?>]: Time at which the process was started. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FileHash <IMicrosoftGraphFileHash>]: fileHash [(Any) <Object>]: This indicates any property can be added to this object. [HashType <String>]: fileHashType [HashValue <String>]: Value of the file hash. [IntegrityLevel <String>]: processIntegrityLevel [IsElevated <Boolean?>]: True if the process is elevated. [Name <String>]: The name of the process' Image file. [ParentProcessCreatedDateTime <DateTime?>]: DateTime at which the parent process was started. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentProcessId <Int32?>]: The Process ID (PID) of the parent process. [ParentProcessName <String>]: The name of the image file of the parent process. [Path <String>]: Full path, including filename. [ProcessId <Int32?>]: The Process ID (PID) of the process. REGISTRYKEYSTATES <IMicrosoftGraphRegistryKeyState[]>: Security-related stateful information generated by the provider about the registry keys related to this alert. [Hive <String>]: registryHive [Key <String>]: Current (i.e. changed) registry key (excludes HIVE). [OldKey <String>]: Previous (i.e. before changed) registry key (excludes HIVE). [OldValueData <String>]: Previous (i.e. before changed) registry key value data (contents). [OldValueName <String>]: Previous (i.e. before changed) registry key value name. [Operation <String>]: registryOperation [ProcessId <Int32?>]: Process ID (PID) of the process that modified the registry key (process details will appear in the alert 'processes' collection). [ValueData <String>]: Current (i.e. changed) registry key value data (contents). [ValueName <String>]: Current (i.e. changed) registry key value name [ValueType <String>]: registryValueType SECURITYRESOURCES <IMicrosoftGraphSecurityResource[]>: Resources related to current alert. For example, for some alerts this can have the Azure Resource value. [Resource <String>]: Name of the resource that is related to current alert. Required. [ResourceType <String>]: securityResourceType TRIGGERS <IMicrosoftGraphAlertTrigger[]>: Security-related information about the specific properties that triggered the alert (properties appearing in the alert). Alerts might contain information about multiple users, hosts, files, ip addresses. This field indicates which properties triggered the alert generation. [Name <String>]: Name of the property serving as a detection trigger. [Type <String>]: Type of the property in the key:value pair for interpretation. For example, String, Boolean etc. [Value <String>]: Value of the property serving as a detection trigger. URICLICKSECURITYSTATES <IMicrosoftGraphUriClickSecurityState[]>: . [ClickAction <String>]: [ClickDateTime <DateTime?>]: [Id <String>]: [SourceId <String>]: [UriDomain <String>]: [Verdict <String>]: USERSTATES <IMicrosoftGraphUserSecurityState[]>: Security-related stateful information generated by the provider about the user accounts related to this alert. [AadUserId <String>]: AAD User object identifier (GUID) - represents the physical/multi-account user entity. [AccountName <String>]: Account name of user account (without Active Directory domain or DNS domain) - (also called mailNickName). [DomainName <String>]: NetBIOS/Active Directory domain of user account (that is, domain/account format). [EmailRole <String>]: emailRole [IsVpn <Boolean?>]: Indicates whether the user logged on through a VPN. [LogonDateTime <DateTime?>]: Time at which the sign-in occurred. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LogonIP <String>]: IP Address the sign-in request originated from. [LogonId <String>]: User sign-in ID. [LogonLocation <String>]: Location (by IP address mapping) associated with a user sign-in event by this user. [LogonType <String>]: logonType [OnPremisesSecurityIdentifier <String>]: Active Directory (on-premises) Security Identifier (SID) of the user. [RiskScore <String>]: Provider-generated/calculated risk score of the user account. Recommended value range of 0-1, which equates to a percentage. [UserAccountType <String>]: userAccountSecurityType [UserPrincipalName <String>]: User sign-in name - internet format: (user account name)@(user account DNS domain name). VENDORINFORMATION <IMicrosoftGraphSecurityVendorInformation>: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required VULNERABILITYSTATES <IMicrosoftGraphVulnerabilityState[]>: Threat intelligence pertaining to one or more vulnerabilities related to this alert. [Cve <String>]: Common Vulnerabilities and Exposures (CVE) for the vulnerability. [Severity <String>]: Base Common Vulnerability Scoring System (CVSS) severity score for this vulnerability. [WasRunning <Boolean?>]: Indicates whether the detected vulnerability (file) was running at the time of detection or was the file detected at rest on the disk. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecurityalert #> function New-MgSecurityAlert { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlert])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlert] # alert # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Name or alias of the activity group (attacker) this alert is attributed to. ${ActivityGroupName}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlertDetection[]] # . # To construct, see NOTES section for ALERTDETECTIONS properties and create a hash table. ${AlertDetections}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Name of the analyst the alert is assigned to for triage, investigation, or remediation (supports update). ${AssignedTo}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Azure subscription ID, present if this alert is related to an Azure resource. ${AzureSubscriptionId}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Azure Active Directory tenant ID. # Required. ${AzureTenantId}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Category of the alert (for example, credentialTheft, ransomware, etc.). ${Category}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time at which the alert was closed. # The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. # For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z (supports update). ${ClosedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphCloudAppSecurityState[]] # Security-related stateful information generated by the provider about the cloud application/s related to this alert. # To construct, see NOTES section for CLOUDAPPSTATES properties and create a hash table. ${CloudAppStates}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # Customer-provided comments on alert (for customer alert management) (supports update). ${Comments}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Int32] # Confidence of the detection logic (percentage between 1-100). ${Confidence}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time at which the alert was created by the alert provider. # The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. # For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. # Required. ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Alert description. ${Description}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # Set of alerts related to this alert entity (each alert is pushed to the SIEM as a separate record). ${DetectionIds}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time at which the event(s) that served as the trigger(s) to generate the alert occurred. # The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. # For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. # Required. ${EventDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # alertFeedback ${Feedback}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphFileSecurityState[]] # Security-related stateful information generated by the provider about the file(s) related to this alert. # To construct, see NOTES section for FILESTATES properties and create a hash table. ${FileStates}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlertHistoryState[]] # . # To construct, see NOTES section for HISTORYSTATES properties and create a hash table. ${HistoryStates}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphHostSecurityState[]] # Security-related stateful information generated by the provider about the host(s) related to this alert. # To construct, see NOTES section for HOSTSTATES properties and create a hash table. ${HostStates}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # IDs of incidents related to current alert. ${IncidentIds}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphInvestigationSecurityState[]] # . # To construct, see NOTES section for INVESTIGATIONSECURITYSTATES properties and create a hash table. ${InvestigationSecurityStates}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${LastEventDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time at which the alert entity was last modified. # The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. # For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. ${LastModifiedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphMalwareState[]] # Threat Intelligence pertaining to malware related to this alert. # To construct, see NOTES section for MALWARESTATES properties and create a hash table. ${MalwareStates}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphMessageSecurityState[]] # . # To construct, see NOTES section for MESSAGESECURITYSTATES properties and create a hash table. ${MessageSecurityStates}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphNetworkConnection[]] # Security-related stateful information generated by the provider about the network connection(s) related to this alert. # To construct, see NOTES section for NETWORKCONNECTIONS properties and create a hash table. ${NetworkConnections}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphProcess[]] # Security-related stateful information generated by the provider about the process or processes related to this alert. # To construct, see NOTES section for PROCESSES properties and create a hash table. ${Processes}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # Vendor/provider recommended action(s) to take as a result of the alert (for example, isolate machine, enforce2FA, reimage host). ${RecommendedActions}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphRegistryKeyState[]] # Security-related stateful information generated by the provider about the registry keys related to this alert. # To construct, see NOTES section for REGISTRYKEYSTATES properties and create a hash table. ${RegistryKeyStates}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityResource[]] # Resources related to current alert. # For example, for some alerts this can have the Azure Resource value. # To construct, see NOTES section for SECURITYRESOURCES properties and create a hash table. ${SecurityResources}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # alertSeverity ${Severity}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # Hyperlinks (URIs) to the source material related to the alert, for example, provider's user interface for alerts or log search, etc. ${SourceMaterials}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # alertStatus ${Status}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # User-definable labels that can be applied to an alert and can serve as filter conditions (for example 'HVA', 'SAW', etc.) (supports update). ${Tags}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Alert title. # Required. ${Title}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlertTrigger[]] # Security-related information about the specific properties that triggered the alert (properties appearing in the alert). # Alerts might contain information about multiple users, hosts, files, ip addresses. # This field indicates which properties triggered the alert generation. # To construct, see NOTES section for TRIGGERS properties and create a hash table. ${Triggers}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphUriClickSecurityState[]] # . # To construct, see NOTES section for URICLICKSECURITYSTATES properties and create a hash table. ${UriClickSecurityStates}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphUserSecurityState[]] # Security-related stateful information generated by the provider about the user accounts related to this alert. # To construct, see NOTES section for USERSTATES properties and create a hash table. ${UserStates}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityVendorInformation] # securityVendorInformation # To construct, see NOTES section for VENDORINFORMATION properties and create a hash table. ${VendorInformation}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphVulnerabilityState[]] # Threat intelligence pertaining to one or more vulnerabilities related to this alert. # To construct, see NOTES section for VULNERABILITYSTATES properties and create a hash table. ${VulnerabilityStates}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityAlert_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityAlert_CreateExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create new navigation property to runs for security .Description Create new navigation property to runs for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomationRun .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomationRun .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSimulationAutomationRun>: simulationAutomationRun [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [EndDateTime <DateTime?>]: Date and time when the run ends in an attack simulation automation. [SimulationId <String>]: Unique identifier for the attack simulation campaign initiated in the attack simulation automation run. [StartDateTime <DateTime?>]: Date and time when the run starts in an attack simulation automation. [Status <String>]: simulationAutomationRunStatus INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecurityattacksimulationautomationrun #> function New-MgSecurityAttackSimulationAutomationRun { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomationRun])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of simulationAutomation ${SimulationAutomationId}, [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomationRun] # simulationAutomationRun # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time when the run ends in an attack simulation automation. ${EndDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Unique identifier for the attack simulation campaign initiated in the attack simulation automation run. ${SimulationId}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time when the run starts in an attack simulation automation. ${StartDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # simulationAutomationRunStatus ${Status}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityAttackSimulationAutomationRun_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityAttackSimulationAutomationRun_CreateExpanded'; CreateViaIdentity = 'Microsoft.Graph.Security.private\New-MgSecurityAttackSimulationAutomationRun_CreateViaIdentity'; CreateViaIdentityExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityAttackSimulationAutomationRun_CreateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create new navigation property to simulationAutomations for security .Description Create new navigation property to simulationAutomations for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomation .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSimulationAutomation>: simulationAutomation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [CreatedBy <IMicrosoftGraphEmailIdentity>]: emailIdentity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Email <String>]: Email address of the user. [CreatedDateTime <DateTime?>]: Date and time when the attack simulation automation was created. [Description <String>]: Description of the attack simulation automation. [DisplayName <String>]: Display name of the attack simulation automation. Supports $filter and $orderby. [LastModifiedBy <IMicrosoftGraphEmailIdentity>]: emailIdentity [LastModifiedDateTime <DateTime?>]: Date and time when the attack simulation automation was most recently modified. [LastRunDateTime <DateTime?>]: Date and time of the latest run of the attack simulation automation. [NextRunDateTime <DateTime?>]: Date and time of the upcoming run of the attack simulation automation. [Status <String>]: simulationAutomationStatus CREATEDBY <IMicrosoftGraphEmailIdentity>: emailIdentity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Email <String>]: Email address of the user. LASTMODIFIEDBY <IMicrosoftGraphEmailIdentity>: emailIdentity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Email <String>]: Email address of the user. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecurityattacksimulationautomation #> function New-MgSecurityAttackSimulationAutomation { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomation])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomation] # simulationAutomation # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphEmailIdentity] # emailIdentity # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time when the attack simulation automation was created. ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Description of the attack simulation automation. ${Description}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Display name of the attack simulation automation. # Supports $filter and $orderby. ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphEmailIdentity] # emailIdentity # To construct, see NOTES section for LASTMODIFIEDBY properties and create a hash table. ${LastModifiedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time when the attack simulation automation was most recently modified. ${LastModifiedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time of the latest run of the attack simulation automation. ${LastRunDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time of the upcoming run of the attack simulation automation. ${NextRunDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # simulationAutomationStatus ${Status}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityAttackSimulationAutomation_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityAttackSimulationAutomation_CreateExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create new navigation property to simulations for security .Description Create new navigation property to simulations for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulation .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSimulation>: simulation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AttackTechnique <String>]: simulationAttackTechnique [AttackType <String>]: simulationAttackType [AutomationId <String>]: Unique identifier for the attack simulation automation. [CompletionDateTime <DateTime?>]: Date and time of completion of the attack simulation and training campaign. Supports $filter and $orderby. [CreatedBy <IMicrosoftGraphEmailIdentity>]: emailIdentity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Email <String>]: Email address of the user. [CreatedDateTime <DateTime?>]: Date and time of creation of the attack simulation and training campaign. [Description <String>]: Description of the attack simulation and training campaign. [DisplayName <String>]: Display name of the attack simulation and training campaign. Supports $filter and $orderby. [IsAutomated <Boolean?>]: Flag that represents if the attack simulation and training campaign was created from a simulation automation flow. Supports $filter and $orderby. [LastModifiedBy <IMicrosoftGraphEmailIdentity>]: emailIdentity [LastModifiedDateTime <DateTime?>]: Date and time of the most recent modification of the attack simulation and training campaign. [LaunchDateTime <DateTime?>]: Date and time of the launch/start of the attack simulation and training campaign. Supports $filter and $orderby. [PayloadDeliveryPlatform <String>]: payloadDeliveryPlatform [Report <IMicrosoftGraphSimulationReport>]: simulationReport [(Any) <Object>]: This indicates any property can be added to this object. [Overview <IMicrosoftGraphSimulationReportOverview>]: simulationReportOverview [(Any) <Object>]: This indicates any property can be added to this object. [RecommendedActions <IMicrosoftGraphRecommendedAction[]>]: List of recommended actions for a tenant to improve its security posture based on the attack simulation and training campaign attack type. [ActionWebUrl <String>]: Web URL to the recommended action. [PotentialScoreImpact <Double?>]: Potential improvement in the tenant security score from the recommended action. [Title <String>]: Title of the recommended action. [ResolvedTargetsCount <Int32?>]: Number of valid users in the attack simulation and training campaign. [SimulationEventsContent <IMicrosoftGraphSimulationEventsContent>]: simulationEventsContent [(Any) <Object>]: This indicates any property can be added to this object. [CompromisedRate <Double?>]: Actual percentage of users who fell for the simulated attack in an attack simulation and training campaign. [Events <IMicrosoftGraphSimulationEvent[]>]: List of simulation events in an attack simulation and training campaign. [Count <Int32?>]: Count of the simulation event occurrence in an attack simulation and training campaign. [EventName <String>]: Name of the simulation event in an attack simulation and training campaign. [TrainingEventsContent <IMicrosoftGraphTrainingEventsContent>]: trainingEventsContent [(Any) <Object>]: This indicates any property can be added to this object. [AssignedTrainingsInfos <IMicrosoftGraphAssignedTrainingInfo[]>]: List of assigned trainings and their information in an attack simulation and training campaign. [AssignedUserCount <Int32?>]: Number of users who were assigned the training in an attack simulation and training campaign. [CompletedUserCount <Int32?>]: Number of users who completed the training in an attack simulation and training campaign. [DisplayName <String>]: Display name of the training in an attack simulation and training campaign. [TrainingsAssignedUserCount <Int32?>]: Number of users who were assigned trainings in an attack simulation and training campaign. [SimulationUsers <IMicrosoftGraphUserSimulationDetails[]>]: The tenant users and their online actions in an attack simulation and training campaign. [AssignedTrainingsCount <Int32?>]: Number of trainings assigned to a user in an attack simulation and training campaign. [CompletedTrainingsCount <Int32?>]: Number of trainings completed by a user in an attack simulation and training campaign. [CompromisedDateTime <DateTime?>]: Date and time of the compromising online action by a user in an attack simulation and training campaign. [InProgressTrainingsCount <Int32?>]: Number of trainings in progress by a user in an attack simulation and training campaign. [IsCompromised <Boolean?>]: Indicates whether a user was compromised in an attack simulation and training campaign. [ReportedPhishDateTime <DateTime?>]: Date and time when a user reported the delivered payload as phishing in the attack simulation and training campaign. [SimulationEvents <IMicrosoftGraphUserSimulationEventInfo[]>]: List of simulation events of a user in the attack simulation and training campaign. [Browser <String>]: Browser information from where the simulation event was initiated by a user in an attack simulation and training campaign. [EventDateTime <DateTime?>]: Date and time of the simulation event by a user in an attack simulation and training campaign. [EventName <String>]: Name of the simulation event by a user in an attack simulation and training campaign. [IPAddress <String>]: IP address from where the simulation event was initiated by a user in an attack simulation and training campaign. [OSPlatformDeviceDetails <String>]: The operating system, platform, and device details from where the simulation event was initiated by a user in an attack simulation and training campaign. [SimulationUser <IMicrosoftGraphAttackSimulationUser>]: attackSimulationUser [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: Display name of the user. [Email <String>]: Email address of the user. [UserId <String>]: This is the id property value of the user resource that represents the user in the Azure Active Directory tenant. [TrainingEvents <IMicrosoftGraphUserTrainingEventInfo[]>]: List of training events of a user in the attack simulation and training campaign. [DisplayName <String>]: Display name of the training. [LatestTrainingStatus <String>]: trainingStatus [TrainingAssignedProperties <IMicrosoftGraphUserTrainingContentEventInfo>]: userTrainingContentEventInfo [(Any) <Object>]: This indicates any property can be added to this object. [Browser <String>]: Browser of the user from where the training event was generated. [ContentDateTime <DateTime?>]: Date and time of the training content playback by the user. [IPAddress <String>]: IP address of the user for the training event. [OSPlatformDeviceDetails <String>]: The operating system, platform, and device details of the user for the training event. [PotentialScoreImpact <Double?>]: Potential improvement in the tenant security posture after completion of the training by the user. [TrainingCompletedProperties <IMicrosoftGraphUserTrainingContentEventInfo>]: userTrainingContentEventInfo [TrainingUpdatedProperties <IMicrosoftGraphUserTrainingContentEventInfo>]: userTrainingContentEventInfo [Status <String>]: simulationStatus CREATEDBY <IMicrosoftGraphEmailIdentity>: emailIdentity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Email <String>]: Email address of the user. LASTMODIFIEDBY <IMicrosoftGraphEmailIdentity>: emailIdentity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Email <String>]: Email address of the user. REPORT <IMicrosoftGraphSimulationReport>: simulationReport [(Any) <Object>]: This indicates any property can be added to this object. [Overview <IMicrosoftGraphSimulationReportOverview>]: simulationReportOverview [(Any) <Object>]: This indicates any property can be added to this object. [RecommendedActions <IMicrosoftGraphRecommendedAction[]>]: List of recommended actions for a tenant to improve its security posture based on the attack simulation and training campaign attack type. [ActionWebUrl <String>]: Web URL to the recommended action. [PotentialScoreImpact <Double?>]: Potential improvement in the tenant security score from the recommended action. [Title <String>]: Title of the recommended action. [ResolvedTargetsCount <Int32?>]: Number of valid users in the attack simulation and training campaign. [SimulationEventsContent <IMicrosoftGraphSimulationEventsContent>]: simulationEventsContent [(Any) <Object>]: This indicates any property can be added to this object. [CompromisedRate <Double?>]: Actual percentage of users who fell for the simulated attack in an attack simulation and training campaign. [Events <IMicrosoftGraphSimulationEvent[]>]: List of simulation events in an attack simulation and training campaign. [Count <Int32?>]: Count of the simulation event occurrence in an attack simulation and training campaign. [EventName <String>]: Name of the simulation event in an attack simulation and training campaign. [TrainingEventsContent <IMicrosoftGraphTrainingEventsContent>]: trainingEventsContent [(Any) <Object>]: This indicates any property can be added to this object. [AssignedTrainingsInfos <IMicrosoftGraphAssignedTrainingInfo[]>]: List of assigned trainings and their information in an attack simulation and training campaign. [AssignedUserCount <Int32?>]: Number of users who were assigned the training in an attack simulation and training campaign. [CompletedUserCount <Int32?>]: Number of users who completed the training in an attack simulation and training campaign. [DisplayName <String>]: Display name of the training in an attack simulation and training campaign. [TrainingsAssignedUserCount <Int32?>]: Number of users who were assigned trainings in an attack simulation and training campaign. [SimulationUsers <IMicrosoftGraphUserSimulationDetails[]>]: The tenant users and their online actions in an attack simulation and training campaign. [AssignedTrainingsCount <Int32?>]: Number of trainings assigned to a user in an attack simulation and training campaign. [CompletedTrainingsCount <Int32?>]: Number of trainings completed by a user in an attack simulation and training campaign. [CompromisedDateTime <DateTime?>]: Date and time of the compromising online action by a user in an attack simulation and training campaign. [InProgressTrainingsCount <Int32?>]: Number of trainings in progress by a user in an attack simulation and training campaign. [IsCompromised <Boolean?>]: Indicates whether a user was compromised in an attack simulation and training campaign. [ReportedPhishDateTime <DateTime?>]: Date and time when a user reported the delivered payload as phishing in the attack simulation and training campaign. [SimulationEvents <IMicrosoftGraphUserSimulationEventInfo[]>]: List of simulation events of a user in the attack simulation and training campaign. [Browser <String>]: Browser information from where the simulation event was initiated by a user in an attack simulation and training campaign. [EventDateTime <DateTime?>]: Date and time of the simulation event by a user in an attack simulation and training campaign. [EventName <String>]: Name of the simulation event by a user in an attack simulation and training campaign. [IPAddress <String>]: IP address from where the simulation event was initiated by a user in an attack simulation and training campaign. [OSPlatformDeviceDetails <String>]: The operating system, platform, and device details from where the simulation event was initiated by a user in an attack simulation and training campaign. [SimulationUser <IMicrosoftGraphAttackSimulationUser>]: attackSimulationUser [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: Display name of the user. [Email <String>]: Email address of the user. [UserId <String>]: This is the id property value of the user resource that represents the user in the Azure Active Directory tenant. [TrainingEvents <IMicrosoftGraphUserTrainingEventInfo[]>]: List of training events of a user in the attack simulation and training campaign. [DisplayName <String>]: Display name of the training. [LatestTrainingStatus <String>]: trainingStatus [TrainingAssignedProperties <IMicrosoftGraphUserTrainingContentEventInfo>]: userTrainingContentEventInfo [(Any) <Object>]: This indicates any property can be added to this object. [Browser <String>]: Browser of the user from where the training event was generated. [ContentDateTime <DateTime?>]: Date and time of the training content playback by the user. [IPAddress <String>]: IP address of the user for the training event. [OSPlatformDeviceDetails <String>]: The operating system, platform, and device details of the user for the training event. [PotentialScoreImpact <Double?>]: Potential improvement in the tenant security posture after completion of the training by the user. [TrainingCompletedProperties <IMicrosoftGraphUserTrainingContentEventInfo>]: userTrainingContentEventInfo [TrainingUpdatedProperties <IMicrosoftGraphUserTrainingContentEventInfo>]: userTrainingContentEventInfo .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecurityattacksimulation #> function New-MgSecurityAttackSimulation { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulation])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulation] # simulation # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # simulationAttackTechnique ${AttackTechnique}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # simulationAttackType ${AttackType}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Unique identifier for the attack simulation automation. ${AutomationId}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time of completion of the attack simulation and training campaign. # Supports $filter and $orderby. ${CompletionDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphEmailIdentity] # emailIdentity # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time of creation of the attack simulation and training campaign. ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Description of the attack simulation and training campaign. ${Description}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Display name of the attack simulation and training campaign. # Supports $filter and $orderby. ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Management.Automation.SwitchParameter] # Flag that represents if the attack simulation and training campaign was created from a simulation automation flow. # Supports $filter and $orderby. ${IsAutomated}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphEmailIdentity] # emailIdentity # To construct, see NOTES section for LASTMODIFIEDBY properties and create a hash table. ${LastModifiedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time of the most recent modification of the attack simulation and training campaign. ${LastModifiedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time of the launch/start of the attack simulation and training campaign. # Supports $filter and $orderby. ${LaunchDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # payloadDeliveryPlatform ${PayloadDeliveryPlatform}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationReport] # simulationReport # To construct, see NOTES section for REPORT properties and create a hash table. ${Report}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # simulationStatus ${Status}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityAttackSimulation_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityAttackSimulation_CreateExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create a new siteSource object associated with an eDiscovery custodian. .Description Create a new siteSource object associated with an eDiscovery custodian. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecuritySiteSource .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecuritySiteSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecuritySiteSource>: siteSource [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the dataSource was created. [DisplayName <String>]: The display name of the dataSource. This will be the name of the SharePoint site. [HoldStatus <String>]: dataSourceHoldStatus [Id <String>]: The unique idenfier for an entity. Read-only. [Site <IMicrosoftGraphSite>]: site [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedByUser <IMicrosoftGraphUser>]: user [(Any) <Object>]: This indicates any property can be added to this object. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique idenfier for an entity. Read-only. [AboutMe <String>]: A freeform text entry field for the user to describe themselves. Returned only on $select. [AccountEnabled <Boolean?>]: true if the account is enabled; otherwise, false. This property is required when a user is created. Returned only on $select. Supports $filter (eq, ne, not, and in). [AgeGroup <String>]: Sets the age group of the user. Allowed values: null, Minor, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]: The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate directly-assigned and inherited licenses. Use the licenseAssignmentStates property to identify the directly-assigned and inherited licenses. Not nullable. Returned only on $select. Supports $filter (eq, not, /$count eq 0, /$count ne 0). [DisabledPlans <String[]>]: A collection of the unique identifiers for plans that have been disabled. [SkuId <String>]: The unique identifier for the SKU. [AssignedPlans <IMicrosoftGraphAssignedPlan[]>]: The plans that are assigned to the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq and not). [AssignedDateTime <DateTime?>]: The date and time at which the plan was assigned. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [CapabilityStatus <String>]: Condition of the capability assignment. The possible values are Enabled, Warning, Suspended, Deleted, LockedOut. See a detailed description of each value. [Service <String>]: The name of the service; for example, exchange. [ServicePlanId <String>]: A GUID that identifies the service plan. For a complete list of GUIDs and their equivalent friendly service names, see Product names and service plan identifiers for licensing. [Authentication <IMicrosoftGraphAuthentication>]: authentication [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AuthorizationInfo <IMicrosoftGraphAuthorizationInfo>]: authorizationInfo [(Any) <Object>]: This indicates any property can be added to this object. [CertificateUserIds <String[]>]: [Birthday <DateTime?>]: The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [BusinessPhones <String[]>]: The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property. Read-only for users synced from on-premises directory. Returned by default. Supports $filter (eq, not, ge, le, startsWith). [Calendar <IMicrosoftGraphCalendar>]: calendar [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AllowedOnlineMeetingProviders <String[]>]: Represent the online meeting service providers that can be used to create online meetings in this calendar. Possible values are: unknown, skypeForBusiness, skypeForConsumer, teamsForBusiness. [CanEdit <Boolean?>]: true if the user can write to the calendar, false otherwise. This property is true for the user who created the calendar. This property is also true for a user who has been shared a calendar and granted write access. [CanShare <Boolean?>]: true if the user has the permission to share the calendar, false otherwise. Only the user who created the calendar can share it. [CanViewPrivateItems <Boolean?>]: true if the user can read calendar items that have been marked private, false otherwise. [ChangeKey <String>]: Identifies the version of the calendar object. Every time the calendar is changed, changeKey changes as well. This allows Exchange to apply changes to the correct version of the object. Read-only. [Color <String>]: calendarColor [DefaultOnlineMeetingProvider <String>]: onlineMeetingProviderType [HexColor <String>]: The calendar color, expressed in a hex color code of three hexadecimal values, each ranging from 00 to FF and representing the red, green, or blue components of the color in the RGB color space. If the user has never explicitly set a color for the calendar, this property is empty. Read-only. [IsDefaultCalendar <Boolean?>]: true if this is the default calendar where new events are created by default, false otherwise. [IsRemovable <Boolean?>]: Indicates whether this user calendar can be deleted from the user mailbox. [IsTallyingResponses <Boolean?>]: Indicates whether this user calendar supports tracking of meeting responses. Only meeting invites sent from users' primary calendars support tracking of meeting responses. [Name <String>]: The calendar name. [Owner <IMicrosoftGraphEmailAddress>]: emailAddress [City <String>]: The city in which the user is located. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CompanyName <String>]: The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [ConsentProvidedForMinor <String>]: Sets whether consent has been obtained for minors. Allowed values: null, Granted, Denied and NotRequired. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [Country <String>]: The country/region in which the user is located; for example, US or UK. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CreatedDateTime <DateTime?>]: The date and time the user was created, in ISO 8601 format and in UTC time. The value cannot be modified and is automatically populated when the entity is created. Nullable. For on-premises users, the value represents when they were first created in Azure AD. Property is null for some users created before June 2018 and on-premises users that were synced to Azure AD before June 2018. Read-only. Read-only. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [CreationType <String>]: Indicates whether the user account was created through one of the following methods: As a regular school or work account (null). As an external account (Invitation). As a local account for an Azure Active Directory B2C tenant (LocalAccount). Through self-service sign-up by an internal user using email verification (EmailVerified). Through self-service sign-up by an external user signing up through a link that is part of a user flow (SelfServiceSignUp). Read-only.Returned only on $select. Supports $filter (eq, ne, not, in). [Department <String>]: The name for the department in which the user works. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, and eq on null values). [DeviceEnrollmentLimit <Int32?>]: The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000. [DisplayName <String>]: The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values), $orderBy, and $search. [Drive <IMicrosoftGraphDrive>]: drive [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedByUser <IMicrosoftGraphUser>]: user [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [(Any) <Object>]: This indicates any property can be added to this object. [DriveId <String>]: Unique identifier of the drive instance that contains the item. Read-only. [DriveType <String>]: Identifies the type of drive. See [drive][] resource for values. [Id <String>]: Unique identifier of the item in the drive. Read-only. [Name <String>]: The name of the item being referenced. Read-only. [Path <String>]: Path that can be used to navigate to the item. Read-only. [ShareId <String>]: A unique identifier for a shared resource that can be accessed via the [Shares][] API. [SharepointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [(Any) <Object>]: This indicates any property can be added to this object. [ListId <String>]: The unique identifier (guid) for the item's list in SharePoint. [ListItemId <String>]: An integer identifier for the item within the containing list. [ListItemUniqueId <String>]: The unique identifier (guid) for the item within OneDrive for Business or a SharePoint site. [SiteId <String>]: The unique identifier (guid) for the item's site collection (SPSite). [SiteUrl <String>]: The SharePoint URL for the site that contains the item. [TenantId <String>]: The unique identifier (guid) for the tenancy. [WebId <String>]: The unique identifier (guid) for the item's site (SPWeb). [SiteId <String>]: For OneDrive for Business and SharePoint, this property represents the ID of the site that contains the parent document library of the driveItem resource. The value is the same as the id property of that [site][] resource. It is an opaque string that consists of three identifiers of the site. For OneDrive, this property is not populated. [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [DriveType <String>]: Describes the type of drive represented by this resource. OneDrive personal drives will return personal. OneDrive for Business will return business. SharePoint document libraries will return documentLibrary. Read-only. [List <IMicrosoftGraphList>]: list [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedByUser <IMicrosoftGraphUser>]: user [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [DisplayName <String>]: The displayable title of the list. [Drive <IMicrosoftGraphDrive>]: drive [List <IMicrosoftGraphListInfo>]: listInfo [(Any) <Object>]: This indicates any property can be added to this object. [ContentTypesEnabled <Boolean?>]: If true, indicates that content types are enabled for this list. [Hidden <Boolean?>]: If true, indicates that the list is not normally visible in the SharePoint user experience. [Template <String>]: An enumerated value that represents the base list template used in creating the list. Possible values include documentLibrary, genericList, task, survey, announcements, contacts, and more. [SharepointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [System <IMicrosoftGraphSystemFacet>]: systemFacet [(Any) <Object>]: This indicates any property can be added to this object. [Owner <IMicrosoftGraphIdentitySet>]: identitySet [Quota <IMicrosoftGraphQuota>]: quota [(Any) <Object>]: This indicates any property can be added to this object. [Deleted <Int64?>]: Total space consumed by files in the recycle bin, in bytes. Read-only. [Remaining <Int64?>]: Total space remaining before reaching the quota limit, in bytes. Read-only. [State <String>]: Enumeration value that indicates the state of the storage space. Read-only. [StoragePlanInformation <IMicrosoftGraphStoragePlanInformation>]: storagePlanInformation [(Any) <Object>]: This indicates any property can be added to this object. [UpgradeAvailable <Boolean?>]: Indicates whether there are higher storage quota plans available. Read-only. [Total <Int64?>]: Total allowed storage space, in bytes. Read-only. [Used <Int64?>]: Total space used, in bytes. Read-only. [Root <IMicrosoftGraphDriveItem>]: driveItem [SharePointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [System <IMicrosoftGraphSystemFacet>]: systemFacet [EmployeeHireDate <DateTime?>]: The date and time when the user was hired or will start work in case of a future hire. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [EmployeeId <String>]: The employee identifier assigned to the user by the organization. The maximum length is 16 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [EmployeeOrgData <IMicrosoftGraphEmployeeOrgData>]: employeeOrgData [(Any) <Object>]: This indicates any property can be added to this object. [CostCenter <String>]: The cost center associated with the user. Returned only on $select. Supports $filter. [Division <String>]: The name of the division in which the user works. Returned only on $select. Supports $filter. [EmployeeType <String>]: Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith). [ExternalUserState <String>]: For an external user invited to the tenant using the invitation API, this property represents the invited user's invitation status. For invited users, the state can be PendingAcceptance or Accepted, or null for all other users. Returned only on $select. Supports $filter (eq, ne, not , in). [ExternalUserStateChangeDateTime <DateTime?>]: Shows the timestamp for the latest change to the externalUserState property. Returned only on $select. Supports $filter (eq, ne, not , in). [FaxNumber <String>]: The fax number of the user. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [GivenName <String>]: The given name (first name) of the user. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [HireDate <DateTime?>]: The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. Note: This property is specific to SharePoint Online. We recommend using the native employeeHireDate property to set and update hire date values using Microsoft Graph APIs. [Identities <IMicrosoftGraphObjectIdentity[]>]: Represents the identities that can be used to sign in to this user account. An identity can be provided by Microsoft (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and tied to a user account. May contain multiple items with the same signInType value. Returned only on $select. Supports $filter (eq) including on null values, only where the signInType is not userPrincipalName. [Issuer <String>]: Specifies the issuer of the identity, for example facebook.com.For local accounts (where signInType is not federated), this property is the local B2C tenant default domain name, for example contoso.onmicrosoft.com.For external users from other Azure AD organization, this will be the domain of the federated organization, for example contoso.com.Supports $filter. 512 character limit. [IssuerAssignedId <String>]: Specifies the unique identifier assigned to the user by the issuer. The combination of issuer and issuerAssignedId must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).When signInType is set to: emailAddress, (or a custom string that starts with emailAddress like emailAddress1) issuerAssignedId must be a valid email addressuserName, issuerAssignedId must begin with alphabetical character or number, and can only contain alphanumeric characters and the following symbols: - or Supports $filter. 64 character limit. [SignInType <String>]: Specifies the user sign-in types in your directory, such as emailAddress, userName, federated, or userPrincipalName. federated represents a unique identifier for a user from an issuer, that can be in any format chosen by the issuer. Setting or updating a userPrincipalName identity will update the value of the userPrincipalName property on the user object. The validations performed on the userPrincipalName property on the user object, for example, verified domains and acceptable characters, will be performed when setting or updating a userPrincipalName identity. Additional validation is enforced on issuerAssignedId when the sign-in type is set to emailAddress or userName. This property can also be set to any custom string. [ImAddresses <String[]>]: The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user. Read-only. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith). [InferenceClassification <IMicrosoftGraphInferenceClassification>]: inferenceClassification [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Insights <IMicrosoftGraphOfficeGraphInsights>]: officeGraphInsights [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Interests <String[]>]: A list for the user to describe their interests. Returned only on $select. [IsResourceAccount <Boolean?>]: Do not use – reserved for future use. [JobTitle <String>]: The user's job title. Maximum length is 128 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [LastPasswordChangeDateTime <DateTime?>]: The time when this Azure AD user last changed their password or when their password was created, whichever date the latest action was performed. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [LegalAgeGroupClassification <String>]: Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on ageGroup and consentProvidedForMinor properties. Allowed values: null, MinorWithOutParentalConsent, MinorWithParentalConsent, MinorNoParentalConsentRequired, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. [LicenseAssignmentStates <IMicrosoftGraphLicenseAssignmentState[]>]: State of license assignments for this user. Also indicates licenses that are directly-assigned and those that the user has inherited through group memberships. Read-only. Returned only on $select. [AssignedByGroup <String>]: [DisabledPlans <String[]>]: [Error <String>]: [LastUpdatedDateTime <DateTime?>]: [SkuId <String>]: [State <String>]: [Mail <String>]: The SMTP address for the user, for example, jeff@contoso.onmicrosoft.com. Changes to this property will also update the user's proxyAddresses collection to include the value as an SMTP address. This property cannot contain accent characters. NOTE: We do not recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith, and eq on null values). [MailNickname <String>]: The mail alias for the user. This property must be specified when a user is created. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MailboxSettings <IMicrosoftGraphMailboxSettings>]: mailboxSettings [(Any) <Object>]: This indicates any property can be added to this object. [ArchiveFolder <String>]: Folder ID of an archive folder for the user. [AutomaticRepliesSetting <IMicrosoftGraphAutomaticRepliesSetting>]: automaticRepliesSetting [(Any) <Object>]: This indicates any property can be added to this object. [ExternalAudience <String>]: externalAudienceScope [ExternalReplyMessage <String>]: The automatic reply to send to the specified external audience, if Status is AlwaysEnabled or Scheduled. [InternalReplyMessage <String>]: The automatic reply to send to the audience internal to the signed-in user's organization, if Status is AlwaysEnabled or Scheduled. [ScheduledEndDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [ScheduledStartDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [Status <String>]: automaticRepliesStatus [DateFormat <String>]: The date format for the user's mailbox. [DelegateMeetingMessageDeliveryOptions <String>]: delegateMeetingMessageDeliveryOptions [Language <IMicrosoftGraphLocaleInfo>]: localeInfo [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: A name representing the user's locale in natural language, for example, 'English (United States)'. [Locale <String>]: A locale representation for the user, which includes the user's preferred language and country/region. For example, 'en-us'. The language component follows 2-letter codes as defined in ISO 639-1, and the country component follows 2-letter codes as defined in ISO 3166-1 alpha-2. [TimeFormat <String>]: The time format for the user's mailbox. [TimeZone <String>]: The default time zone for the user's mailbox. [UserPurpose <String>]: userPurpose [WorkingHours <IMicrosoftGraphWorkingHours>]: workingHours [(Any) <Object>]: This indicates any property can be added to this object. [DaysOfWeek <String[]>]: The days of the week on which the user works. [EndTime <String>]: The time of the day that the user stops working. [StartTime <String>]: The time of the day that the user starts working. [TimeZone <IMicrosoftGraphTimeZoneBase>]: timeZoneBase [(Any) <Object>]: This indicates any property can be added to this object. [Name <String>]: The name of a time zone. It can be a standard time zone name such as 'Hawaii-Aleutian Standard Time', or 'Customized Time Zone' for a custom time zone. [Manager <IMicrosoftGraphDirectoryObject>]: directoryObject [MobilePhone <String>]: The primary cellular telephone number for the user. Read-only for users synced from on-premises directory. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MySite <String>]: The URL for the user's personal site. Returned only on $select. [OfficeLocation <String>]: The office location in the user's place of business. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [OnPremisesDistinguishedName <String>]: Contains the on-premises Active Directory distinguished name or DN. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesDomainName <String>]: Contains the on-premises domainFQDN, also called dnsDomainName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesExtensionAttributes <IMicrosoftGraphOnPremisesExtensionAttributes>]: onPremisesExtensionAttributes [(Any) <Object>]: This indicates any property can be added to this object. [ExtensionAttribute1 <String>]: First customizable extension attribute. [ExtensionAttribute10 <String>]: Tenth customizable extension attribute. [ExtensionAttribute11 <String>]: Eleventh customizable extension attribute. [ExtensionAttribute12 <String>]: Twelfth customizable extension attribute. [ExtensionAttribute13 <String>]: Thirteenth customizable extension attribute. [ExtensionAttribute14 <String>]: Fourteenth customizable extension attribute. [ExtensionAttribute15 <String>]: Fifteenth customizable extension attribute. [ExtensionAttribute2 <String>]: Second customizable extension attribute. [ExtensionAttribute3 <String>]: Third customizable extension attribute. [ExtensionAttribute4 <String>]: Fourth customizable extension attribute. [ExtensionAttribute5 <String>]: Fifth customizable extension attribute. [ExtensionAttribute6 <String>]: Sixth customizable extension attribute. [ExtensionAttribute7 <String>]: Seventh customizable extension attribute. [ExtensionAttribute8 <String>]: Eighth customizable extension attribute. [ExtensionAttribute9 <String>]: Ninth customizable extension attribute. [OnPremisesImmutableId <String>]: This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user's userPrincipalName (UPN) property. NOTE: The $ and _ characters cannot be used when specifying this property. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in).. [OnPremisesLastSyncDateTime <DateTime?>]: Indicates the last time at which the object was synced with the on-premises directory; for example: 2013-02-16T03:04:54Z. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in). [OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]: Errors when using Microsoft synchronization product during provisioning. Returned only on $select. Supports $filter (eq, not, ge, le). [OnPremisesSamAccountName <String>]: Contains the on-premises samAccountName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [OnPremisesSecurityIdentifier <String>]: Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud. Read-only. Returned only on $select. Supports $filter (eq including on null values). [OnPremisesSyncEnabled <Boolean?>]: true if this user object is currently being synced from an on-premises Active Directory (AD); otherwise the user isn't being synced and can be managed in Azure Active Directory (Azure AD). Read-only. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). [OnPremisesUserPrincipalName <String>]: Contains the on-premises userPrincipalName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [Onenote <IMicrosoftGraphOnenote>]: onenote [OtherMails <String[]>]: A list of additional email addresses for the user; for example: ['bob@contoso.com', 'Robert@fabrikam.com']. NOTE: This property cannot contain accent characters. Returned only on $select. Supports $filter (eq, not, ge, le, in, startsWith, endsWith, /$count eq 0, /$count ne 0). [Outlook <IMicrosoftGraphOutlookUser>]: outlookUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PasswordPolicies <String>]: Specifies password policies for the user. This value is an enumeration with one possible value being DisableStrongPassword, which allows weaker passwords than the default policy to be specified. DisablePasswordExpiration can also be specified. The two may be specified together; for example: DisablePasswordExpiration, DisableStrongPassword. Returned only on $select. For more information on the default password policies, see Azure AD pasword policies. Supports $filter (ne, not, and eq on null values). [PasswordProfile <IMicrosoftGraphPasswordProfile>]: passwordProfile [(Any) <Object>]: This indicates any property can be added to this object. [ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change her password on the next login; otherwise false. [ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multi-factor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multi-factor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false. [Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next login. The password must satisfy minimum requirements as specified by the user’s passwordPolicies property. By default, a strong password is required. [PastProjects <String[]>]: A list for the user to enumerate their past projects. Returned only on $select. [Photo <IMicrosoftGraphProfilePhoto>]: profilePhoto [Planner <IMicrosoftGraphPlannerUser>]: plannerUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PostalCode <String>]: The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. Maximum length is 40 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [PreferredDataLocation <String>]: The preferred data location for the user. For more information, see OneDrive Online Multi-Geo. [PreferredLanguage <String>]: The preferred language for the user. Should follow ISO 639-1 Code; for example en-US. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values) [PreferredName <String>]: The preferred name for the user. Not Supported. This attribute returns an empty string.Returned only on $select. [Presence <IMicrosoftGraphPresence>]: presence [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Activity <String>]: The supplemental information to a user's availability. Possible values are Available, Away, BeRightBack, Busy, DoNotDisturb, InACall, InAConferenceCall, Inactive, InAMeeting, Offline, OffWork, OutOfOffice, PresenceUnknown, Presenting, UrgentInterruptionsOnly. [Availability <String>]: The base presence information for a user. Possible values are Available, AvailableIdle, Away, BeRightBack, Busy, BusyIdle, DoNotDisturb, Offline, PresenceUnknown [ProvisionedPlans <IMicrosoftGraphProvisionedPlan[]>]: The plans that are provisioned for the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le). [CapabilityStatus <String>]: For example, 'Enabled'. [ProvisioningStatus <String>]: For example, 'Success'. [Service <String>]: The name of the service; for example, 'AccessControlS2S' [ProxyAddresses <String[]>]: For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. Changes to the mail property will also update this collection to include the value as an SMTP address. For more information, see mail and proxyAddresses properties. The proxy address prefixed with SMTP (capitalized) is the primary proxy address while those prefixed with smtp are the secondary proxy addresses. For Azure AD B2C accounts, this property has a limit of ten unique addresses. Read-only in Microsoft Graph; you can update this property only through the Microsoft 365 admin center. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith, endsWith, /$count eq 0, /$count ne 0). [Responsibilities <String[]>]: A list for the user to enumerate their responsibilities. Returned only on $select. [Schools <String[]>]: A list for the user to enumerate the schools they have attended. Returned only on $select. [SecurityIdentifier <String>]: Security identifier (SID) of the user, used in Windows scenarios. Read-only. Returned by default. Supports $select and $filter (eq, not, ge, le, startsWith). [Settings <IMicrosoftGraphUserSettings>]: userSettings [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ContributionToContentDiscoveryAsOrganizationDisabled <Boolean?>]: [ContributionToContentDiscoveryDisabled <Boolean?>]: [ShiftPreferences <IMicrosoftGraphShiftPreferences>]: shiftPreferences [(Any) <Object>]: This indicates any property can be added to this object. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [Id <String>]: The unique idenfier for an entity. Read-only. [Availability <IMicrosoftGraphShiftAvailability[]>]: Availability of the user to be scheduled for work and its recurrence pattern. [Recurrence <IMicrosoftGraphPatternedRecurrence>]: patternedRecurrence [TimeSlots <IMicrosoftGraphTimeRange[]>]: The time slot(s) preferred by the user. [EndTime <String>]: End time for the time range. [StartTime <String>]: Start time for the time range. [TimeZone <String>]: Specifies the time zone for the indicated time. [ShowInAddressList <Boolean?>]: Do not use in Microsoft Graph. Manage this property through the Microsoft 365 admin center instead. Represents whether the user should be included in the Outlook global address list. See Known issue. [SignInSessionsValidFromDateTime <DateTime?>]: Any refresh tokens or sessions tokens (session cookies) issued before this time are invalid, and applications will get an error when using an invalid refresh or sessions token to acquire a delegated access token (to access APIs such as Microsoft Graph). If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint. Read-only. Use revokeSignInSessions to reset. Returned only on $select. [Skills <String[]>]: A list for the user to enumerate their skills. Returned only on $select. [State <String>]: The state or province in the user's address. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [StreetAddress <String>]: The street address of the user's place of business. Maximum length is 1024 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Surname <String>]: The user's surname (family name or last name). Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Teamwork <IMicrosoftGraphUserTeamwork>]: userTeamwork [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Todo <IMicrosoftGraphTodo>]: todo [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [UsageLocation <String>]: A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: US, JP, and GB. Not nullable. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [UserPrincipalName <String>]: The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property cannot contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, ' . - _ ! # ^ ~. For the complete list of allowed characters, see username policies. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith) and $orderBy. [UserType <String>]: A string value that can be used to classify user types in your directory, such as Member and Guest. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). NOTE: For more information about the permissions for member and guest users, see What are the default user permissions in Azure Active Directory? [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [Analytics <IMicrosoftGraphItemAnalytics>]: itemAnalytics [DisplayName <String>]: The full title for the site. Read-only. [Drive <IMicrosoftGraphDrive>]: drive [Error <IMicrosoftGraphPublicError>]: publicError [Onenote <IMicrosoftGraphOnenote>]: onenote [Root <IMicrosoftGraphRoot>]: root [SharepointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [SiteCollection <IMicrosoftGraphSiteCollection>]: siteCollection [(Any) <Object>]: This indicates any property can be added to this object. [DataLocationCode <String>]: The geographic region code for where this site collection resides. Read-only. [Hostname <String>]: The hostname for the site collection. Read-only. [Root <IMicrosoftGraphRoot>]: root [TermStore <IMicrosoftGraphTermStore>]: store [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [DefaultLanguageTag <String>]: Default language of the term store. [LanguageTags <String[]>]: List of languages for the term store. CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource SITE <IMicrosoftGraphSite>: site [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedByUser <IMicrosoftGraphUser>]: user [(Any) <Object>]: This indicates any property can be added to this object. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique idenfier for an entity. Read-only. [AboutMe <String>]: A freeform text entry field for the user to describe themselves. Returned only on $select. [AccountEnabled <Boolean?>]: true if the account is enabled; otherwise, false. This property is required when a user is created. Returned only on $select. Supports $filter (eq, ne, not, and in). [AgeGroup <String>]: Sets the age group of the user. Allowed values: null, Minor, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]: The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate directly-assigned and inherited licenses. Use the licenseAssignmentStates property to identify the directly-assigned and inherited licenses. Not nullable. Returned only on $select. Supports $filter (eq, not, /$count eq 0, /$count ne 0). [DisabledPlans <String[]>]: A collection of the unique identifiers for plans that have been disabled. [SkuId <String>]: The unique identifier for the SKU. [AssignedPlans <IMicrosoftGraphAssignedPlan[]>]: The plans that are assigned to the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq and not). [AssignedDateTime <DateTime?>]: The date and time at which the plan was assigned. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [CapabilityStatus <String>]: Condition of the capability assignment. The possible values are Enabled, Warning, Suspended, Deleted, LockedOut. See a detailed description of each value. [Service <String>]: The name of the service; for example, exchange. [ServicePlanId <String>]: A GUID that identifies the service plan. For a complete list of GUIDs and their equivalent friendly service names, see Product names and service plan identifiers for licensing. [Authentication <IMicrosoftGraphAuthentication>]: authentication [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AuthorizationInfo <IMicrosoftGraphAuthorizationInfo>]: authorizationInfo [(Any) <Object>]: This indicates any property can be added to this object. [CertificateUserIds <String[]>]: [Birthday <DateTime?>]: The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [BusinessPhones <String[]>]: The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property. Read-only for users synced from on-premises directory. Returned by default. Supports $filter (eq, not, ge, le, startsWith). [Calendar <IMicrosoftGraphCalendar>]: calendar [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AllowedOnlineMeetingProviders <String[]>]: Represent the online meeting service providers that can be used to create online meetings in this calendar. Possible values are: unknown, skypeForBusiness, skypeForConsumer, teamsForBusiness. [CanEdit <Boolean?>]: true if the user can write to the calendar, false otherwise. This property is true for the user who created the calendar. This property is also true for a user who has been shared a calendar and granted write access. [CanShare <Boolean?>]: true if the user has the permission to share the calendar, false otherwise. Only the user who created the calendar can share it. [CanViewPrivateItems <Boolean?>]: true if the user can read calendar items that have been marked private, false otherwise. [ChangeKey <String>]: Identifies the version of the calendar object. Every time the calendar is changed, changeKey changes as well. This allows Exchange to apply changes to the correct version of the object. Read-only. [Color <String>]: calendarColor [DefaultOnlineMeetingProvider <String>]: onlineMeetingProviderType [HexColor <String>]: The calendar color, expressed in a hex color code of three hexadecimal values, each ranging from 00 to FF and representing the red, green, or blue components of the color in the RGB color space. If the user has never explicitly set a color for the calendar, this property is empty. Read-only. [IsDefaultCalendar <Boolean?>]: true if this is the default calendar where new events are created by default, false otherwise. [IsRemovable <Boolean?>]: Indicates whether this user calendar can be deleted from the user mailbox. [IsTallyingResponses <Boolean?>]: Indicates whether this user calendar supports tracking of meeting responses. Only meeting invites sent from users' primary calendars support tracking of meeting responses. [Name <String>]: The calendar name. [Owner <IMicrosoftGraphEmailAddress>]: emailAddress [City <String>]: The city in which the user is located. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CompanyName <String>]: The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [ConsentProvidedForMinor <String>]: Sets whether consent has been obtained for minors. Allowed values: null, Granted, Denied and NotRequired. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [Country <String>]: The country/region in which the user is located; for example, US or UK. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CreatedDateTime <DateTime?>]: The date and time the user was created, in ISO 8601 format and in UTC time. The value cannot be modified and is automatically populated when the entity is created. Nullable. For on-premises users, the value represents when they were first created in Azure AD. Property is null for some users created before June 2018 and on-premises users that were synced to Azure AD before June 2018. Read-only. Read-only. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [CreationType <String>]: Indicates whether the user account was created through one of the following methods: As a regular school or work account (null). As an external account (Invitation). As a local account for an Azure Active Directory B2C tenant (LocalAccount). Through self-service sign-up by an internal user using email verification (EmailVerified). Through self-service sign-up by an external user signing up through a link that is part of a user flow (SelfServiceSignUp). Read-only.Returned only on $select. Supports $filter (eq, ne, not, in). [Department <String>]: The name for the department in which the user works. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, and eq on null values). [DeviceEnrollmentLimit <Int32?>]: The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000. [DisplayName <String>]: The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values), $orderBy, and $search. [Drive <IMicrosoftGraphDrive>]: drive [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedByUser <IMicrosoftGraphUser>]: user [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [(Any) <Object>]: This indicates any property can be added to this object. [DriveId <String>]: Unique identifier of the drive instance that contains the item. Read-only. [DriveType <String>]: Identifies the type of drive. See [drive][] resource for values. [Id <String>]: Unique identifier of the item in the drive. Read-only. [Name <String>]: The name of the item being referenced. Read-only. [Path <String>]: Path that can be used to navigate to the item. Read-only. [ShareId <String>]: A unique identifier for a shared resource that can be accessed via the [Shares][] API. [SharepointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [(Any) <Object>]: This indicates any property can be added to this object. [ListId <String>]: The unique identifier (guid) for the item's list in SharePoint. [ListItemId <String>]: An integer identifier for the item within the containing list. [ListItemUniqueId <String>]: The unique identifier (guid) for the item within OneDrive for Business or a SharePoint site. [SiteId <String>]: The unique identifier (guid) for the item's site collection (SPSite). [SiteUrl <String>]: The SharePoint URL for the site that contains the item. [TenantId <String>]: The unique identifier (guid) for the tenancy. [WebId <String>]: The unique identifier (guid) for the item's site (SPWeb). [SiteId <String>]: For OneDrive for Business and SharePoint, this property represents the ID of the site that contains the parent document library of the driveItem resource. The value is the same as the id property of that [site][] resource. It is an opaque string that consists of three identifiers of the site. For OneDrive, this property is not populated. [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [DriveType <String>]: Describes the type of drive represented by this resource. OneDrive personal drives will return personal. OneDrive for Business will return business. SharePoint document libraries will return documentLibrary. Read-only. [List <IMicrosoftGraphList>]: list [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedByUser <IMicrosoftGraphUser>]: user [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [DisplayName <String>]: The displayable title of the list. [Drive <IMicrosoftGraphDrive>]: drive [List <IMicrosoftGraphListInfo>]: listInfo [(Any) <Object>]: This indicates any property can be added to this object. [ContentTypesEnabled <Boolean?>]: If true, indicates that content types are enabled for this list. [Hidden <Boolean?>]: If true, indicates that the list is not normally visible in the SharePoint user experience. [Template <String>]: An enumerated value that represents the base list template used in creating the list. Possible values include documentLibrary, genericList, task, survey, announcements, contacts, and more. [SharepointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [System <IMicrosoftGraphSystemFacet>]: systemFacet [(Any) <Object>]: This indicates any property can be added to this object. [Owner <IMicrosoftGraphIdentitySet>]: identitySet [Quota <IMicrosoftGraphQuota>]: quota [(Any) <Object>]: This indicates any property can be added to this object. [Deleted <Int64?>]: Total space consumed by files in the recycle bin, in bytes. Read-only. [Remaining <Int64?>]: Total space remaining before reaching the quota limit, in bytes. Read-only. [State <String>]: Enumeration value that indicates the state of the storage space. Read-only. [StoragePlanInformation <IMicrosoftGraphStoragePlanInformation>]: storagePlanInformation [(Any) <Object>]: This indicates any property can be added to this object. [UpgradeAvailable <Boolean?>]: Indicates whether there are higher storage quota plans available. Read-only. [Total <Int64?>]: Total allowed storage space, in bytes. Read-only. [Used <Int64?>]: Total space used, in bytes. Read-only. [Root <IMicrosoftGraphDriveItem>]: driveItem [SharePointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [System <IMicrosoftGraphSystemFacet>]: systemFacet [EmployeeHireDate <DateTime?>]: The date and time when the user was hired or will start work in case of a future hire. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [EmployeeId <String>]: The employee identifier assigned to the user by the organization. The maximum length is 16 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [EmployeeOrgData <IMicrosoftGraphEmployeeOrgData>]: employeeOrgData [(Any) <Object>]: This indicates any property can be added to this object. [CostCenter <String>]: The cost center associated with the user. Returned only on $select. Supports $filter. [Division <String>]: The name of the division in which the user works. Returned only on $select. Supports $filter. [EmployeeType <String>]: Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith). [ExternalUserState <String>]: For an external user invited to the tenant using the invitation API, this property represents the invited user's invitation status. For invited users, the state can be PendingAcceptance or Accepted, or null for all other users. Returned only on $select. Supports $filter (eq, ne, not , in). [ExternalUserStateChangeDateTime <DateTime?>]: Shows the timestamp for the latest change to the externalUserState property. Returned only on $select. Supports $filter (eq, ne, not , in). [FaxNumber <String>]: The fax number of the user. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [GivenName <String>]: The given name (first name) of the user. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [HireDate <DateTime?>]: The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. Note: This property is specific to SharePoint Online. We recommend using the native employeeHireDate property to set and update hire date values using Microsoft Graph APIs. [Identities <IMicrosoftGraphObjectIdentity[]>]: Represents the identities that can be used to sign in to this user account. An identity can be provided by Microsoft (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and tied to a user account. May contain multiple items with the same signInType value. Returned only on $select. Supports $filter (eq) including on null values, only where the signInType is not userPrincipalName. [Issuer <String>]: Specifies the issuer of the identity, for example facebook.com.For local accounts (where signInType is not federated), this property is the local B2C tenant default domain name, for example contoso.onmicrosoft.com.For external users from other Azure AD organization, this will be the domain of the federated organization, for example contoso.com.Supports $filter. 512 character limit. [IssuerAssignedId <String>]: Specifies the unique identifier assigned to the user by the issuer. The combination of issuer and issuerAssignedId must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).When signInType is set to: emailAddress, (or a custom string that starts with emailAddress like emailAddress1) issuerAssignedId must be a valid email addressuserName, issuerAssignedId must begin with alphabetical character or number, and can only contain alphanumeric characters and the following symbols: - or Supports $filter. 64 character limit. [SignInType <String>]: Specifies the user sign-in types in your directory, such as emailAddress, userName, federated, or userPrincipalName. federated represents a unique identifier for a user from an issuer, that can be in any format chosen by the issuer. Setting or updating a userPrincipalName identity will update the value of the userPrincipalName property on the user object. The validations performed on the userPrincipalName property on the user object, for example, verified domains and acceptable characters, will be performed when setting or updating a userPrincipalName identity. Additional validation is enforced on issuerAssignedId when the sign-in type is set to emailAddress or userName. This property can also be set to any custom string. [ImAddresses <String[]>]: The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user. Read-only. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith). [InferenceClassification <IMicrosoftGraphInferenceClassification>]: inferenceClassification [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Insights <IMicrosoftGraphOfficeGraphInsights>]: officeGraphInsights [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Interests <String[]>]: A list for the user to describe their interests. Returned only on $select. [IsResourceAccount <Boolean?>]: Do not use – reserved for future use. [JobTitle <String>]: The user's job title. Maximum length is 128 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [LastPasswordChangeDateTime <DateTime?>]: The time when this Azure AD user last changed their password or when their password was created, whichever date the latest action was performed. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [LegalAgeGroupClassification <String>]: Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on ageGroup and consentProvidedForMinor properties. Allowed values: null, MinorWithOutParentalConsent, MinorWithParentalConsent, MinorNoParentalConsentRequired, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. [LicenseAssignmentStates <IMicrosoftGraphLicenseAssignmentState[]>]: State of license assignments for this user. Also indicates licenses that are directly-assigned and those that the user has inherited through group memberships. Read-only. Returned only on $select. [AssignedByGroup <String>]: [DisabledPlans <String[]>]: [Error <String>]: [LastUpdatedDateTime <DateTime?>]: [SkuId <String>]: [State <String>]: [Mail <String>]: The SMTP address for the user, for example, jeff@contoso.onmicrosoft.com. Changes to this property will also update the user's proxyAddresses collection to include the value as an SMTP address. This property cannot contain accent characters. NOTE: We do not recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith, and eq on null values). [MailNickname <String>]: The mail alias for the user. This property must be specified when a user is created. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MailboxSettings <IMicrosoftGraphMailboxSettings>]: mailboxSettings [(Any) <Object>]: This indicates any property can be added to this object. [ArchiveFolder <String>]: Folder ID of an archive folder for the user. [AutomaticRepliesSetting <IMicrosoftGraphAutomaticRepliesSetting>]: automaticRepliesSetting [(Any) <Object>]: This indicates any property can be added to this object. [ExternalAudience <String>]: externalAudienceScope [ExternalReplyMessage <String>]: The automatic reply to send to the specified external audience, if Status is AlwaysEnabled or Scheduled. [InternalReplyMessage <String>]: The automatic reply to send to the audience internal to the signed-in user's organization, if Status is AlwaysEnabled or Scheduled. [ScheduledEndDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [ScheduledStartDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [Status <String>]: automaticRepliesStatus [DateFormat <String>]: The date format for the user's mailbox. [DelegateMeetingMessageDeliveryOptions <String>]: delegateMeetingMessageDeliveryOptions [Language <IMicrosoftGraphLocaleInfo>]: localeInfo [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: A name representing the user's locale in natural language, for example, 'English (United States)'. [Locale <String>]: A locale representation for the user, which includes the user's preferred language and country/region. For example, 'en-us'. The language component follows 2-letter codes as defined in ISO 639-1, and the country component follows 2-letter codes as defined in ISO 3166-1 alpha-2. [TimeFormat <String>]: The time format for the user's mailbox. [TimeZone <String>]: The default time zone for the user's mailbox. [UserPurpose <String>]: userPurpose [WorkingHours <IMicrosoftGraphWorkingHours>]: workingHours [(Any) <Object>]: This indicates any property can be added to this object. [DaysOfWeek <String[]>]: The days of the week on which the user works. [EndTime <String>]: The time of the day that the user stops working. [StartTime <String>]: The time of the day that the user starts working. [TimeZone <IMicrosoftGraphTimeZoneBase>]: timeZoneBase [(Any) <Object>]: This indicates any property can be added to this object. [Name <String>]: The name of a time zone. It can be a standard time zone name such as 'Hawaii-Aleutian Standard Time', or 'Customized Time Zone' for a custom time zone. [Manager <IMicrosoftGraphDirectoryObject>]: directoryObject [MobilePhone <String>]: The primary cellular telephone number for the user. Read-only for users synced from on-premises directory. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MySite <String>]: The URL for the user's personal site. Returned only on $select. [OfficeLocation <String>]: The office location in the user's place of business. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [OnPremisesDistinguishedName <String>]: Contains the on-premises Active Directory distinguished name or DN. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesDomainName <String>]: Contains the on-premises domainFQDN, also called dnsDomainName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesExtensionAttributes <IMicrosoftGraphOnPremisesExtensionAttributes>]: onPremisesExtensionAttributes [(Any) <Object>]: This indicates any property can be added to this object. [ExtensionAttribute1 <String>]: First customizable extension attribute. [ExtensionAttribute10 <String>]: Tenth customizable extension attribute. [ExtensionAttribute11 <String>]: Eleventh customizable extension attribute. [ExtensionAttribute12 <String>]: Twelfth customizable extension attribute. [ExtensionAttribute13 <String>]: Thirteenth customizable extension attribute. [ExtensionAttribute14 <String>]: Fourteenth customizable extension attribute. [ExtensionAttribute15 <String>]: Fifteenth customizable extension attribute. [ExtensionAttribute2 <String>]: Second customizable extension attribute. [ExtensionAttribute3 <String>]: Third customizable extension attribute. [ExtensionAttribute4 <String>]: Fourth customizable extension attribute. [ExtensionAttribute5 <String>]: Fifth customizable extension attribute. [ExtensionAttribute6 <String>]: Sixth customizable extension attribute. [ExtensionAttribute7 <String>]: Seventh customizable extension attribute. [ExtensionAttribute8 <String>]: Eighth customizable extension attribute. [ExtensionAttribute9 <String>]: Ninth customizable extension attribute. [OnPremisesImmutableId <String>]: This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user's userPrincipalName (UPN) property. NOTE: The $ and _ characters cannot be used when specifying this property. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in).. [OnPremisesLastSyncDateTime <DateTime?>]: Indicates the last time at which the object was synced with the on-premises directory; for example: 2013-02-16T03:04:54Z. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in). [OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]: Errors when using Microsoft synchronization product during provisioning. Returned only on $select. Supports $filter (eq, not, ge, le). [OnPremisesSamAccountName <String>]: Contains the on-premises samAccountName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [OnPremisesSecurityIdentifier <String>]: Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud. Read-only. Returned only on $select. Supports $filter (eq including on null values). [OnPremisesSyncEnabled <Boolean?>]: true if this user object is currently being synced from an on-premises Active Directory (AD); otherwise the user isn't being synced and can be managed in Azure Active Directory (Azure AD). Read-only. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). [OnPremisesUserPrincipalName <String>]: Contains the on-premises userPrincipalName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [Onenote <IMicrosoftGraphOnenote>]: onenote [OtherMails <String[]>]: A list of additional email addresses for the user; for example: ['bob@contoso.com', 'Robert@fabrikam.com']. NOTE: This property cannot contain accent characters. Returned only on $select. Supports $filter (eq, not, ge, le, in, startsWith, endsWith, /$count eq 0, /$count ne 0). [Outlook <IMicrosoftGraphOutlookUser>]: outlookUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PasswordPolicies <String>]: Specifies password policies for the user. This value is an enumeration with one possible value being DisableStrongPassword, which allows weaker passwords than the default policy to be specified. DisablePasswordExpiration can also be specified. The two may be specified together; for example: DisablePasswordExpiration, DisableStrongPassword. Returned only on $select. For more information on the default password policies, see Azure AD pasword policies. Supports $filter (ne, not, and eq on null values). [PasswordProfile <IMicrosoftGraphPasswordProfile>]: passwordProfile [(Any) <Object>]: This indicates any property can be added to this object. [ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change her password on the next login; otherwise false. [ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multi-factor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multi-factor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false. [Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next login. The password must satisfy minimum requirements as specified by the user’s passwordPolicies property. By default, a strong password is required. [PastProjects <String[]>]: A list for the user to enumerate their past projects. Returned only on $select. [Photo <IMicrosoftGraphProfilePhoto>]: profilePhoto [Planner <IMicrosoftGraphPlannerUser>]: plannerUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PostalCode <String>]: The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. Maximum length is 40 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [PreferredDataLocation <String>]: The preferred data location for the user. For more information, see OneDrive Online Multi-Geo. [PreferredLanguage <String>]: The preferred language for the user. Should follow ISO 639-1 Code; for example en-US. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values) [PreferredName <String>]: The preferred name for the user. Not Supported. This attribute returns an empty string.Returned only on $select. [Presence <IMicrosoftGraphPresence>]: presence [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Activity <String>]: The supplemental information to a user's availability. Possible values are Available, Away, BeRightBack, Busy, DoNotDisturb, InACall, InAConferenceCall, Inactive, InAMeeting, Offline, OffWork, OutOfOffice, PresenceUnknown, Presenting, UrgentInterruptionsOnly. [Availability <String>]: The base presence information for a user. Possible values are Available, AvailableIdle, Away, BeRightBack, Busy, BusyIdle, DoNotDisturb, Offline, PresenceUnknown [ProvisionedPlans <IMicrosoftGraphProvisionedPlan[]>]: The plans that are provisioned for the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le). [CapabilityStatus <String>]: For example, 'Enabled'. [ProvisioningStatus <String>]: For example, 'Success'. [Service <String>]: The name of the service; for example, 'AccessControlS2S' [ProxyAddresses <String[]>]: For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. Changes to the mail property will also update this collection to include the value as an SMTP address. For more information, see mail and proxyAddresses properties. The proxy address prefixed with SMTP (capitalized) is the primary proxy address while those prefixed with smtp are the secondary proxy addresses. For Azure AD B2C accounts, this property has a limit of ten unique addresses. Read-only in Microsoft Graph; you can update this property only through the Microsoft 365 admin center. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith, endsWith, /$count eq 0, /$count ne 0). [Responsibilities <String[]>]: A list for the user to enumerate their responsibilities. Returned only on $select. [Schools <String[]>]: A list for the user to enumerate the schools they have attended. Returned only on $select. [SecurityIdentifier <String>]: Security identifier (SID) of the user, used in Windows scenarios. Read-only. Returned by default. Supports $select and $filter (eq, not, ge, le, startsWith). [Settings <IMicrosoftGraphUserSettings>]: userSettings [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ContributionToContentDiscoveryAsOrganizationDisabled <Boolean?>]: [ContributionToContentDiscoveryDisabled <Boolean?>]: [ShiftPreferences <IMicrosoftGraphShiftPreferences>]: shiftPreferences [(Any) <Object>]: This indicates any property can be added to this object. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [Id <String>]: The unique idenfier for an entity. Read-only. [Availability <IMicrosoftGraphShiftAvailability[]>]: Availability of the user to be scheduled for work and its recurrence pattern. [Recurrence <IMicrosoftGraphPatternedRecurrence>]: patternedRecurrence [TimeSlots <IMicrosoftGraphTimeRange[]>]: The time slot(s) preferred by the user. [EndTime <String>]: End time for the time range. [StartTime <String>]: Start time for the time range. [TimeZone <String>]: Specifies the time zone for the indicated time. [ShowInAddressList <Boolean?>]: Do not use in Microsoft Graph. Manage this property through the Microsoft 365 admin center instead. Represents whether the user should be included in the Outlook global address list. See Known issue. [SignInSessionsValidFromDateTime <DateTime?>]: Any refresh tokens or sessions tokens (session cookies) issued before this time are invalid, and applications will get an error when using an invalid refresh or sessions token to acquire a delegated access token (to access APIs such as Microsoft Graph). If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint. Read-only. Use revokeSignInSessions to reset. Returned only on $select. [Skills <String[]>]: A list for the user to enumerate their skills. Returned only on $select. [State <String>]: The state or province in the user's address. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [StreetAddress <String>]: The street address of the user's place of business. Maximum length is 1024 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Surname <String>]: The user's surname (family name or last name). Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Teamwork <IMicrosoftGraphUserTeamwork>]: userTeamwork [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Todo <IMicrosoftGraphTodo>]: todo [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [UsageLocation <String>]: A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: US, JP, and GB. Not nullable. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [UserPrincipalName <String>]: The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property cannot contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, ' . - _ ! # ^ ~. For the complete list of allowed characters, see username policies. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith) and $orderBy. [UserType <String>]: A string value that can be used to classify user types in your directory, such as Member and Guest. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). NOTE: For more information about the permissions for member and guest users, see What are the default user permissions in Azure Active Directory? [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [Analytics <IMicrosoftGraphItemAnalytics>]: itemAnalytics [DisplayName <String>]: The full title for the site. Read-only. [Drive <IMicrosoftGraphDrive>]: drive [Error <IMicrosoftGraphPublicError>]: publicError [Onenote <IMicrosoftGraphOnenote>]: onenote [Root <IMicrosoftGraphRoot>]: root [SharepointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [SiteCollection <IMicrosoftGraphSiteCollection>]: siteCollection [(Any) <Object>]: This indicates any property can be added to this object. [DataLocationCode <String>]: The geographic region code for where this site collection resides. Read-only. [Hostname <String>]: The hostname for the site collection. Read-only. [Root <IMicrosoftGraphRoot>]: root [TermStore <IMicrosoftGraphTermStore>]: store [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [DefaultLanguageTag <String>]: Default language of the term store. [LanguageTags <String[]>]: List of languages for the term store. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritycaseediscoverycasecustodiansitesource #> function New-MgSecurityCaseEdiscoveryCaseCustodianSiteSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecuritySiteSource])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecuritySiteSource] # siteSource # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time the dataSource was created. ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The display name of the dataSource. # This will be the name of the SharePoint site. ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceHoldStatus ${HoldStatus}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSite] # site # To construct, see NOTES section for SITE properties and create a hash table. ${Site}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodianSiteSource_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodianSiteSource_CreateExpanded'; CreateViaIdentity = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodianSiteSource_CreateViaIdentity'; CreateViaIdentityExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodianSiteSource_CreateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create a new unifiedGroupSource object associated with an eDiscovery custodian. .Description Create a new unifiedGroupSource object associated with an eDiscovery custodian. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUnifiedGroupSource .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUnifiedGroupSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityUnifiedGroupSource>: unifiedGroupSource [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the dataSource was created. [DisplayName <String>]: The display name of the dataSource. This will be the name of the SharePoint site. [HoldStatus <String>]: dataSourceHoldStatus [Id <String>]: The unique idenfier for an entity. Read-only. [Group <IMicrosoftGraphGroup>]: group [(Any) <Object>]: This indicates any property can be added to this object. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique idenfier for an entity. Read-only. [AllowExternalSenders <Boolean?>]: Indicates if people external to the organization can send messages to the group. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [AssignedLabels <IMicrosoftGraphAssignedLabel[]>]: The list of sensitivity label pairs (label ID, label name) associated with a Microsoft 365 group. Returned only on $select. [DisplayName <String>]: The display name of the label. Read-only. [LabelId <String>]: The unique identifier of the label. [AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]: The licenses that are assigned to the group. Returned only on $select. Supports $filter (eq).Read-only. [DisabledPlans <String[]>]: A collection of the unique identifiers for plans that have been disabled. [SkuId <String>]: The unique identifier for the SKU. [AutoSubscribeNewMembers <Boolean?>]: Indicates if new members added to the group will be auto-subscribed to receive email notifications. You can set this property in a PATCH request for the group; do not set it in the initial POST request that creates the group. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [Calendar <IMicrosoftGraphCalendar>]: calendar [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AllowedOnlineMeetingProviders <String[]>]: Represent the online meeting service providers that can be used to create online meetings in this calendar. Possible values are: unknown, skypeForBusiness, skypeForConsumer, teamsForBusiness. [CanEdit <Boolean?>]: true if the user can write to the calendar, false otherwise. This property is true for the user who created the calendar. This property is also true for a user who has been shared a calendar and granted write access. [CanShare <Boolean?>]: true if the user has the permission to share the calendar, false otherwise. Only the user who created the calendar can share it. [CanViewPrivateItems <Boolean?>]: true if the user can read calendar items that have been marked private, false otherwise. [ChangeKey <String>]: Identifies the version of the calendar object. Every time the calendar is changed, changeKey changes as well. This allows Exchange to apply changes to the correct version of the object. Read-only. [Color <String>]: calendarColor [DefaultOnlineMeetingProvider <String>]: onlineMeetingProviderType [HexColor <String>]: The calendar color, expressed in a hex color code of three hexadecimal values, each ranging from 00 to FF and representing the red, green, or blue components of the color in the RGB color space. If the user has never explicitly set a color for the calendar, this property is empty. Read-only. [IsDefaultCalendar <Boolean?>]: true if this is the default calendar where new events are created by default, false otherwise. [IsRemovable <Boolean?>]: Indicates whether this user calendar can be deleted from the user mailbox. [IsTallyingResponses <Boolean?>]: Indicates whether this user calendar supports tracking of meeting responses. Only meeting invites sent from users' primary calendars support tracking of meeting responses. [Name <String>]: The calendar name. [Owner <IMicrosoftGraphEmailAddress>]: emailAddress [Classification <String>]: Describes a classification for the group (such as low, medium or high business impact). Valid values for this property are defined by creating a ClassificationList setting value, based on the template definition.Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith). [CreatedDateTime <DateTime?>]: Timestamp of when the group was created. The value cannot be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. [CreatedOnBehalfOf <IMicrosoftGraphDirectoryObject>]: directoryObject [Description <String>]: An optional description for the group. Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith) and $search. [DisplayName <String>]: The display name for the group. This property is required when a group is created and cannot be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values), $search, and $orderBy. [Drive <IMicrosoftGraphDrive>]: drive [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedByUser <IMicrosoftGraphUser>]: user [(Any) <Object>]: This indicates any property can be added to this object. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique idenfier for an entity. Read-only. [AboutMe <String>]: A freeform text entry field for the user to describe themselves. Returned only on $select. [AccountEnabled <Boolean?>]: true if the account is enabled; otherwise, false. This property is required when a user is created. Returned only on $select. Supports $filter (eq, ne, not, and in). [AgeGroup <String>]: Sets the age group of the user. Allowed values: null, Minor, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]: The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate directly-assigned and inherited licenses. Use the licenseAssignmentStates property to identify the directly-assigned and inherited licenses. Not nullable. Returned only on $select. Supports $filter (eq, not, /$count eq 0, /$count ne 0). [AssignedPlans <IMicrosoftGraphAssignedPlan[]>]: The plans that are assigned to the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq and not). [AssignedDateTime <DateTime?>]: The date and time at which the plan was assigned. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [CapabilityStatus <String>]: Condition of the capability assignment. The possible values are Enabled, Warning, Suspended, Deleted, LockedOut. See a detailed description of each value. [Service <String>]: The name of the service; for example, exchange. [ServicePlanId <String>]: A GUID that identifies the service plan. For a complete list of GUIDs and their equivalent friendly service names, see Product names and service plan identifiers for licensing. [Authentication <IMicrosoftGraphAuthentication>]: authentication [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AuthorizationInfo <IMicrosoftGraphAuthorizationInfo>]: authorizationInfo [(Any) <Object>]: This indicates any property can be added to this object. [CertificateUserIds <String[]>]: [Birthday <DateTime?>]: The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [BusinessPhones <String[]>]: The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property. Read-only for users synced from on-premises directory. Returned by default. Supports $filter (eq, not, ge, le, startsWith). [Calendar <IMicrosoftGraphCalendar>]: calendar [City <String>]: The city in which the user is located. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CompanyName <String>]: The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [ConsentProvidedForMinor <String>]: Sets whether consent has been obtained for minors. Allowed values: null, Granted, Denied and NotRequired. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [Country <String>]: The country/region in which the user is located; for example, US or UK. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CreatedDateTime <DateTime?>]: The date and time the user was created, in ISO 8601 format and in UTC time. The value cannot be modified and is automatically populated when the entity is created. Nullable. For on-premises users, the value represents when they were first created in Azure AD. Property is null for some users created before June 2018 and on-premises users that were synced to Azure AD before June 2018. Read-only. Read-only. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [CreationType <String>]: Indicates whether the user account was created through one of the following methods: As a regular school or work account (null). As an external account (Invitation). As a local account for an Azure Active Directory B2C tenant (LocalAccount). Through self-service sign-up by an internal user using email verification (EmailVerified). Through self-service sign-up by an external user signing up through a link that is part of a user flow (SelfServiceSignUp). Read-only.Returned only on $select. Supports $filter (eq, ne, not, in). [Department <String>]: The name for the department in which the user works. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, and eq on null values). [DeviceEnrollmentLimit <Int32?>]: The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000. [DisplayName <String>]: The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values), $orderBy, and $search. [Drive <IMicrosoftGraphDrive>]: drive [EmployeeHireDate <DateTime?>]: The date and time when the user was hired or will start work in case of a future hire. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [EmployeeId <String>]: The employee identifier assigned to the user by the organization. The maximum length is 16 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [EmployeeOrgData <IMicrosoftGraphEmployeeOrgData>]: employeeOrgData [(Any) <Object>]: This indicates any property can be added to this object. [CostCenter <String>]: The cost center associated with the user. Returned only on $select. Supports $filter. [Division <String>]: The name of the division in which the user works. Returned only on $select. Supports $filter. [EmployeeType <String>]: Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith). [ExternalUserState <String>]: For an external user invited to the tenant using the invitation API, this property represents the invited user's invitation status. For invited users, the state can be PendingAcceptance or Accepted, or null for all other users. Returned only on $select. Supports $filter (eq, ne, not , in). [ExternalUserStateChangeDateTime <DateTime?>]: Shows the timestamp for the latest change to the externalUserState property. Returned only on $select. Supports $filter (eq, ne, not , in). [FaxNumber <String>]: The fax number of the user. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [GivenName <String>]: The given name (first name) of the user. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [HireDate <DateTime?>]: The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. Note: This property is specific to SharePoint Online. We recommend using the native employeeHireDate property to set and update hire date values using Microsoft Graph APIs. [Identities <IMicrosoftGraphObjectIdentity[]>]: Represents the identities that can be used to sign in to this user account. An identity can be provided by Microsoft (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and tied to a user account. May contain multiple items with the same signInType value. Returned only on $select. Supports $filter (eq) including on null values, only where the signInType is not userPrincipalName. [Issuer <String>]: Specifies the issuer of the identity, for example facebook.com.For local accounts (where signInType is not federated), this property is the local B2C tenant default domain name, for example contoso.onmicrosoft.com.For external users from other Azure AD organization, this will be the domain of the federated organization, for example contoso.com.Supports $filter. 512 character limit. [IssuerAssignedId <String>]: Specifies the unique identifier assigned to the user by the issuer. The combination of issuer and issuerAssignedId must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).When signInType is set to: emailAddress, (or a custom string that starts with emailAddress like emailAddress1) issuerAssignedId must be a valid email addressuserName, issuerAssignedId must begin with alphabetical character or number, and can only contain alphanumeric characters and the following symbols: - or Supports $filter. 64 character limit. [SignInType <String>]: Specifies the user sign-in types in your directory, such as emailAddress, userName, federated, or userPrincipalName. federated represents a unique identifier for a user from an issuer, that can be in any format chosen by the issuer. Setting or updating a userPrincipalName identity will update the value of the userPrincipalName property on the user object. The validations performed on the userPrincipalName property on the user object, for example, verified domains and acceptable characters, will be performed when setting or updating a userPrincipalName identity. Additional validation is enforced on issuerAssignedId when the sign-in type is set to emailAddress or userName. This property can also be set to any custom string. [ImAddresses <String[]>]: The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user. Read-only. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith). [InferenceClassification <IMicrosoftGraphInferenceClassification>]: inferenceClassification [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Insights <IMicrosoftGraphOfficeGraphInsights>]: officeGraphInsights [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Interests <String[]>]: A list for the user to describe their interests. Returned only on $select. [IsResourceAccount <Boolean?>]: Do not use – reserved for future use. [JobTitle <String>]: The user's job title. Maximum length is 128 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [LastPasswordChangeDateTime <DateTime?>]: The time when this Azure AD user last changed their password or when their password was created, whichever date the latest action was performed. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [LegalAgeGroupClassification <String>]: Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on ageGroup and consentProvidedForMinor properties. Allowed values: null, MinorWithOutParentalConsent, MinorWithParentalConsent, MinorNoParentalConsentRequired, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. [LicenseAssignmentStates <IMicrosoftGraphLicenseAssignmentState[]>]: State of license assignments for this user. Also indicates licenses that are directly-assigned and those that the user has inherited through group memberships. Read-only. Returned only on $select. [AssignedByGroup <String>]: [DisabledPlans <String[]>]: [Error <String>]: [LastUpdatedDateTime <DateTime?>]: [SkuId <String>]: [State <String>]: [Mail <String>]: The SMTP address for the user, for example, jeff@contoso.onmicrosoft.com. Changes to this property will also update the user's proxyAddresses collection to include the value as an SMTP address. This property cannot contain accent characters. NOTE: We do not recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith, and eq on null values). [MailNickname <String>]: The mail alias for the user. This property must be specified when a user is created. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MailboxSettings <IMicrosoftGraphMailboxSettings>]: mailboxSettings [(Any) <Object>]: This indicates any property can be added to this object. [ArchiveFolder <String>]: Folder ID of an archive folder for the user. [AutomaticRepliesSetting <IMicrosoftGraphAutomaticRepliesSetting>]: automaticRepliesSetting [(Any) <Object>]: This indicates any property can be added to this object. [ExternalAudience <String>]: externalAudienceScope [ExternalReplyMessage <String>]: The automatic reply to send to the specified external audience, if Status is AlwaysEnabled or Scheduled. [InternalReplyMessage <String>]: The automatic reply to send to the audience internal to the signed-in user's organization, if Status is AlwaysEnabled or Scheduled. [ScheduledEndDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [ScheduledStartDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [Status <String>]: automaticRepliesStatus [DateFormat <String>]: The date format for the user's mailbox. [DelegateMeetingMessageDeliveryOptions <String>]: delegateMeetingMessageDeliveryOptions [Language <IMicrosoftGraphLocaleInfo>]: localeInfo [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: A name representing the user's locale in natural language, for example, 'English (United States)'. [Locale <String>]: A locale representation for the user, which includes the user's preferred language and country/region. For example, 'en-us'. The language component follows 2-letter codes as defined in ISO 639-1, and the country component follows 2-letter codes as defined in ISO 3166-1 alpha-2. [TimeFormat <String>]: The time format for the user's mailbox. [TimeZone <String>]: The default time zone for the user's mailbox. [UserPurpose <String>]: userPurpose [WorkingHours <IMicrosoftGraphWorkingHours>]: workingHours [(Any) <Object>]: This indicates any property can be added to this object. [DaysOfWeek <String[]>]: The days of the week on which the user works. [EndTime <String>]: The time of the day that the user stops working. [StartTime <String>]: The time of the day that the user starts working. [TimeZone <IMicrosoftGraphTimeZoneBase>]: timeZoneBase [(Any) <Object>]: This indicates any property can be added to this object. [Name <String>]: The name of a time zone. It can be a standard time zone name such as 'Hawaii-Aleutian Standard Time', or 'Customized Time Zone' for a custom time zone. [Manager <IMicrosoftGraphDirectoryObject>]: directoryObject [MobilePhone <String>]: The primary cellular telephone number for the user. Read-only for users synced from on-premises directory. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MySite <String>]: The URL for the user's personal site. Returned only on $select. [OfficeLocation <String>]: The office location in the user's place of business. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [OnPremisesDistinguishedName <String>]: Contains the on-premises Active Directory distinguished name or DN. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesDomainName <String>]: Contains the on-premises domainFQDN, also called dnsDomainName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesExtensionAttributes <IMicrosoftGraphOnPremisesExtensionAttributes>]: onPremisesExtensionAttributes [(Any) <Object>]: This indicates any property can be added to this object. [ExtensionAttribute1 <String>]: First customizable extension attribute. [ExtensionAttribute10 <String>]: Tenth customizable extension attribute. [ExtensionAttribute11 <String>]: Eleventh customizable extension attribute. [ExtensionAttribute12 <String>]: Twelfth customizable extension attribute. [ExtensionAttribute13 <String>]: Thirteenth customizable extension attribute. [ExtensionAttribute14 <String>]: Fourteenth customizable extension attribute. [ExtensionAttribute15 <String>]: Fifteenth customizable extension attribute. [ExtensionAttribute2 <String>]: Second customizable extension attribute. [ExtensionAttribute3 <String>]: Third customizable extension attribute. [ExtensionAttribute4 <String>]: Fourth customizable extension attribute. [ExtensionAttribute5 <String>]: Fifth customizable extension attribute. [ExtensionAttribute6 <String>]: Sixth customizable extension attribute. [ExtensionAttribute7 <String>]: Seventh customizable extension attribute. [ExtensionAttribute8 <String>]: Eighth customizable extension attribute. [ExtensionAttribute9 <String>]: Ninth customizable extension attribute. [OnPremisesImmutableId <String>]: This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user's userPrincipalName (UPN) property. NOTE: The $ and _ characters cannot be used when specifying this property. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in).. [OnPremisesLastSyncDateTime <DateTime?>]: Indicates the last time at which the object was synced with the on-premises directory; for example: 2013-02-16T03:04:54Z. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in). [OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]: Errors when using Microsoft synchronization product during provisioning. Returned only on $select. Supports $filter (eq, not, ge, le). [Category <String>]: Category of the provisioning error. Note: Currently, there is only one possible value. Possible value: PropertyConflict - indicates a property value is not unique. Other objects contain the same value for the property. [OccurredDateTime <DateTime?>]: The date and time at which the error occurred. [PropertyCausingError <String>]: Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress [Value <String>]: Value of the property causing the error. [OnPremisesSamAccountName <String>]: Contains the on-premises samAccountName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [OnPremisesSecurityIdentifier <String>]: Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud. Read-only. Returned only on $select. Supports $filter (eq including on null values). [OnPremisesSyncEnabled <Boolean?>]: true if this user object is currently being synced from an on-premises Active Directory (AD); otherwise the user isn't being synced and can be managed in Azure Active Directory (Azure AD). Read-only. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). [OnPremisesUserPrincipalName <String>]: Contains the on-premises userPrincipalName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [Onenote <IMicrosoftGraphOnenote>]: onenote [OtherMails <String[]>]: A list of additional email addresses for the user; for example: ['bob@contoso.com', 'Robert@fabrikam.com']. NOTE: This property cannot contain accent characters. Returned only on $select. Supports $filter (eq, not, ge, le, in, startsWith, endsWith, /$count eq 0, /$count ne 0). [Outlook <IMicrosoftGraphOutlookUser>]: outlookUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PasswordPolicies <String>]: Specifies password policies for the user. This value is an enumeration with one possible value being DisableStrongPassword, which allows weaker passwords than the default policy to be specified. DisablePasswordExpiration can also be specified. The two may be specified together; for example: DisablePasswordExpiration, DisableStrongPassword. Returned only on $select. For more information on the default password policies, see Azure AD pasword policies. Supports $filter (ne, not, and eq on null values). [PasswordProfile <IMicrosoftGraphPasswordProfile>]: passwordProfile [(Any) <Object>]: This indicates any property can be added to this object. [ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change her password on the next login; otherwise false. [ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multi-factor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multi-factor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false. [Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next login. The password must satisfy minimum requirements as specified by the user’s passwordPolicies property. By default, a strong password is required. [PastProjects <String[]>]: A list for the user to enumerate their past projects. Returned only on $select. [Photo <IMicrosoftGraphProfilePhoto>]: profilePhoto [Planner <IMicrosoftGraphPlannerUser>]: plannerUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PostalCode <String>]: The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. Maximum length is 40 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [PreferredDataLocation <String>]: The preferred data location for the user. For more information, see OneDrive Online Multi-Geo. [PreferredLanguage <String>]: The preferred language for the user. Should follow ISO 639-1 Code; for example en-US. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values) [PreferredName <String>]: The preferred name for the user. Not Supported. This attribute returns an empty string.Returned only on $select. [Presence <IMicrosoftGraphPresence>]: presence [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Activity <String>]: The supplemental information to a user's availability. Possible values are Available, Away, BeRightBack, Busy, DoNotDisturb, InACall, InAConferenceCall, Inactive, InAMeeting, Offline, OffWork, OutOfOffice, PresenceUnknown, Presenting, UrgentInterruptionsOnly. [Availability <String>]: The base presence information for a user. Possible values are Available, AvailableIdle, Away, BeRightBack, Busy, BusyIdle, DoNotDisturb, Offline, PresenceUnknown [ProvisionedPlans <IMicrosoftGraphProvisionedPlan[]>]: The plans that are provisioned for the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le). [CapabilityStatus <String>]: For example, 'Enabled'. [ProvisioningStatus <String>]: For example, 'Success'. [Service <String>]: The name of the service; for example, 'AccessControlS2S' [ProxyAddresses <String[]>]: For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. Changes to the mail property will also update this collection to include the value as an SMTP address. For more information, see mail and proxyAddresses properties. The proxy address prefixed with SMTP (capitalized) is the primary proxy address while those prefixed with smtp are the secondary proxy addresses. For Azure AD B2C accounts, this property has a limit of ten unique addresses. Read-only in Microsoft Graph; you can update this property only through the Microsoft 365 admin center. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith, endsWith, /$count eq 0, /$count ne 0). [Responsibilities <String[]>]: A list for the user to enumerate their responsibilities. Returned only on $select. [Schools <String[]>]: A list for the user to enumerate the schools they have attended. Returned only on $select. [SecurityIdentifier <String>]: Security identifier (SID) of the user, used in Windows scenarios. Read-only. Returned by default. Supports $select and $filter (eq, not, ge, le, startsWith). [Settings <IMicrosoftGraphUserSettings>]: userSettings [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ContributionToContentDiscoveryAsOrganizationDisabled <Boolean?>]: [ContributionToContentDiscoveryDisabled <Boolean?>]: [ShiftPreferences <IMicrosoftGraphShiftPreferences>]: shiftPreferences [(Any) <Object>]: This indicates any property can be added to this object. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [Id <String>]: The unique idenfier for an entity. Read-only. [Availability <IMicrosoftGraphShiftAvailability[]>]: Availability of the user to be scheduled for work and its recurrence pattern. [Recurrence <IMicrosoftGraphPatternedRecurrence>]: patternedRecurrence [TimeSlots <IMicrosoftGraphTimeRange[]>]: The time slot(s) preferred by the user. [EndTime <String>]: End time for the time range. [StartTime <String>]: Start time for the time range. [TimeZone <String>]: Specifies the time zone for the indicated time. [ShowInAddressList <Boolean?>]: Do not use in Microsoft Graph. Manage this property through the Microsoft 365 admin center instead. Represents whether the user should be included in the Outlook global address list. See Known issue. [SignInSessionsValidFromDateTime <DateTime?>]: Any refresh tokens or sessions tokens (session cookies) issued before this time are invalid, and applications will get an error when using an invalid refresh or sessions token to acquire a delegated access token (to access APIs such as Microsoft Graph). If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint. Read-only. Use revokeSignInSessions to reset. Returned only on $select. [Skills <String[]>]: A list for the user to enumerate their skills. Returned only on $select. [State <String>]: The state or province in the user's address. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [StreetAddress <String>]: The street address of the user's place of business. Maximum length is 1024 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Surname <String>]: The user's surname (family name or last name). Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Teamwork <IMicrosoftGraphUserTeamwork>]: userTeamwork [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Todo <IMicrosoftGraphTodo>]: todo [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [UsageLocation <String>]: A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: US, JP, and GB. Not nullable. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [UserPrincipalName <String>]: The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property cannot contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, ' . - _ ! # ^ ~. For the complete list of allowed characters, see username policies. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith) and $orderBy. [UserType <String>]: A string value that can be used to classify user types in your directory, such as Member and Guest. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). NOTE: For more information about the permissions for member and guest users, see What are the default user permissions in Azure Active Directory? [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [DriveType <String>]: Describes the type of drive represented by this resource. OneDrive personal drives will return personal. OneDrive for Business will return business. SharePoint document libraries will return documentLibrary. Read-only. [List <IMicrosoftGraphList>]: list [Owner <IMicrosoftGraphIdentitySet>]: identitySet [Quota <IMicrosoftGraphQuota>]: quota [(Any) <Object>]: This indicates any property can be added to this object. [Deleted <Int64?>]: Total space consumed by files in the recycle bin, in bytes. Read-only. [Remaining <Int64?>]: Total space remaining before reaching the quota limit, in bytes. Read-only. [State <String>]: Enumeration value that indicates the state of the storage space. Read-only. [StoragePlanInformation <IMicrosoftGraphStoragePlanInformation>]: storagePlanInformation [(Any) <Object>]: This indicates any property can be added to this object. [UpgradeAvailable <Boolean?>]: Indicates whether there are higher storage quota plans available. Read-only. [Total <Int64?>]: Total allowed storage space, in bytes. Read-only. [Used <Int64?>]: Total space used, in bytes. Read-only. [Root <IMicrosoftGraphDriveItem>]: driveItem [SharePointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [System <IMicrosoftGraphSystemFacet>]: systemFacet [ExpirationDateTime <DateTime?>]: Timestamp of when the group is set to expire. The value cannot be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. [GroupTypes <String[]>]: Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static. Returned by default. Supports $filter (eq, not). [HasMembersWithLicenseErrors <Boolean?>]: Indicates whether there are members in this group that have license errors from its group-based license assignment. This property is never returned on a GET operation. You can use it as a $filter argument to get groups that have members with license errors (that is, filter for this property being true). See an example. Supports $filter (eq). [HideFromAddressLists <Boolean?>]: True if the group is not displayed in certain parts of the Outlook UI: the Address Book, address lists for selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [HideFromOutlookClients <Boolean?>]: True if the group is not displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [IsArchived <Boolean?>]: When a group is associated with a team this property determines whether the team is in read-only mode.To read this property, use the /group/{groupId}/team endpoint or the Get team API. To update this property, use the archiveTeam and unarchiveTeam APIs. [IsAssignableToRole <Boolean?>]: Indicates whether this group can be assigned to an Azure Active Directory role or not. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group cannot be a dynamic group (that is, groupTypes cannot contain DynamicMembership). Only callers in Global Administrator and Privileged Role Administrator roles can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Azure AD role assignmentsUsing this feature requires a Azure AD Premium P1 license. Returned by default. Supports $filter (eq, ne, not). [IsSubscribedByMail <Boolean?>]: Indicates whether the signed-in user is subscribed to receive email conversations. Default value is true. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [LicenseProcessingState <IMicrosoftGraphLicenseProcessingState>]: licenseProcessingState [(Any) <Object>]: This indicates any property can be added to this object. [State <String>]: [Mail <String>]: The SMTP address for the group, for example, 'serviceadmins@contoso.onmicrosoft.com'. Returned by default. Read-only. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MailEnabled <Boolean?>]: Specifies whether the group is mail-enabled. Required. Returned by default. Supports $filter (eq, ne, not). [MailNickname <String>]: The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () / [] ' ; : <> , SPACE. Required. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MembershipRule <String>]: The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax. Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith). [MembershipRuleProcessingState <String>]: Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused. Returned by default. Supports $filter (eq, ne, not, in). [OnPremisesDomainName <String>]: [OnPremisesLastSyncDateTime <DateTime?>]: Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Read-only. Supports $filter (eq, ne, not, ge, le, in). [OnPremisesNetBiosName <String>]: [OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]: Errors when using Microsoft synchronization product during provisioning. Returned by default. Supports $filter (eq, not). [OnPremisesSamAccountName <String>]: Contains the on-premises SAM account name synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect.Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith). Read-only. [OnPremisesSecurityIdentifier <String>]: Contains the on-premises security identifier (SID) for the group that was synchronized from on-premises to the cloud. Returned by default. Supports $filter (eq including on null values). Read-only. [OnPremisesSyncEnabled <Boolean?>]: true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default). Returned by default. Read-only. Supports $filter (eq, ne, not, in, and eq on null values). [Onenote <IMicrosoftGraphOnenote>]: onenote [Photo <IMicrosoftGraphProfilePhoto>]: profilePhoto [Planner <IMicrosoftGraphPlannerGroup>]: plannerGroup [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PreferredDataLocation <String>]: The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling user must be assigned one of the following Azure AD roles: Global Administrator User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo. Nullable. Returned by default. [PreferredLanguage <String>]: The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example en-US. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [ProxyAddresses <String[]>]: Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required to filter expressions on multi-valued properties. Returned by default. Read-only. Not nullable. Supports $filter (eq, not, ge, le, startsWith, endsWith, /$count eq 0, /$count ne 0). [RenewedDateTime <DateTime?>]: Timestamp of when the group was last renewed. This cannot be modified directly and is only updated via the renew service action. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. [SecurityEnabled <Boolean?>]: Specifies whether the group is a security group. Required. Returned by default. Supports $filter (eq, ne, not, in). [SecurityIdentifier <String>]: Security identifier of the group, used in Windows scenarios. Returned by default. [Team <IMicrosoftGraphTeam>]: team [Theme <String>]: Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red. Returned by default. [UnseenCount <Int32?>]: Count of conversations that have received new posts since the signed-in user last visited the group. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [Visibility <String>]: Specifies the group join policy and group content visibility for groups. Possible values are: Private, Public, or HiddenMembership. HiddenMembership can be set only for Microsoft 365 groups, when the groups are created. It can't be updated later. Other values of visibility can be updated after group creation. If visibility value is not specified during group creation on Microsoft Graph, a security group is created as Private by default and Microsoft 365 group is Public. Groups assignable to roles are always Private. See group visibility options to learn more. Returned by default. Nullable. [IncludedSources <String>]: sourceType CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity GROUP <IMicrosoftGraphGroup>: group [(Any) <Object>]: This indicates any property can be added to this object. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique idenfier for an entity. Read-only. [AllowExternalSenders <Boolean?>]: Indicates if people external to the organization can send messages to the group. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [AssignedLabels <IMicrosoftGraphAssignedLabel[]>]: The list of sensitivity label pairs (label ID, label name) associated with a Microsoft 365 group. Returned only on $select. [DisplayName <String>]: The display name of the label. Read-only. [LabelId <String>]: The unique identifier of the label. [AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]: The licenses that are assigned to the group. Returned only on $select. Supports $filter (eq).Read-only. [DisabledPlans <String[]>]: A collection of the unique identifiers for plans that have been disabled. [SkuId <String>]: The unique identifier for the SKU. [AutoSubscribeNewMembers <Boolean?>]: Indicates if new members added to the group will be auto-subscribed to receive email notifications. You can set this property in a PATCH request for the group; do not set it in the initial POST request that creates the group. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [Calendar <IMicrosoftGraphCalendar>]: calendar [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AllowedOnlineMeetingProviders <String[]>]: Represent the online meeting service providers that can be used to create online meetings in this calendar. Possible values are: unknown, skypeForBusiness, skypeForConsumer, teamsForBusiness. [CanEdit <Boolean?>]: true if the user can write to the calendar, false otherwise. This property is true for the user who created the calendar. This property is also true for a user who has been shared a calendar and granted write access. [CanShare <Boolean?>]: true if the user has the permission to share the calendar, false otherwise. Only the user who created the calendar can share it. [CanViewPrivateItems <Boolean?>]: true if the user can read calendar items that have been marked private, false otherwise. [ChangeKey <String>]: Identifies the version of the calendar object. Every time the calendar is changed, changeKey changes as well. This allows Exchange to apply changes to the correct version of the object. Read-only. [Color <String>]: calendarColor [DefaultOnlineMeetingProvider <String>]: onlineMeetingProviderType [HexColor <String>]: The calendar color, expressed in a hex color code of three hexadecimal values, each ranging from 00 to FF and representing the red, green, or blue components of the color in the RGB color space. If the user has never explicitly set a color for the calendar, this property is empty. Read-only. [IsDefaultCalendar <Boolean?>]: true if this is the default calendar where new events are created by default, false otherwise. [IsRemovable <Boolean?>]: Indicates whether this user calendar can be deleted from the user mailbox. [IsTallyingResponses <Boolean?>]: Indicates whether this user calendar supports tracking of meeting responses. Only meeting invites sent from users' primary calendars support tracking of meeting responses. [Name <String>]: The calendar name. [Owner <IMicrosoftGraphEmailAddress>]: emailAddress [Classification <String>]: Describes a classification for the group (such as low, medium or high business impact). Valid values for this property are defined by creating a ClassificationList setting value, based on the template definition.Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith). [CreatedDateTime <DateTime?>]: Timestamp of when the group was created. The value cannot be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. [CreatedOnBehalfOf <IMicrosoftGraphDirectoryObject>]: directoryObject [Description <String>]: An optional description for the group. Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith) and $search. [DisplayName <String>]: The display name for the group. This property is required when a group is created and cannot be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values), $search, and $orderBy. [Drive <IMicrosoftGraphDrive>]: drive [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedByUser <IMicrosoftGraphUser>]: user [(Any) <Object>]: This indicates any property can be added to this object. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique idenfier for an entity. Read-only. [AboutMe <String>]: A freeform text entry field for the user to describe themselves. Returned only on $select. [AccountEnabled <Boolean?>]: true if the account is enabled; otherwise, false. This property is required when a user is created. Returned only on $select. Supports $filter (eq, ne, not, and in). [AgeGroup <String>]: Sets the age group of the user. Allowed values: null, Minor, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]: The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate directly-assigned and inherited licenses. Use the licenseAssignmentStates property to identify the directly-assigned and inherited licenses. Not nullable. Returned only on $select. Supports $filter (eq, not, /$count eq 0, /$count ne 0). [AssignedPlans <IMicrosoftGraphAssignedPlan[]>]: The plans that are assigned to the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq and not). [AssignedDateTime <DateTime?>]: The date and time at which the plan was assigned. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [CapabilityStatus <String>]: Condition of the capability assignment. The possible values are Enabled, Warning, Suspended, Deleted, LockedOut. See a detailed description of each value. [Service <String>]: The name of the service; for example, exchange. [ServicePlanId <String>]: A GUID that identifies the service plan. For a complete list of GUIDs and their equivalent friendly service names, see Product names and service plan identifiers for licensing. [Authentication <IMicrosoftGraphAuthentication>]: authentication [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AuthorizationInfo <IMicrosoftGraphAuthorizationInfo>]: authorizationInfo [(Any) <Object>]: This indicates any property can be added to this object. [CertificateUserIds <String[]>]: [Birthday <DateTime?>]: The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [BusinessPhones <String[]>]: The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property. Read-only for users synced from on-premises directory. Returned by default. Supports $filter (eq, not, ge, le, startsWith). [Calendar <IMicrosoftGraphCalendar>]: calendar [City <String>]: The city in which the user is located. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CompanyName <String>]: The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [ConsentProvidedForMinor <String>]: Sets whether consent has been obtained for minors. Allowed values: null, Granted, Denied and NotRequired. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [Country <String>]: The country/region in which the user is located; for example, US or UK. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CreatedDateTime <DateTime?>]: The date and time the user was created, in ISO 8601 format and in UTC time. The value cannot be modified and is automatically populated when the entity is created. Nullable. For on-premises users, the value represents when they were first created in Azure AD. Property is null for some users created before June 2018 and on-premises users that were synced to Azure AD before June 2018. Read-only. Read-only. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [CreationType <String>]: Indicates whether the user account was created through one of the following methods: As a regular school or work account (null). As an external account (Invitation). As a local account for an Azure Active Directory B2C tenant (LocalAccount). Through self-service sign-up by an internal user using email verification (EmailVerified). Through self-service sign-up by an external user signing up through a link that is part of a user flow (SelfServiceSignUp). Read-only.Returned only on $select. Supports $filter (eq, ne, not, in). [Department <String>]: The name for the department in which the user works. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, and eq on null values). [DeviceEnrollmentLimit <Int32?>]: The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000. [DisplayName <String>]: The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values), $orderBy, and $search. [Drive <IMicrosoftGraphDrive>]: drive [EmployeeHireDate <DateTime?>]: The date and time when the user was hired or will start work in case of a future hire. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [EmployeeId <String>]: The employee identifier assigned to the user by the organization. The maximum length is 16 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [EmployeeOrgData <IMicrosoftGraphEmployeeOrgData>]: employeeOrgData [(Any) <Object>]: This indicates any property can be added to this object. [CostCenter <String>]: The cost center associated with the user. Returned only on $select. Supports $filter. [Division <String>]: The name of the division in which the user works. Returned only on $select. Supports $filter. [EmployeeType <String>]: Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith). [ExternalUserState <String>]: For an external user invited to the tenant using the invitation API, this property represents the invited user's invitation status. For invited users, the state can be PendingAcceptance or Accepted, or null for all other users. Returned only on $select. Supports $filter (eq, ne, not , in). [ExternalUserStateChangeDateTime <DateTime?>]: Shows the timestamp for the latest change to the externalUserState property. Returned only on $select. Supports $filter (eq, ne, not , in). [FaxNumber <String>]: The fax number of the user. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [GivenName <String>]: The given name (first name) of the user. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [HireDate <DateTime?>]: The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. Note: This property is specific to SharePoint Online. We recommend using the native employeeHireDate property to set and update hire date values using Microsoft Graph APIs. [Identities <IMicrosoftGraphObjectIdentity[]>]: Represents the identities that can be used to sign in to this user account. An identity can be provided by Microsoft (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and tied to a user account. May contain multiple items with the same signInType value. Returned only on $select. Supports $filter (eq) including on null values, only where the signInType is not userPrincipalName. [Issuer <String>]: Specifies the issuer of the identity, for example facebook.com.For local accounts (where signInType is not federated), this property is the local B2C tenant default domain name, for example contoso.onmicrosoft.com.For external users from other Azure AD organization, this will be the domain of the federated organization, for example contoso.com.Supports $filter. 512 character limit. [IssuerAssignedId <String>]: Specifies the unique identifier assigned to the user by the issuer. The combination of issuer and issuerAssignedId must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).When signInType is set to: emailAddress, (or a custom string that starts with emailAddress like emailAddress1) issuerAssignedId must be a valid email addressuserName, issuerAssignedId must begin with alphabetical character or number, and can only contain alphanumeric characters and the following symbols: - or Supports $filter. 64 character limit. [SignInType <String>]: Specifies the user sign-in types in your directory, such as emailAddress, userName, federated, or userPrincipalName. federated represents a unique identifier for a user from an issuer, that can be in any format chosen by the issuer. Setting or updating a userPrincipalName identity will update the value of the userPrincipalName property on the user object. The validations performed on the userPrincipalName property on the user object, for example, verified domains and acceptable characters, will be performed when setting or updating a userPrincipalName identity. Additional validation is enforced on issuerAssignedId when the sign-in type is set to emailAddress or userName. This property can also be set to any custom string. [ImAddresses <String[]>]: The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user. Read-only. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith). [InferenceClassification <IMicrosoftGraphInferenceClassification>]: inferenceClassification [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Insights <IMicrosoftGraphOfficeGraphInsights>]: officeGraphInsights [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Interests <String[]>]: A list for the user to describe their interests. Returned only on $select. [IsResourceAccount <Boolean?>]: Do not use – reserved for future use. [JobTitle <String>]: The user's job title. Maximum length is 128 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [LastPasswordChangeDateTime <DateTime?>]: The time when this Azure AD user last changed their password or when their password was created, whichever date the latest action was performed. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [LegalAgeGroupClassification <String>]: Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on ageGroup and consentProvidedForMinor properties. Allowed values: null, MinorWithOutParentalConsent, MinorWithParentalConsent, MinorNoParentalConsentRequired, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. [LicenseAssignmentStates <IMicrosoftGraphLicenseAssignmentState[]>]: State of license assignments for this user. Also indicates licenses that are directly-assigned and those that the user has inherited through group memberships. Read-only. Returned only on $select. [AssignedByGroup <String>]: [DisabledPlans <String[]>]: [Error <String>]: [LastUpdatedDateTime <DateTime?>]: [SkuId <String>]: [State <String>]: [Mail <String>]: The SMTP address for the user, for example, jeff@contoso.onmicrosoft.com. Changes to this property will also update the user's proxyAddresses collection to include the value as an SMTP address. This property cannot contain accent characters. NOTE: We do not recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith, and eq on null values). [MailNickname <String>]: The mail alias for the user. This property must be specified when a user is created. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MailboxSettings <IMicrosoftGraphMailboxSettings>]: mailboxSettings [(Any) <Object>]: This indicates any property can be added to this object. [ArchiveFolder <String>]: Folder ID of an archive folder for the user. [AutomaticRepliesSetting <IMicrosoftGraphAutomaticRepliesSetting>]: automaticRepliesSetting [(Any) <Object>]: This indicates any property can be added to this object. [ExternalAudience <String>]: externalAudienceScope [ExternalReplyMessage <String>]: The automatic reply to send to the specified external audience, if Status is AlwaysEnabled or Scheduled. [InternalReplyMessage <String>]: The automatic reply to send to the audience internal to the signed-in user's organization, if Status is AlwaysEnabled or Scheduled. [ScheduledEndDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [ScheduledStartDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [Status <String>]: automaticRepliesStatus [DateFormat <String>]: The date format for the user's mailbox. [DelegateMeetingMessageDeliveryOptions <String>]: delegateMeetingMessageDeliveryOptions [Language <IMicrosoftGraphLocaleInfo>]: localeInfo [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: A name representing the user's locale in natural language, for example, 'English (United States)'. [Locale <String>]: A locale representation for the user, which includes the user's preferred language and country/region. For example, 'en-us'. The language component follows 2-letter codes as defined in ISO 639-1, and the country component follows 2-letter codes as defined in ISO 3166-1 alpha-2. [TimeFormat <String>]: The time format for the user's mailbox. [TimeZone <String>]: The default time zone for the user's mailbox. [UserPurpose <String>]: userPurpose [WorkingHours <IMicrosoftGraphWorkingHours>]: workingHours [(Any) <Object>]: This indicates any property can be added to this object. [DaysOfWeek <String[]>]: The days of the week on which the user works. [EndTime <String>]: The time of the day that the user stops working. [StartTime <String>]: The time of the day that the user starts working. [TimeZone <IMicrosoftGraphTimeZoneBase>]: timeZoneBase [(Any) <Object>]: This indicates any property can be added to this object. [Name <String>]: The name of a time zone. It can be a standard time zone name such as 'Hawaii-Aleutian Standard Time', or 'Customized Time Zone' for a custom time zone. [Manager <IMicrosoftGraphDirectoryObject>]: directoryObject [MobilePhone <String>]: The primary cellular telephone number for the user. Read-only for users synced from on-premises directory. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MySite <String>]: The URL for the user's personal site. Returned only on $select. [OfficeLocation <String>]: The office location in the user's place of business. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [OnPremisesDistinguishedName <String>]: Contains the on-premises Active Directory distinguished name or DN. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesDomainName <String>]: Contains the on-premises domainFQDN, also called dnsDomainName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesExtensionAttributes <IMicrosoftGraphOnPremisesExtensionAttributes>]: onPremisesExtensionAttributes [(Any) <Object>]: This indicates any property can be added to this object. [ExtensionAttribute1 <String>]: First customizable extension attribute. [ExtensionAttribute10 <String>]: Tenth customizable extension attribute. [ExtensionAttribute11 <String>]: Eleventh customizable extension attribute. [ExtensionAttribute12 <String>]: Twelfth customizable extension attribute. [ExtensionAttribute13 <String>]: Thirteenth customizable extension attribute. [ExtensionAttribute14 <String>]: Fourteenth customizable extension attribute. [ExtensionAttribute15 <String>]: Fifteenth customizable extension attribute. [ExtensionAttribute2 <String>]: Second customizable extension attribute. [ExtensionAttribute3 <String>]: Third customizable extension attribute. [ExtensionAttribute4 <String>]: Fourth customizable extension attribute. [ExtensionAttribute5 <String>]: Fifth customizable extension attribute. [ExtensionAttribute6 <String>]: Sixth customizable extension attribute. [ExtensionAttribute7 <String>]: Seventh customizable extension attribute. [ExtensionAttribute8 <String>]: Eighth customizable extension attribute. [ExtensionAttribute9 <String>]: Ninth customizable extension attribute. [OnPremisesImmutableId <String>]: This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user's userPrincipalName (UPN) property. NOTE: The $ and _ characters cannot be used when specifying this property. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in).. [OnPremisesLastSyncDateTime <DateTime?>]: Indicates the last time at which the object was synced with the on-premises directory; for example: 2013-02-16T03:04:54Z. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in). [OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]: Errors when using Microsoft synchronization product during provisioning. Returned only on $select. Supports $filter (eq, not, ge, le). [Category <String>]: Category of the provisioning error. Note: Currently, there is only one possible value. Possible value: PropertyConflict - indicates a property value is not unique. Other objects contain the same value for the property. [OccurredDateTime <DateTime?>]: The date and time at which the error occurred. [PropertyCausingError <String>]: Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress [Value <String>]: Value of the property causing the error. [OnPremisesSamAccountName <String>]: Contains the on-premises samAccountName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [OnPremisesSecurityIdentifier <String>]: Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud. Read-only. Returned only on $select. Supports $filter (eq including on null values). [OnPremisesSyncEnabled <Boolean?>]: true if this user object is currently being synced from an on-premises Active Directory (AD); otherwise the user isn't being synced and can be managed in Azure Active Directory (Azure AD). Read-only. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). [OnPremisesUserPrincipalName <String>]: Contains the on-premises userPrincipalName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [Onenote <IMicrosoftGraphOnenote>]: onenote [OtherMails <String[]>]: A list of additional email addresses for the user; for example: ['bob@contoso.com', 'Robert@fabrikam.com']. NOTE: This property cannot contain accent characters. Returned only on $select. Supports $filter (eq, not, ge, le, in, startsWith, endsWith, /$count eq 0, /$count ne 0). [Outlook <IMicrosoftGraphOutlookUser>]: outlookUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PasswordPolicies <String>]: Specifies password policies for the user. This value is an enumeration with one possible value being DisableStrongPassword, which allows weaker passwords than the default policy to be specified. DisablePasswordExpiration can also be specified. The two may be specified together; for example: DisablePasswordExpiration, DisableStrongPassword. Returned only on $select. For more information on the default password policies, see Azure AD pasword policies. Supports $filter (ne, not, and eq on null values). [PasswordProfile <IMicrosoftGraphPasswordProfile>]: passwordProfile [(Any) <Object>]: This indicates any property can be added to this object. [ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change her password on the next login; otherwise false. [ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multi-factor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multi-factor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false. [Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next login. The password must satisfy minimum requirements as specified by the user’s passwordPolicies property. By default, a strong password is required. [PastProjects <String[]>]: A list for the user to enumerate their past projects. Returned only on $select. [Photo <IMicrosoftGraphProfilePhoto>]: profilePhoto [Planner <IMicrosoftGraphPlannerUser>]: plannerUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PostalCode <String>]: The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. Maximum length is 40 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [PreferredDataLocation <String>]: The preferred data location for the user. For more information, see OneDrive Online Multi-Geo. [PreferredLanguage <String>]: The preferred language for the user. Should follow ISO 639-1 Code; for example en-US. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values) [PreferredName <String>]: The preferred name for the user. Not Supported. This attribute returns an empty string.Returned only on $select. [Presence <IMicrosoftGraphPresence>]: presence [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Activity <String>]: The supplemental information to a user's availability. Possible values are Available, Away, BeRightBack, Busy, DoNotDisturb, InACall, InAConferenceCall, Inactive, InAMeeting, Offline, OffWork, OutOfOffice, PresenceUnknown, Presenting, UrgentInterruptionsOnly. [Availability <String>]: The base presence information for a user. Possible values are Available, AvailableIdle, Away, BeRightBack, Busy, BusyIdle, DoNotDisturb, Offline, PresenceUnknown [ProvisionedPlans <IMicrosoftGraphProvisionedPlan[]>]: The plans that are provisioned for the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le). [CapabilityStatus <String>]: For example, 'Enabled'. [ProvisioningStatus <String>]: For example, 'Success'. [Service <String>]: The name of the service; for example, 'AccessControlS2S' [ProxyAddresses <String[]>]: For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. Changes to the mail property will also update this collection to include the value as an SMTP address. For more information, see mail and proxyAddresses properties. The proxy address prefixed with SMTP (capitalized) is the primary proxy address while those prefixed with smtp are the secondary proxy addresses. For Azure AD B2C accounts, this property has a limit of ten unique addresses. Read-only in Microsoft Graph; you can update this property only through the Microsoft 365 admin center. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith, endsWith, /$count eq 0, /$count ne 0). [Responsibilities <String[]>]: A list for the user to enumerate their responsibilities. Returned only on $select. [Schools <String[]>]: A list for the user to enumerate the schools they have attended. Returned only on $select. [SecurityIdentifier <String>]: Security identifier (SID) of the user, used in Windows scenarios. Read-only. Returned by default. Supports $select and $filter (eq, not, ge, le, startsWith). [Settings <IMicrosoftGraphUserSettings>]: userSettings [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ContributionToContentDiscoveryAsOrganizationDisabled <Boolean?>]: [ContributionToContentDiscoveryDisabled <Boolean?>]: [ShiftPreferences <IMicrosoftGraphShiftPreferences>]: shiftPreferences [(Any) <Object>]: This indicates any property can be added to this object. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [Id <String>]: The unique idenfier for an entity. Read-only. [Availability <IMicrosoftGraphShiftAvailability[]>]: Availability of the user to be scheduled for work and its recurrence pattern. [Recurrence <IMicrosoftGraphPatternedRecurrence>]: patternedRecurrence [TimeSlots <IMicrosoftGraphTimeRange[]>]: The time slot(s) preferred by the user. [EndTime <String>]: End time for the time range. [StartTime <String>]: Start time for the time range. [TimeZone <String>]: Specifies the time zone for the indicated time. [ShowInAddressList <Boolean?>]: Do not use in Microsoft Graph. Manage this property through the Microsoft 365 admin center instead. Represents whether the user should be included in the Outlook global address list. See Known issue. [SignInSessionsValidFromDateTime <DateTime?>]: Any refresh tokens or sessions tokens (session cookies) issued before this time are invalid, and applications will get an error when using an invalid refresh or sessions token to acquire a delegated access token (to access APIs such as Microsoft Graph). If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint. Read-only. Use revokeSignInSessions to reset. Returned only on $select. [Skills <String[]>]: A list for the user to enumerate their skills. Returned only on $select. [State <String>]: The state or province in the user's address. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [StreetAddress <String>]: The street address of the user's place of business. Maximum length is 1024 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Surname <String>]: The user's surname (family name or last name). Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Teamwork <IMicrosoftGraphUserTeamwork>]: userTeamwork [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Todo <IMicrosoftGraphTodo>]: todo [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [UsageLocation <String>]: A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: US, JP, and GB. Not nullable. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [UserPrincipalName <String>]: The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property cannot contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, ' . - _ ! # ^ ~. For the complete list of allowed characters, see username policies. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith) and $orderBy. [UserType <String>]: A string value that can be used to classify user types in your directory, such as Member and Guest. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). NOTE: For more information about the permissions for member and guest users, see What are the default user permissions in Azure Active Directory? [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [DriveType <String>]: Describes the type of drive represented by this resource. OneDrive personal drives will return personal. OneDrive for Business will return business. SharePoint document libraries will return documentLibrary. Read-only. [List <IMicrosoftGraphList>]: list [Owner <IMicrosoftGraphIdentitySet>]: identitySet [Quota <IMicrosoftGraphQuota>]: quota [(Any) <Object>]: This indicates any property can be added to this object. [Deleted <Int64?>]: Total space consumed by files in the recycle bin, in bytes. Read-only. [Remaining <Int64?>]: Total space remaining before reaching the quota limit, in bytes. Read-only. [State <String>]: Enumeration value that indicates the state of the storage space. Read-only. [StoragePlanInformation <IMicrosoftGraphStoragePlanInformation>]: storagePlanInformation [(Any) <Object>]: This indicates any property can be added to this object. [UpgradeAvailable <Boolean?>]: Indicates whether there are higher storage quota plans available. Read-only. [Total <Int64?>]: Total allowed storage space, in bytes. Read-only. [Used <Int64?>]: Total space used, in bytes. Read-only. [Root <IMicrosoftGraphDriveItem>]: driveItem [SharePointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [System <IMicrosoftGraphSystemFacet>]: systemFacet [ExpirationDateTime <DateTime?>]: Timestamp of when the group is set to expire. The value cannot be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. [GroupTypes <String[]>]: Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static. Returned by default. Supports $filter (eq, not). [HasMembersWithLicenseErrors <Boolean?>]: Indicates whether there are members in this group that have license errors from its group-based license assignment. This property is never returned on a GET operation. You can use it as a $filter argument to get groups that have members with license errors (that is, filter for this property being true). See an example. Supports $filter (eq). [HideFromAddressLists <Boolean?>]: True if the group is not displayed in certain parts of the Outlook UI: the Address Book, address lists for selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [HideFromOutlookClients <Boolean?>]: True if the group is not displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [IsArchived <Boolean?>]: When a group is associated with a team this property determines whether the team is in read-only mode.To read this property, use the /group/{groupId}/team endpoint or the Get team API. To update this property, use the archiveTeam and unarchiveTeam APIs. [IsAssignableToRole <Boolean?>]: Indicates whether this group can be assigned to an Azure Active Directory role or not. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group cannot be a dynamic group (that is, groupTypes cannot contain DynamicMembership). Only callers in Global Administrator and Privileged Role Administrator roles can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Azure AD role assignmentsUsing this feature requires a Azure AD Premium P1 license. Returned by default. Supports $filter (eq, ne, not). [IsSubscribedByMail <Boolean?>]: Indicates whether the signed-in user is subscribed to receive email conversations. Default value is true. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [LicenseProcessingState <IMicrosoftGraphLicenseProcessingState>]: licenseProcessingState [(Any) <Object>]: This indicates any property can be added to this object. [State <String>]: [Mail <String>]: The SMTP address for the group, for example, 'serviceadmins@contoso.onmicrosoft.com'. Returned by default. Read-only. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MailEnabled <Boolean?>]: Specifies whether the group is mail-enabled. Required. Returned by default. Supports $filter (eq, ne, not). [MailNickname <String>]: The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () / [] ' ; : <> , SPACE. Required. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MembershipRule <String>]: The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax. Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith). [MembershipRuleProcessingState <String>]: Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused. Returned by default. Supports $filter (eq, ne, not, in). [OnPremisesDomainName <String>]: [OnPremisesLastSyncDateTime <DateTime?>]: Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Read-only. Supports $filter (eq, ne, not, ge, le, in). [OnPremisesNetBiosName <String>]: [OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]: Errors when using Microsoft synchronization product during provisioning. Returned by default. Supports $filter (eq, not). [OnPremisesSamAccountName <String>]: Contains the on-premises SAM account name synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect.Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith). Read-only. [OnPremisesSecurityIdentifier <String>]: Contains the on-premises security identifier (SID) for the group that was synchronized from on-premises to the cloud. Returned by default. Supports $filter (eq including on null values). Read-only. [OnPremisesSyncEnabled <Boolean?>]: true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default). Returned by default. Read-only. Supports $filter (eq, ne, not, in, and eq on null values). [Onenote <IMicrosoftGraphOnenote>]: onenote [Photo <IMicrosoftGraphProfilePhoto>]: profilePhoto [Planner <IMicrosoftGraphPlannerGroup>]: plannerGroup [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PreferredDataLocation <String>]: The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling user must be assigned one of the following Azure AD roles: Global Administrator User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo. Nullable. Returned by default. [PreferredLanguage <String>]: The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example en-US. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [ProxyAddresses <String[]>]: Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required to filter expressions on multi-valued properties. Returned by default. Read-only. Not nullable. Supports $filter (eq, not, ge, le, startsWith, endsWith, /$count eq 0, /$count ne 0). [RenewedDateTime <DateTime?>]: Timestamp of when the group was last renewed. This cannot be modified directly and is only updated via the renew service action. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. [SecurityEnabled <Boolean?>]: Specifies whether the group is a security group. Required. Returned by default. Supports $filter (eq, ne, not, in). [SecurityIdentifier <String>]: Security identifier of the group, used in Windows scenarios. Returned by default. [Team <IMicrosoftGraphTeam>]: team [Theme <String>]: Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red. Returned by default. [UnseenCount <Int32?>]: Count of conversations that have received new posts since the signed-in user last visited the group. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [Visibility <String>]: Specifies the group join policy and group content visibility for groups. Possible values are: Private, Public, or HiddenMembership. HiddenMembership can be set only for Microsoft 365 groups, when the groups are created. It can't be updated later. Other values of visibility can be updated after group creation. If visibility value is not specified during group creation on Microsoft Graph, a security group is created as Private by default and Microsoft 365 group is Public. Groups assignable to roles are always Private. See group visibility options to learn more. Returned by default. Nullable. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritycaseediscoverycasecustodianunifiedgroupsource #> function New-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUnifiedGroupSource])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUnifiedGroupSource] # unifiedGroupSource # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time the dataSource was created. ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The display name of the dataSource. # This will be the name of the SharePoint site. ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphGroup] # group # To construct, see NOTES section for GROUP properties and create a hash table. ${Group}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceHoldStatus ${HoldStatus}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # sourceType ${IncludedSources}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource_CreateExpanded'; CreateViaIdentity = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource_CreateViaIdentity'; CreateViaIdentityExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource_CreateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create a new userSource object associated with an eDiscovery custodian. .Description Create a new userSource object associated with an eDiscovery custodian. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUserSource .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUserSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityUserSource>: userSource [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the dataSource was created. [DisplayName <String>]: The display name of the dataSource. This will be the name of the SharePoint site. [HoldStatus <String>]: dataSourceHoldStatus [Id <String>]: The unique idenfier for an entity. Read-only. [Email <String>]: Email address of the user's mailbox. [IncludedSources <String>]: sourceType [SiteWebUrl <String>]: The URL of the user's OneDrive for Business site. Read-only. CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritycaseediscoverycasecustodianusersource #> function New-MgSecurityCaseEdiscoveryCaseCustodianUserSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUserSource])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUserSource] # userSource # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time the dataSource was created. ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The display name of the dataSource. # This will be the name of the SharePoint site. ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Email address of the user's mailbox. ${Email}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceHoldStatus ${HoldStatus}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # sourceType ${IncludedSources}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The URL of the user's OneDrive for Business site. # Read-only. ${SiteWebUrl}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodianUserSource_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodianUserSource_CreateExpanded'; CreateViaIdentity = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodianUserSource_CreateViaIdentity'; CreateViaIdentityExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodianUserSource_CreateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create a new ediscoveryCustodian object.\nAfter the custodian object is created, you will need to create the custodian's userSource to reference their mailbox and OneDrive for Business site. .Description Create a new ediscoveryCustodian object.\nAfter the custodian object is created, you will need to create the custodian's userSource to reference their mailbox and OneDrive for Business site. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCustodian .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCustodian .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityEdiscoveryCustodian>: ediscoveryCustodian [(Any) <Object>]: This indicates any property can be added to this object. [CreatedDateTime <DateTime?>]: Created date and time of the dataSourceContainer entity. [DisplayName <String>]: Display name of the dataSourceContainer entity. [HoldStatus <String>]: dataSourceHoldStatus [LastModifiedDateTime <DateTime?>]: Last modified date and time of the dataSourceContainer. [ReleasedDateTime <DateTime?>]: Date and time that the dataSourceContainer was released from the case. [Status <String>]: dataSourceContainerStatus [Id <String>]: The unique idenfier for an entity. Read-only. [AcknowledgedDateTime <DateTime?>]: Date and time the custodian acknowledged a hold notification. [Email <String>]: Email address of the custodian. [LastIndexOperation <IMicrosoftGraphSecurityEdiscoveryIndexOperation>]: ediscoveryIndexOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritycaseediscoverycasecustodian #> function New-MgSecurityCaseEdiscoveryCaseCustodian { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCustodian])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCustodian] # ediscoveryCustodian # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time the custodian acknowledged a hold notification. ${AcknowledgedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Created date and time of the dataSourceContainer entity. ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Display name of the dataSourceContainer entity. ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Email address of the custodian. ${Email}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceHoldStatus ${HoldStatus}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Runtime.Info(PossibleTypes=([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryIndexOperation]))] [System.Collections.Hashtable] # ediscoveryIndexOperation ${LastIndexOperation}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Last modified date and time of the dataSourceContainer. ${LastModifiedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time that the dataSourceContainer was released from the case. ${ReleasedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceContainerStatus ${Status}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodian_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodian_CreateExpanded'; CreateViaIdentity = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodian_CreateViaIdentity'; CreateViaIdentityExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseCustodian_CreateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create a new ediscoveryNoncustodialDataSource object. .Description Create a new ediscoveryNoncustodialDataSource object. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource>: ediscoveryNoncustodialDataSource [(Any) <Object>]: This indicates any property can be added to this object. [CreatedDateTime <DateTime?>]: Created date and time of the dataSourceContainer entity. [DisplayName <String>]: Display name of the dataSourceContainer entity. [HoldStatus <String>]: dataSourceHoldStatus [LastModifiedDateTime <DateTime?>]: Last modified date and time of the dataSourceContainer. [ReleasedDateTime <DateTime?>]: Date and time that the dataSourceContainer was released from the case. [Status <String>]: dataSourceContainerStatus [Id <String>]: The unique idenfier for an entity. Read-only. [DataSource <IMicrosoftGraphSecurityDataSource>]: dataSource [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the dataSource was created. [DisplayName <String>]: The display name of the dataSource. This will be the name of the SharePoint site. [HoldStatus <String>]: dataSourceHoldStatus [LastIndexOperation <IMicrosoftGraphSecurityEdiscoveryIndexOperation>]: ediscoveryIndexOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. DATASOURCE <IMicrosoftGraphSecurityDataSource>: dataSource [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the dataSource was created. [DisplayName <String>]: The display name of the dataSource. This will be the name of the SharePoint site. [HoldStatus <String>]: dataSourceHoldStatus INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritycaseediscoverycasenoncustodialdatasource #> function New-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource] # ediscoveryNoncustodialDataSource # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Created date and time of the dataSourceContainer entity. ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource] # dataSource # To construct, see NOTES section for DATASOURCE properties and create a hash table. ${DataSource}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Display name of the dataSourceContainer entity. ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceHoldStatus ${HoldStatus}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Runtime.Info(PossibleTypes=([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryIndexOperation]))] [System.Collections.Hashtable] # ediscoveryIndexOperation ${LastIndexOperation}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Last modified date and time of the dataSourceContainer. ${LastModifiedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time that the dataSourceContainer was released from the case. ${ReleasedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceContainerStatus ${Status}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource_CreateExpanded'; CreateViaIdentity = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource_CreateViaIdentity'; CreateViaIdentityExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource_CreateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create new navigation property to operations for security .Description Create new navigation property to operations for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCaseOperation .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCaseOperation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityCaseOperation>: caseOperation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource RESULTINFO <IMicrosoftGraphResultInfo>: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritycaseediscoverycaseoperation #> function New-MgSecurityCaseEdiscoveryCaseOperation { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCaseOperation])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCaseOperation] # caseOperation # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # caseAction ${Action}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time the operation was completed. ${CompletedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time the operation was created. ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Int32] # The progress of the operation. ${PercentProgress}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphResultInfo] # resultInfo # To construct, see NOTES section for RESULTINFO properties and create a hash table. ${ResultInfo}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # caseOperationStatus ${Status}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseOperation_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseOperation_CreateExpanded'; CreateViaIdentity = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseOperation_CreateViaIdentity'; CreateViaIdentityExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseOperation_CreateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create a new ediscoveryReviewSetQuery object. .Description Create a new ediscoveryReviewSetQuery object. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Inputs System.Collections.Hashtable .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSetQuery .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource LASTMODIFIEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritycaseediscoverycasereviewsetquery #> function New-MgSecurityCaseEdiscoveryCaseReviewSetQuery { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSetQuery])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewSet ${EdiscoveryReviewSetId}, [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Runtime.Info(Required, PossibleTypes=([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSetQuery]))] [System.Collections.Hashtable] # ediscoveryReviewSetQuery ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${ContentQuery}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${Description}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for LASTMODIFIEDBY properties and create a hash table. ${LastModifiedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${LastModifiedDateTime}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseReviewSetQuery_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseReviewSetQuery_CreateExpanded'; CreateViaIdentity = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseReviewSetQuery_CreateViaIdentity'; CreateViaIdentityExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseReviewSetQuery_CreateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create a new ediscoveryReviewSet object. .Description Create a new ediscoveryReviewSet object. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSet .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSet .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityEdiscoveryReviewSet>: ediscoveryReviewSet [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: [DisplayName <String>]: [Id <String>]: The unique idenfier for an entity. Read-only. CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritycaseediscoverycasereviewset #> function New-MgSecurityCaseEdiscoveryCaseReviewSet { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSet])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSet] # ediscoveryReviewSet # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseReviewSet_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseReviewSet_CreateExpanded'; CreateViaIdentity = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseReviewSet_CreateViaIdentity'; CreateViaIdentityExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseReviewSet_CreateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create a new additional source associated with an eDiscovery search. .Description Create a new additional source associated with an eDiscovery search. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityDataSource>: dataSource [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the dataSource was created. [DisplayName <String>]: The display name of the dataSource. This will be the name of the SharePoint site. [HoldStatus <String>]: dataSourceHoldStatus CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritycaseediscoverycasesearchadditionalsource #> function New-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoverySearch ${EdiscoverySearchId}, [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource] # dataSource # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time the dataSource was created. ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The display name of the dataSource. # This will be the name of the SharePoint site. ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceHoldStatus ${HoldStatus}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource_CreateExpanded'; CreateViaIdentity = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource_CreateViaIdentity'; CreateViaIdentityExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource_CreateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create a new ediscoverySearch object. .Description Create a new ediscoverySearch object. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoverySearch .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoverySearch .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. ADDTOREVIEWSETOPERATION <IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation>: ediscoveryAddToReviewSetOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [ReviewSet <IMicrosoftGraphSecurityEdiscoveryReviewSet>]: ediscoveryReviewSet [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: [DisplayName <String>]: [Id <String>]: The unique idenfier for an entity. Read-only. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [(Any) <Object>]: This indicates any property can be added to this object. [ContentQuery <String>]: [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: [Description <String>]: [DisplayName <String>]: [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [AddToReviewSetOperation <IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation>]: ediscoveryAddToReviewSetOperation [DataSourceScopes <String>]: dataSourceScopes [LastEstimateStatisticsOperation <IMicrosoftGraphSecurityEdiscoveryEstimateOperation>]: ediscoveryEstimateOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [IndexedItemCount <Int64?>]: The estimated count of items for the search that matched the content query. [IndexedItemsSize <Int64?>]: The estimated size of items for the search that matched the content query. [MailboxCount <Int32?>]: The number of mailboxes that had search hits. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [SiteCount <Int32?>]: The number of mailboxes that had search hits. [UnindexedItemCount <Int64?>]: The estimated count of unindexed items for the collection. [UnindexedItemsSize <Int64?>]: The estimated size of unindexed items for the collection. BODYPARAMETER <IMicrosoftGraphSecurityEdiscoverySearch>: ediscoverySearch [(Any) <Object>]: This indicates any property can be added to this object. [ContentQuery <String>]: [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: [Description <String>]: [DisplayName <String>]: [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [AddToReviewSetOperation <IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation>]: ediscoveryAddToReviewSetOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [ReviewSet <IMicrosoftGraphSecurityEdiscoveryReviewSet>]: ediscoveryReviewSet [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: [DisplayName <String>]: [Id <String>]: The unique idenfier for an entity. Read-only. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [DataSourceScopes <String>]: dataSourceScopes [LastEstimateStatisticsOperation <IMicrosoftGraphSecurityEdiscoveryEstimateOperation>]: ediscoveryEstimateOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [IndexedItemCount <Int64?>]: The estimated count of items for the search that matched the content query. [IndexedItemsSize <Int64?>]: The estimated size of items for the search that matched the content query. [MailboxCount <Int32?>]: The number of mailboxes that had search hits. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [SiteCount <Int32?>]: The number of mailboxes that had search hits. [UnindexedItemCount <Int64?>]: The estimated count of unindexed items for the collection. [UnindexedItemsSize <Int64?>]: The estimated size of unindexed items for the collection. CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource LASTESTIMATESTATISTICSOPERATION <IMicrosoftGraphSecurityEdiscoveryEstimateOperation>: ediscoveryEstimateOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [IndexedItemCount <Int64?>]: The estimated count of items for the search that matched the content query. [IndexedItemsSize <Int64?>]: The estimated size of items for the search that matched the content query. [MailboxCount <Int32?>]: The number of mailboxes that had search hits. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [(Any) <Object>]: This indicates any property can be added to this object. [ContentQuery <String>]: [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: [Description <String>]: [DisplayName <String>]: [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [AddToReviewSetOperation <IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation>]: ediscoveryAddToReviewSetOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [ReviewSet <IMicrosoftGraphSecurityEdiscoveryReviewSet>]: ediscoveryReviewSet [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: [DisplayName <String>]: [Id <String>]: The unique idenfier for an entity. Read-only. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [DataSourceScopes <String>]: dataSourceScopes [LastEstimateStatisticsOperation <IMicrosoftGraphSecurityEdiscoveryEstimateOperation>]: ediscoveryEstimateOperation [SiteCount <Int32?>]: The number of mailboxes that had search hits. [UnindexedItemCount <Int64?>]: The estimated count of unindexed items for the collection. [UnindexedItemsSize <Int64?>]: The estimated size of unindexed items for the collection. LASTMODIFIEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritycaseediscoverycasesearch #> function New-MgSecurityCaseEdiscoveryCaseSearch { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoverySearch])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoverySearch] # ediscoverySearch # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation] # ediscoveryAddToReviewSetOperation # To construct, see NOTES section for ADDTOREVIEWSETOPERATION properties and create a hash table. ${AddToReviewSetOperation}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${ContentQuery}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceScopes ${DataSourceScopes}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${Description}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryEstimateOperation] # ediscoveryEstimateOperation # To construct, see NOTES section for LASTESTIMATESTATISTICSOPERATION properties and create a hash table. ${LastEstimateStatisticsOperation}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for LASTMODIFIEDBY properties and create a hash table. ${LastModifiedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${LastModifiedDateTime}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseSearch_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseSearch_CreateExpanded'; CreateViaIdentity = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseSearch_CreateViaIdentity'; CreateViaIdentityExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseSearch_CreateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create a new ediscoveryReviewTag object. .Description Create a new ediscoveryReviewTag object. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityEdiscoveryReviewTag>: ediscoveryReviewTag [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [Description <String>]: [DisplayName <String>]: [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [ChildSelectability <String>]: childSelectability [Parent <IMicrosoftGraphSecurityEdiscoveryReviewTag>]: ediscoveryReviewTag CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource PARENT <IMicrosoftGraphSecurityEdiscoveryReviewTag>: ediscoveryReviewTag [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [Description <String>]: [DisplayName <String>]: [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [ChildSelectability <String>]: childSelectability [Parent <IMicrosoftGraphSecurityEdiscoveryReviewTag>]: ediscoveryReviewTag .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritycaseediscoverycasetag #> function New-MgSecurityCaseEdiscoveryCaseTag { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory)] [Parameter(ParameterSetName='CreateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='CreateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag] # ediscoveryReviewTag # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # childSelectability ${ChildSelectability}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${Description}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${LastModifiedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Parameter(ParameterSetName='CreateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag] # ediscoveryReviewTag # To construct, see NOTES section for PARENT properties and create a hash table. ${Parent}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseTag_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseTag_CreateExpanded'; CreateViaIdentity = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseTag_CreateViaIdentity'; CreateViaIdentityExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCaseTag_CreateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create a new ediscoveryCase object. .Description Create a new ediscoveryCase object. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCase .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCase .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityEdiscoveryCase>: ediscoveryCase [(Any) <Object>]: This indicates any property can be added to this object. [CreatedDateTime <DateTime?>]: [Description <String>]: [DisplayName <String>]: [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [LastModifiedDateTime <DateTime?>]: [Status <String>]: caseStatus [Id <String>]: The unique idenfier for an entity. Read-only. [ClosedBy <IMicrosoftGraphIdentitySet>]: identitySet [ClosedDateTime <DateTime?>]: The date and time when the case was closed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z [ExternalId <String>]: The external case number for customer reference. [Settings <IMicrosoftGraphSecurityEdiscoveryCaseSettings>]: ediscoveryCaseSettings [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Ocr <IMicrosoftGraphSecurityOcrSettings>]: ocrSettings [(Any) <Object>]: This indicates any property can be added to this object. [IsEnabled <Boolean?>]: Indicates whether or not OCR is enabled for the case. [MaxImageSize <Int32?>]: Maximum image size that will be processed in KB). [Timeout <TimeSpan?>]: The timeout duration for the OCR engine. A longer timeout might increase success of OCR, but might add to the total processing time. [RedundancyDetection <IMicrosoftGraphSecurityRedundancyDetectionSettings>]: redundancyDetectionSettings [(Any) <Object>]: This indicates any property can be added to this object. [IsEnabled <Boolean?>]: Indicates whether email threading and near duplicate detection are enabled. [MaxWords <Int32?>]: Specifies the maximum number of words used for email threading and near duplicate detection. To learn more, see Minimum/maximum number of words. [MinWords <Int32?>]: Specifies the minimum number of words used for email threading and near duplicate detection. To learn more, see Minimum/maximum number of words. [SimilarityThreshold <Int32?>]: Specifies the similarity level for documents to be put in the same near duplicate set. To learn more, see Document and email similarity threshold. [TopicModeling <IMicrosoftGraphSecurityTopicModelingSettings>]: topicModelingSettings [(Any) <Object>]: This indicates any property can be added to this object. [DynamicallyAdjustTopicCount <Boolean?>]: Indicates whether the themes model should dynamically optimize the number of generated topics. To learn more, see Adjust maximum number of themes dynamically. [IgnoreNumbers <Boolean?>]: Indicates whether the themes model should exclude numbers while parsing document texts. To learn more, see Include numbers in themes. [IsEnabled <Boolean?>]: Indicates whether themes model is enabled for the case. [TopicCount <Int32?>]: The total number of topics that the themes model will generate for a review set. To learn more, see Maximum number of themes. CLOSEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity LASTMODIFIEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity SETTINGS <IMicrosoftGraphSecurityEdiscoveryCaseSettings>: ediscoveryCaseSettings [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Ocr <IMicrosoftGraphSecurityOcrSettings>]: ocrSettings [(Any) <Object>]: This indicates any property can be added to this object. [IsEnabled <Boolean?>]: Indicates whether or not OCR is enabled for the case. [MaxImageSize <Int32?>]: Maximum image size that will be processed in KB). [Timeout <TimeSpan?>]: The timeout duration for the OCR engine. A longer timeout might increase success of OCR, but might add to the total processing time. [RedundancyDetection <IMicrosoftGraphSecurityRedundancyDetectionSettings>]: redundancyDetectionSettings [(Any) <Object>]: This indicates any property can be added to this object. [IsEnabled <Boolean?>]: Indicates whether email threading and near duplicate detection are enabled. [MaxWords <Int32?>]: Specifies the maximum number of words used for email threading and near duplicate detection. To learn more, see Minimum/maximum number of words. [MinWords <Int32?>]: Specifies the minimum number of words used for email threading and near duplicate detection. To learn more, see Minimum/maximum number of words. [SimilarityThreshold <Int32?>]: Specifies the similarity level for documents to be put in the same near duplicate set. To learn more, see Document and email similarity threshold. [TopicModeling <IMicrosoftGraphSecurityTopicModelingSettings>]: topicModelingSettings [(Any) <Object>]: This indicates any property can be added to this object. [DynamicallyAdjustTopicCount <Boolean?>]: Indicates whether the themes model should dynamically optimize the number of generated topics. To learn more, see Adjust maximum number of themes dynamically. [IgnoreNumbers <Boolean?>]: Indicates whether the themes model should exclude numbers while parsing document texts. To learn more, see Include numbers in themes. [IsEnabled <Boolean?>]: Indicates whether themes model is enabled for the case. [TopicCount <Int32?>]: The total number of topics that the themes model will generate for a review set. To learn more, see Maximum number of themes. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritycaseediscoverycase #> function New-MgSecurityCaseEdiscoveryCase { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCase])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCase] # ediscoveryCase # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CLOSEDBY properties and create a hash table. ${ClosedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time when the case was closed. # The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. # For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z ${ClosedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${Description}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The external case number for customer reference. ${ExternalId}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for LASTMODIFIEDBY properties and create a hash table. ${LastModifiedBy}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${LastModifiedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCaseSettings] # ediscoveryCaseSettings # To construct, see NOTES section for SETTINGS properties and create a hash table. ${Settings}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # caseStatus ${Status}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCase_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityCaseEdiscoveryCase_CreateExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create new navigation property to incidents for security .Description Create new navigation property to incidents for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityIncident .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityIncident .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityIncident>: incident [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AssignedTo <String>]: Owner of the incident, or null if no owner is assigned. Free editable text. [Classification <String>]: alertClassification [Comments <IMicrosoftGraphSecurityAlertComment[]>]: Array of comments created by the Security Operations (SecOps) team when the incident is managed. [CreatedDateTime <DateTime?>]: Time when the incident was first created. [CustomTags <String[]>]: Array of custom tags associated with an incident. [Determination <String>]: alertDetermination [DisplayName <String>]: The incident name. [IncidentWebUrl <String>]: The URL for the incident page in the Microsoft 365 Defender portal. [LastUpdateDateTime <DateTime?>]: Time when the incident was last updated. [RedirectIncidentId <String>]: Only populated in case an incident is grouped together with another incident, as part of the logic that processes incidents. In such a case, the status property is redirected. [Severity <String>]: alertSeverity [Status <String>]: incidentStatus [TenantId <String>]: The Azure Active Directory tenant in which the alert was created. COMMENTS <IMicrosoftGraphSecurityAlertComment[]>: Array of comments created by the Security Operations (SecOps) team when the incident is managed. [Comment <String>]: The comment text. [CreatedByDisplayName <String>]: The person or app name that submitted the comment. [CreatedDateTime <DateTime?>]: The time when the comment was submitted. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecurityincident #> function New-MgSecurityIncident { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityIncident])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityIncident] # incident # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Owner of the incident, or null if no owner is assigned. # Free editable text. ${AssignedTo}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # alertClassification ${Classification}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityAlertComment[]] # Array of comments created by the Security Operations (SecOps) team when the incident is managed. # To construct, see NOTES section for COMMENTS properties and create a hash table. ${Comments}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time when the incident was first created. ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # Array of custom tags associated with an incident. ${CustomTags}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # alertDetermination ${Determination}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The incident name. ${DisplayName}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The URL for the incident page in the Microsoft 365 Defender portal. ${IncidentWebUrl}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time when the incident was last updated. ${LastUpdateDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Only populated in case an incident is grouped together with another incident, as part of the logic that processes incidents. # In such a case, the status property is redirected. ${RedirectIncidentId}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # alertSeverity ${Severity}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # incidentStatus ${Status}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The Azure Active Directory tenant in which the alert was created. ${TenantId}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecurityIncident_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecurityIncident_CreateExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create new navigation property to secureScoreControlProfiles for security .Description Create new navigation property to secureScoreControlProfiles for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScoreControlProfile .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScoreControlProfile .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecureScoreControlProfile>: secureScoreControlProfile [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ActionType <String>]: Control action type (Config, Review, Behavior). [ActionUrl <String>]: URL to where the control can be actioned. [AzureTenantId <String>]: GUID string for tenant ID. [ComplianceInformation <IMicrosoftGraphComplianceInformation[]>]: The collection of compliance information associated with secure score control [CertificationControls <IMicrosoftGraphCertificationControl[]>]: Collection of the certification controls associated with certification [Name <String>]: Certification control name [Url <String>]: URL for the Microsoft Service Trust Portal [CertificationName <String>]: Compliance certification name (for example, ISO 27018:2014, GDPR, FedRAMP, NIST 800-171) [ControlCategory <String>]: Control action category (Identity, Data, Device, Apps, Infrastructure). [ControlStateUpdates <IMicrosoftGraphSecureScoreControlStateUpdate[]>]: Flag to indicate where the tenant has marked a control (ignored, thirdParty, reviewed) (supports update). [AssignedTo <String>]: Assigns the control to the user who will take the action. [Comment <String>]: Provides optional comment about the control. [State <String>]: State of the control, which can be modified via a PATCH command (for example, ignored, thirdParty). [UpdatedBy <String>]: ID of the user who updated tenant state. [UpdatedDateTime <DateTime?>]: Time at which the control state was updated. [Deprecated <Boolean?>]: Flag to indicate if a control is depreciated. [ImplementationCost <String>]: Resource cost of implemmentating control (low, moderate, high). [LastModifiedDateTime <DateTime?>]: Time at which the control profile entity was last modified. The Timestamp type represents date and time [MaxScore <Double?>]: max attainable score for the control. [Rank <Int32?>]: Microsoft's stack ranking of control. [Remediation <String>]: Description of what the control will help remediate. [RemediationImpact <String>]: Description of the impact on users of the remediation. [Service <String>]: Service that owns the control (Exchange, Sharepoint, Azure AD). [Threats <String[]>]: List of threats the control mitigates (accountBreach,dataDeletion,dataExfiltration,dataSpillage, [Tier <String>]: [Title <String>]: [UserImpact <String>]: [VendorInformation <IMicrosoftGraphSecurityVendorInformation>]: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required COMPLIANCEINFORMATION <IMicrosoftGraphComplianceInformation[]>: The collection of compliance information associated with secure score control [CertificationControls <IMicrosoftGraphCertificationControl[]>]: Collection of the certification controls associated with certification [Name <String>]: Certification control name [Url <String>]: URL for the Microsoft Service Trust Portal [CertificationName <String>]: Compliance certification name (for example, ISO 27018:2014, GDPR, FedRAMP, NIST 800-171) CONTROLSTATEUPDATES <IMicrosoftGraphSecureScoreControlStateUpdate[]>: Flag to indicate where the tenant has marked a control (ignored, thirdParty, reviewed) (supports update). [AssignedTo <String>]: Assigns the control to the user who will take the action. [Comment <String>]: Provides optional comment about the control. [State <String>]: State of the control, which can be modified via a PATCH command (for example, ignored, thirdParty). [UpdatedBy <String>]: ID of the user who updated tenant state. [UpdatedDateTime <DateTime?>]: Time at which the control state was updated. VENDORINFORMATION <IMicrosoftGraphSecurityVendorInformation>: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritysecurescorecontrolprofile #> function New-MgSecuritySecureScoreControlProfile { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScoreControlProfile])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScoreControlProfile] # secureScoreControlProfile # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Control action type (Config, Review, Behavior). ${ActionType}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # URL to where the control can be actioned. ${ActionUrl}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # GUID string for tenant ID. ${AzureTenantId}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphComplianceInformation[]] # The collection of compliance information associated with secure score control # To construct, see NOTES section for COMPLIANCEINFORMATION properties and create a hash table. ${ComplianceInformation}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Control action category (Identity, Data, Device, Apps, Infrastructure). ${ControlCategory}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScoreControlStateUpdate[]] # Flag to indicate where the tenant has marked a control (ignored, thirdParty, reviewed) (supports update). # To construct, see NOTES section for CONTROLSTATEUPDATES properties and create a hash table. ${ControlStateUpdates}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Management.Automation.SwitchParameter] # Flag to indicate if a control is depreciated. ${Deprecated}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Resource cost of implemmentating control (low, moderate, high). ${ImplementationCost}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time at which the control profile entity was last modified. # The Timestamp type represents date and time ${LastModifiedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Double] # max attainable score for the control. ${MaxScore}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Int32] # Microsoft's stack ranking of control. ${Rank}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Description of what the control will help remediate. ${Remediation}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Description of the impact on users of the remediation. ${RemediationImpact}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Service that owns the control (Exchange, Sharepoint, Azure AD). ${Service}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # List of threats the control mitigates (accountBreach,dataDeletion,dataExfiltration,dataSpillage, ${Threats}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${Tier}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${Title}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${UserImpact}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityVendorInformation] # securityVendorInformation # To construct, see NOTES section for VENDORINFORMATION properties and create a hash table. ${VendorInformation}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecuritySecureScoreControlProfile_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecuritySecureScoreControlProfile_CreateExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Create new navigation property to secureScores for security .Description Create new navigation property to secureScores for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScore .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScore .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. AVERAGECOMPARATIVESCORES <IMicrosoftGraphAverageComparativeScore[]>: Average score by different scopes (for example, average by industry, average by seating) and control category (Identity, Data, Device, Apps, Infrastructure) within the scope. [AverageScore <Double?>]: Average score within specified basis. [Basis <String>]: Scope type. The possible values are: AllTenants, TotalSeats, IndustryTypes. BODYPARAMETER <IMicrosoftGraphSecureScore>: secureScore [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ActiveUserCount <Int32?>]: Active user count of the given tenant. [AverageComparativeScores <IMicrosoftGraphAverageComparativeScore[]>]: Average score by different scopes (for example, average by industry, average by seating) and control category (Identity, Data, Device, Apps, Infrastructure) within the scope. [AverageScore <Double?>]: Average score within specified basis. [Basis <String>]: Scope type. The possible values are: AllTenants, TotalSeats, IndustryTypes. [AzureTenantId <String>]: GUID string for tenant ID. [ControlScores <IMicrosoftGraphControlScore[]>]: Contains tenant scores for a set of controls. [ControlCategory <String>]: Control action category (Identity, Data, Device, Apps, Infrastructure). [ControlName <String>]: Control unique name. [Description <String>]: Description of the control. [Score <Double?>]: Tenant achieved score for the control (it varies day by day depending on tenant operations on the control). [CreatedDateTime <DateTime?>]: The date when the entity is created. [CurrentScore <Double?>]: Tenant current attained score on specified date. [EnabledServices <String[]>]: Microsoft-provided services for the tenant (for example, Exchange online, Skype, Sharepoint). [LicensedUserCount <Int32?>]: Licensed user count of the given tenant. [MaxScore <Double?>]: Tenant maximum possible score on specified date. [VendorInformation <IMicrosoftGraphSecurityVendorInformation>]: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required CONTROLSCORES <IMicrosoftGraphControlScore[]>: Contains tenant scores for a set of controls. [ControlCategory <String>]: Control action category (Identity, Data, Device, Apps, Infrastructure). [ControlName <String>]: Control unique name. [Description <String>]: Description of the control. [Score <Double?>]: Tenant achieved score for the control (it varies day by day depending on tenant operations on the control). VENDORINFORMATION <IMicrosoftGraphSecurityVendorInformation>: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/new-mgsecuritysecurescore #> function New-MgSecuritySecureScore { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScore])] [CmdletBinding(DefaultParameterSetName='CreateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Create', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScore] # secureScore # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Int32] # Active user count of the given tenant. ${ActiveUserCount}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAverageComparativeScore[]] # Average score by different scopes (for example, average by industry, average by seating) and control category (Identity, Data, Device, Apps, Infrastructure) within the scope. # To construct, see NOTES section for AVERAGECOMPARATIVESCORES properties and create a hash table. ${AverageComparativeScores}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # GUID string for tenant ID. ${AzureTenantId}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphControlScore[]] # Contains tenant scores for a set of controls. # To construct, see NOTES section for CONTROLSCORES properties and create a hash table. ${ControlScores}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date when the entity is created. ${CreatedDateTime}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Double] # Tenant current attained score on specified date. ${CurrentScore}, [Parameter(ParameterSetName='CreateExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # Microsoft-provided services for the tenant (for example, Exchange online, Skype, Sharepoint). ${EnabledServices}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Int32] # Licensed user count of the given tenant. ${LicensedUserCount}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Double] # Tenant maximum possible score on specified date. ${MaxScore}, [Parameter(ParameterSetName='CreateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityVendorInformation] # securityVendorInformation # To construct, see NOTES section for VENDORINFORMATION properties and create a hash table. ${VendorInformation}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Create = 'Microsoft.Graph.Security.private\New-MgSecuritySecureScore_Create'; CreateExpanded = 'Microsoft.Graph.Security.private\New-MgSecuritySecureScore_CreateExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Release a custodian from a case. For details, see Release a custodian from a case. .Description Release a custodian from a case. For details, see Release a custodian from a case. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/publish-mgsecuritycasesediscoverycasescustodian #> function Publish-MgSecurityCasesEdiscoveryCasesCustodian { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Release', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Release', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Release', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='ReleaseViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Release = 'Microsoft.Graph.Security.private\Publish-MgSecurityCasesEdiscoveryCasesCustodian_Release'; ReleaseViaIdentity = 'Microsoft.Graph.Security.private\Publish-MgSecurityCasesEdiscoveryCasesCustodian_ReleaseViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Release the non-custodial data source from the case. .Description Release the non-custodial data source from the case. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/publish-mgsecuritycasesediscoverycasesnoncustodialdatasource #> function Publish-MgSecurityCasesEdiscoveryCasesNoncustodialDataSource { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Release', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Release', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Release', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryNoncustodialDataSource ${EdiscoveryNoncustodialDataSourceId}, [Parameter(ParameterSetName='ReleaseViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Release = 'Microsoft.Graph.Security.private\Publish-MgSecurityCasesEdiscoveryCasesNoncustodialDataSource_Release'; ReleaseViaIdentity = 'Microsoft.Graph.Security.private\Publish-MgSecurityCasesEdiscoveryCasesNoncustodialDataSource_ReleaseViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property runs for security .Description Delete navigation property runs for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecurityattacksimulationautomationrun #> function Remove-MgSecurityAttackSimulationAutomationRun { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of simulationAutomation ${SimulationAutomationId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of simulationAutomationRun ${SimulationAutomationRunId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityAttackSimulationAutomationRun_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityAttackSimulationAutomationRun_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property simulationAutomations for security .Description Delete navigation property simulationAutomations for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecurityattacksimulationautomation #> function Remove-MgSecurityAttackSimulationAutomation { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of simulationAutomation ${SimulationAutomationId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityAttackSimulationAutomation_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityAttackSimulationAutomation_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property attackSimulation for security .Description Delete navigation property attackSimulation for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecurityattacksimulation #> function Remove-MgSecurityAttackSimulation { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete1', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of simulation ${SimulationId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityAttackSimulation_Delete'; Delete1 = 'Microsoft.Graph.Security.private\Remove-MgSecurityAttackSimulation_Delete1'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityAttackSimulation_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Start the process of removing hold from eDiscovery custodians. After the operation is created, you can get the status by retrieving the `Location` parameter from the response headers. The location provides a URL that will return an eDiscoveryHoldOperation object. .Description Start the process of removing hold from eDiscovery custodians. After the operation is created, you can get the status by retrieving the `Location` parameter from the response headers. The location provides a URL that will return an eDiscoveryHoldOperation object. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IPaths1P15Ma7SecurityCasesEdiscoverycasesEdiscoverycaseIdCustodiansMicrosoftGraphSecurityRemoveholdPostRequestbodyContentApplicationJsonSchema .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IPaths1P15Ma7SecurityCasesEdiscoverycasesEdiscoverycaseIdCustodiansMicrosoftGraphSecurityRemoveholdPostRequestbodyContentApplicationJsonSchema>: . [(Any) <Object>]: This indicates any property can be added to this object. [Ids <String[]>]: INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycasecustodianhold #> function Remove-MgSecurityCaseEdiscoveryCaseCustodianHold { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='RemoveExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Remove', Mandatory)] [Parameter(ParameterSetName='Remove1', Mandatory)] [Parameter(ParameterSetName='RemoveExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Remove', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='RemoveViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='RemoveViaIdentity1', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='RemoveViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Remove1', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='RemoveViaIdentity1', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IPaths1P15Ma7SecurityCasesEdiscoverycasesEdiscoverycaseIdCustodiansMicrosoftGraphSecurityRemoveholdPostRequestbodyContentApplicationJsonSchema] # . # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='RemoveExpanded')] [Parameter(ParameterSetName='RemoveViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='RemoveExpanded')] [Parameter(ParameterSetName='RemoveViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # . ${Ids}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Remove = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodianHold_Remove'; Remove1 = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodianHold_Remove1'; RemoveExpanded = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodianHold_RemoveExpanded'; RemoveViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodianHold_RemoveViaIdentity'; RemoveViaIdentity1 = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodianHold_RemoveViaIdentity1'; RemoveViaIdentityExpanded = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodianHold_RemoveViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property siteSources for security .Description Delete navigation property siteSources for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycasecustodiansitesource #> function Remove-MgSecurityCaseEdiscoveryCaseCustodianSiteSource { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of siteSource ${SiteSourceId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodianSiteSource_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodianSiteSource_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property unifiedGroupSources for security .Description Delete navigation property unifiedGroupSources for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycasecustodianunifiedgroupsource #> function Remove-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of unifiedGroupSource ${UnifiedGroupSourceId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property userSources for security .Description Delete navigation property userSources for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycasecustodianusersource #> function Remove-MgSecurityCaseEdiscoveryCaseCustodianUserSource { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of userSource ${UserSourceId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodianUserSource_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodianUserSource_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property custodians for security .Description Delete navigation property custodians for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycasecustodian #> function Remove-MgSecurityCaseEdiscoveryCaseCustodian { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodian_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseCustodian_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Start the process of removing hold from eDiscovery non-custodial data sources. After the operation is created, you can get the status by retrieving the `Location` parameter from the response headers. The location provides a URL that will return an eDiscoveryHoldOperation object. .Description Start the process of removing hold from eDiscovery non-custodial data sources. After the operation is created, you can get the status by retrieving the `Location` parameter from the response headers. The location provides a URL that will return an eDiscoveryHoldOperation object. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IPaths101Xa3PSecurityCasesEdiscoverycasesEdiscoverycaseIdNoncustodialdatasourcesMicrosoftGraphSecurityRemoveholdPostRequestbodyContentApplicationJsonSchema .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IPaths101Xa3PSecurityCasesEdiscoverycasesEdiscoverycaseIdNoncustodialdatasourcesMicrosoftGraphSecurityRemoveholdPostRequestbodyContentApplicationJsonSchema>: . [(Any) <Object>]: This indicates any property can be added to this object. [Ids <String[]>]: INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycasenoncustodialdatasourcehold #> function Remove-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='RemoveExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Remove', Mandatory)] [Parameter(ParameterSetName='Remove1', Mandatory)] [Parameter(ParameterSetName='RemoveExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Remove', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryNoncustodialDataSource ${EdiscoveryNoncustodialDataSourceId}, [Parameter(ParameterSetName='RemoveViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='RemoveViaIdentity1', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='RemoveViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Remove1', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='RemoveViaIdentity1', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IPaths101Xa3PSecurityCasesEdiscoverycasesEdiscoverycaseIdNoncustodialdatasourcesMicrosoftGraphSecurityRemoveholdPostRequestbodyContentApplicationJsonSchema] # . # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='RemoveExpanded')] [Parameter(ParameterSetName='RemoveViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='RemoveExpanded')] [Parameter(ParameterSetName='RemoveViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # . ${Ids}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Remove = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold_Remove'; Remove1 = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold_Remove1'; RemoveExpanded = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold_RemoveExpanded'; RemoveViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold_RemoveViaIdentity'; RemoveViaIdentity1 = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold_RemoveViaIdentity1'; RemoveViaIdentityExpanded = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceHold_RemoveViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property noncustodialDataSources for security .Description Delete navigation property noncustodialDataSources for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycasenoncustodialdatasource #> function Remove-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryNoncustodialDataSource ${EdiscoveryNoncustodialDataSourceId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property operations for security .Description Delete navigation property operations for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycaseoperation #> function Remove-MgSecurityCaseEdiscoveryCaseOperation { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of caseOperation ${CaseOperationId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseOperation_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseOperation_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property queries for security .Description Delete navigation property queries for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycasereviewsetquery #> function Remove-MgSecurityCaseEdiscoveryCaseReviewSetQuery { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewSet ${EdiscoveryReviewSetId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewSetQuery ${EdiscoveryReviewSetQueryId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseReviewSetQuery_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseReviewSetQuery_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property reviewSets for security .Description Delete navigation property reviewSets for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycasereviewset #> function Remove-MgSecurityCaseEdiscoveryCaseReviewSet { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewSet ${EdiscoveryReviewSetId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseReviewSet_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseReviewSet_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property additionalSources for security .Description Delete navigation property additionalSources for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycasesearchadditionalsource #> function Remove-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of dataSource ${DataSourceId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoverySearch ${EdiscoverySearchId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property searches for security .Description Delete navigation property searches for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycasesearch #> function Remove-MgSecurityCaseEdiscoveryCaseSearch { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoverySearch ${EdiscoverySearchId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseSearch_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseSearch_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property settings for security .Description Delete navigation property settings for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycasesetting #> function Remove-MgSecurityCaseEdiscoveryCaseSetting { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseSetting_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseSetting_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property tags for security .Description Delete navigation property tags for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycasetag #> function Remove-MgSecurityCaseEdiscoveryCaseTag { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewTag ${EdiscoveryReviewTagId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseTag_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCaseTag_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property ediscoveryCases for security .Description Delete navigation property ediscoveryCases for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycaseediscoverycase #> function Remove-MgSecurityCaseEdiscoveryCase { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCase_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityCaseEdiscoveryCase_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property cases for security .Description Delete navigation property cases for security .Example {{ Add code here }} .Example {{ Add code here }} .Outputs System.Boolean .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritycase #> function Remove-MgSecurityCase { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityCase_Delete'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property incidents for security .Description Delete navigation property incidents for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecurityincident #> function Remove-MgSecurityIncident { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of incident ${IncidentId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecurityIncident_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecurityIncident_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property secureScoreControlProfiles for security .Description Delete navigation property secureScoreControlProfiles for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritysecurescorecontrolprofile #> function Remove-MgSecuritySecureScoreControlProfile { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of secureScoreControlProfile ${SecureScoreControlProfileId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecuritySecureScoreControlProfile_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecuritySecureScoreControlProfile_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Delete navigation property secureScores for security .Description Delete navigation property secureScores for security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/remove-mgsecuritysecurescore #> function Remove-MgSecuritySecureScore { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Delete', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Delete', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of secureScore ${SecureScoreId}, [Parameter(ParameterSetName='DeleteViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Header')] [System.String] # ETag ${IfMatch}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Delete = 'Microsoft.Graph.Security.private\Remove-MgSecuritySecureScore_Delete'; DeleteViaIdentity = 'Microsoft.Graph.Security.private\Remove-MgSecuritySecureScore_DeleteViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Reset a caseSettings object to the default values. .Description Reset a caseSettings object to the default values. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/reset-mgsecuritycaseediscoverycasesettingtodefault #> function Reset-MgSecurityCaseEdiscoveryCaseSettingToDefault { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Reset', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Reset', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='ResetViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Reset = 'Microsoft.Graph.Security.private\Reset-MgSecurityCaseEdiscoveryCaseSettingToDefault_Reset'; ResetViaIdentity = 'Microsoft.Graph.Security.private\Reset-MgSecurityCaseEdiscoveryCaseSettingToDefault_ResetViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Invoke action runHuntingQuery .Description Invoke action runHuntingQuery .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IPathsU5PqctSecurityMicrosoftGraphSecurityRunhuntingqueryPostRequestbodyContentApplicationJsonSchema .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityHuntingQueryResults .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IPathsU5PqctSecurityMicrosoftGraphSecurityRunhuntingqueryPostRequestbodyContentApplicationJsonSchema>: . [(Any) <Object>]: This indicates any property can be added to this object. [Query <String>]: .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/start-mgsecurityhuntingquery #> function Start-MgSecurityHuntingQuery { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityHuntingQueryResults])] [CmdletBinding(DefaultParameterSetName='RunExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Run', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IPathsU5PqctSecurityMicrosoftGraphSecurityRunhuntingqueryPostRequestbodyContentApplicationJsonSchema] # . # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='RunExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='RunExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${Query}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Run = 'Microsoft.Graph.Security.private\Start-MgSecurityHuntingQuery_Run'; RunExpanded = 'Microsoft.Graph.Security.private\Start-MgSecurityHuntingQuery_RunExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property alerts in security .Description Update the navigation property alerts in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlert .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlert .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. ALERTDETECTIONS <IMicrosoftGraphAlertDetection[]>: . [DetectionType <String>]: [Method <String>]: [Name <String>]: BODYPARAMETER <IMicrosoftGraphAlert>: alert [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ActivityGroupName <String>]: Name or alias of the activity group (attacker) this alert is attributed to. [AlertDetections <IMicrosoftGraphAlertDetection[]>]: [DetectionType <String>]: [Method <String>]: [Name <String>]: [AssignedTo <String>]: Name of the analyst the alert is assigned to for triage, investigation, or remediation (supports update). [AzureSubscriptionId <String>]: Azure subscription ID, present if this alert is related to an Azure resource. [AzureTenantId <String>]: Azure Active Directory tenant ID. Required. [Category <String>]: Category of the alert (for example, credentialTheft, ransomware, etc.). [ClosedDateTime <DateTime?>]: Time at which the alert was closed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z (supports update). [CloudAppStates <IMicrosoftGraphCloudAppSecurityState[]>]: Security-related stateful information generated by the provider about the cloud application/s related to this alert. [DestinationServiceIP <String>]: Destination IP Address of the connection to the cloud application/service. [DestinationServiceName <String>]: Cloud application/service name (for example 'Salesforce', 'DropBox', etc.). [RiskScore <String>]: Provider-generated/calculated risk score of the Cloud Application/Service. Recommended value range of 0-1, which equates to a percentage. [Comments <String[]>]: Customer-provided comments on alert (for customer alert management) (supports update). [Confidence <Int32?>]: Confidence of the detection logic (percentage between 1-100). [CreatedDateTime <DateTime?>]: Time at which the alert was created by the alert provider. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Required. [Description <String>]: Alert description. [DetectionIds <String[]>]: Set of alerts related to this alert entity (each alert is pushed to the SIEM as a separate record). [EventDateTime <DateTime?>]: Time at which the event(s) that served as the trigger(s) to generate the alert occurred. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Required. [Feedback <String>]: alertFeedback [FileStates <IMicrosoftGraphFileSecurityState[]>]: Security-related stateful information generated by the provider about the file(s) related to this alert. [FileHash <IMicrosoftGraphFileHash>]: fileHash [(Any) <Object>]: This indicates any property can be added to this object. [HashType <String>]: fileHashType [HashValue <String>]: Value of the file hash. [Name <String>]: File name (without path). [Path <String>]: Full file path of the file/imageFile. [RiskScore <String>]: Provider generated/calculated risk score of the alert file. Recommended value range of 0-1, which equates to a percentage. [HistoryStates <IMicrosoftGraphAlertHistoryState[]>]: [AppId <String>]: [AssignedTo <String>]: [Comments <String[]>]: [Feedback <String>]: alertFeedback [Status <String>]: alertStatus [UpdatedDateTime <DateTime?>]: [User <String>]: [HostStates <IMicrosoftGraphHostSecurityState[]>]: Security-related stateful information generated by the provider about the host(s) related to this alert. [Fqdn <String>]: Host FQDN (Fully Qualified Domain Name) (for example, machine.company.com). [IsAzureAdJoined <Boolean?>]: [IsAzureAdRegistered <Boolean?>]: [IsHybridAzureDomainJoined <Boolean?>]: True if the host is domain joined to an on-premises Active Directory domain. [NetBiosName <String>]: The local host name, without the DNS domain name. [OS <String>]: Host Operating System. (For example, Windows10, MacOS, RHEL, etc.). [PrivateIPAddress <String>]: Private (not routable) IPv4 or IPv6 address (see RFC 1918) at the time of the alert. [PublicIPAddress <String>]: Publicly routable IPv4 or IPv6 address (see RFC 1918) at time of the alert. [RiskScore <String>]: Provider-generated/calculated risk score of the host. Recommended value range of 0-1, which equates to a percentage. [IncidentIds <String[]>]: IDs of incidents related to current alert. [InvestigationSecurityStates <IMicrosoftGraphInvestigationSecurityState[]>]: [Name <String>]: [Status <String>]: [LastEventDateTime <DateTime?>]: [LastModifiedDateTime <DateTime?>]: Time at which the alert entity was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [MalwareStates <IMicrosoftGraphMalwareState[]>]: Threat Intelligence pertaining to malware related to this alert. [Category <String>]: Provider-generated malware category (for example, trojan, ransomware, etc.). [Family <String>]: Provider-generated malware family (for example, 'wannacry', 'notpetya', etc.). [Name <String>]: Provider-generated malware variant name (for example, Trojan:Win32/Powessere.H). [Severity <String>]: Provider-determined severity of this malware. [WasRunning <Boolean?>]: Indicates whether the detected file (malware/vulnerability) was running at the time of detection or was detected at rest on the disk. [MessageSecurityStates <IMicrosoftGraphMessageSecurityState[]>]: [ConnectingIP <String>]: [DeliveryAction <String>]: [DeliveryLocation <String>]: [Directionality <String>]: [InternetMessageId <String>]: [MessageFingerprint <String>]: [MessageReceivedDateTime <DateTime?>]: [MessageSubject <String>]: [NetworkMessageId <String>]: [NetworkConnections <IMicrosoftGraphNetworkConnection[]>]: Security-related stateful information generated by the provider about the network connection(s) related to this alert. [ApplicationName <String>]: Name of the application managing the network connection (for example, Facebook or SMTP). [DestinationAddress <String>]: Destination IP address (of the network connection). [DestinationDomain <String>]: Destination domain portion of the destination URL. (for example 'www.contoso.com'). [DestinationLocation <String>]: Location (by IP address mapping) associated with the destination of a network connection. [DestinationPort <String>]: Destination port (of the network connection). [DestinationUrl <String>]: Network connection URL/URI string - excluding parameters. (for example 'www.contoso.com/products/default.html') [Direction <String>]: connectionDirection [DomainRegisteredDateTime <DateTime?>]: Date when the destination domain was registered. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z [LocalDnsName <String>]: The local DNS name resolution as it appears in the host's local DNS cache (for example, in case the 'hosts' file was tampered with). [NatDestinationAddress <String>]: Network Address Translation destination IP address. [NatDestinationPort <String>]: Network Address Translation destination port. [NatSourceAddress <String>]: Network Address Translation source IP address. [NatSourcePort <String>]: Network Address Translation source port. [Protocol <String>]: securityNetworkProtocol [RiskScore <String>]: Provider generated/calculated risk score of the network connection. Recommended value range of 0-1, which equates to a percentage. [SourceAddress <String>]: Source (i.e. origin) IP address (of the network connection). [SourceLocation <String>]: Location (by IP address mapping) associated with the source of a network connection. [SourcePort <String>]: Source (i.e. origin) IP port (of the network connection). [Status <String>]: connectionStatus [UrlParameters <String>]: Parameters (suffix) of the destination URL. [Processes <IMicrosoftGraphProcess[]>]: Security-related stateful information generated by the provider about the process or processes related to this alert. [AccountName <String>]: User account identifier (user account context the process ran under) for example, AccountName, SID, and so on. [CommandLine <String>]: The full process invocation commandline including all parameters. [CreatedDateTime <DateTime?>]: Time at which the process was started. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FileHash <IMicrosoftGraphFileHash>]: fileHash [IntegrityLevel <String>]: processIntegrityLevel [IsElevated <Boolean?>]: True if the process is elevated. [Name <String>]: The name of the process' Image file. [ParentProcessCreatedDateTime <DateTime?>]: DateTime at which the parent process was started. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentProcessId <Int32?>]: The Process ID (PID) of the parent process. [ParentProcessName <String>]: The name of the image file of the parent process. [Path <String>]: Full path, including filename. [ProcessId <Int32?>]: The Process ID (PID) of the process. [RecommendedActions <String[]>]: Vendor/provider recommended action(s) to take as a result of the alert (for example, isolate machine, enforce2FA, reimage host). [RegistryKeyStates <IMicrosoftGraphRegistryKeyState[]>]: Security-related stateful information generated by the provider about the registry keys related to this alert. [Hive <String>]: registryHive [Key <String>]: Current (i.e. changed) registry key (excludes HIVE). [OldKey <String>]: Previous (i.e. before changed) registry key (excludes HIVE). [OldValueData <String>]: Previous (i.e. before changed) registry key value data (contents). [OldValueName <String>]: Previous (i.e. before changed) registry key value name. [Operation <String>]: registryOperation [ProcessId <Int32?>]: Process ID (PID) of the process that modified the registry key (process details will appear in the alert 'processes' collection). [ValueData <String>]: Current (i.e. changed) registry key value data (contents). [ValueName <String>]: Current (i.e. changed) registry key value name [ValueType <String>]: registryValueType [SecurityResources <IMicrosoftGraphSecurityResource[]>]: Resources related to current alert. For example, for some alerts this can have the Azure Resource value. [Resource <String>]: Name of the resource that is related to current alert. Required. [ResourceType <String>]: securityResourceType [Severity <String>]: alertSeverity [SourceMaterials <String[]>]: Hyperlinks (URIs) to the source material related to the alert, for example, provider's user interface for alerts or log search, etc. [Status <String>]: alertStatus [Tags <String[]>]: User-definable labels that can be applied to an alert and can serve as filter conditions (for example 'HVA', 'SAW', etc.) (supports update). [Title <String>]: Alert title. Required. [Triggers <IMicrosoftGraphAlertTrigger[]>]: Security-related information about the specific properties that triggered the alert (properties appearing in the alert). Alerts might contain information about multiple users, hosts, files, ip addresses. This field indicates which properties triggered the alert generation. [Name <String>]: Name of the property serving as a detection trigger. [Type <String>]: Type of the property in the key:value pair for interpretation. For example, String, Boolean etc. [Value <String>]: Value of the property serving as a detection trigger. [UriClickSecurityStates <IMicrosoftGraphUriClickSecurityState[]>]: [ClickAction <String>]: [ClickDateTime <DateTime?>]: [Id <String>]: [SourceId <String>]: [UriDomain <String>]: [Verdict <String>]: [UserStates <IMicrosoftGraphUserSecurityState[]>]: Security-related stateful information generated by the provider about the user accounts related to this alert. [AadUserId <String>]: AAD User object identifier (GUID) - represents the physical/multi-account user entity. [AccountName <String>]: Account name of user account (without Active Directory domain or DNS domain) - (also called mailNickName). [DomainName <String>]: NetBIOS/Active Directory domain of user account (that is, domain/account format). [EmailRole <String>]: emailRole [IsVpn <Boolean?>]: Indicates whether the user logged on through a VPN. [LogonDateTime <DateTime?>]: Time at which the sign-in occurred. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LogonIP <String>]: IP Address the sign-in request originated from. [LogonId <String>]: User sign-in ID. [LogonLocation <String>]: Location (by IP address mapping) associated with a user sign-in event by this user. [LogonType <String>]: logonType [OnPremisesSecurityIdentifier <String>]: Active Directory (on-premises) Security Identifier (SID) of the user. [RiskScore <String>]: Provider-generated/calculated risk score of the user account. Recommended value range of 0-1, which equates to a percentage. [UserAccountType <String>]: userAccountSecurityType [UserPrincipalName <String>]: User sign-in name - internet format: (user account name)@(user account DNS domain name). [VendorInformation <IMicrosoftGraphSecurityVendorInformation>]: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required [VulnerabilityStates <IMicrosoftGraphVulnerabilityState[]>]: Threat intelligence pertaining to one or more vulnerabilities related to this alert. [Cve <String>]: Common Vulnerabilities and Exposures (CVE) for the vulnerability. [Severity <String>]: Base Common Vulnerability Scoring System (CVSS) severity score for this vulnerability. [WasRunning <Boolean?>]: Indicates whether the detected vulnerability (file) was running at the time of detection or was the file detected at rest on the disk. CLOUDAPPSTATES <IMicrosoftGraphCloudAppSecurityState[]>: Security-related stateful information generated by the provider about the cloud application/s related to this alert. [DestinationServiceIP <String>]: Destination IP Address of the connection to the cloud application/service. [DestinationServiceName <String>]: Cloud application/service name (for example 'Salesforce', 'DropBox', etc.). [RiskScore <String>]: Provider-generated/calculated risk score of the Cloud Application/Service. Recommended value range of 0-1, which equates to a percentage. FILESTATES <IMicrosoftGraphFileSecurityState[]>: Security-related stateful information generated by the provider about the file(s) related to this alert. [FileHash <IMicrosoftGraphFileHash>]: fileHash [(Any) <Object>]: This indicates any property can be added to this object. [HashType <String>]: fileHashType [HashValue <String>]: Value of the file hash. [Name <String>]: File name (without path). [Path <String>]: Full file path of the file/imageFile. [RiskScore <String>]: Provider generated/calculated risk score of the alert file. Recommended value range of 0-1, which equates to a percentage. HISTORYSTATES <IMicrosoftGraphAlertHistoryState[]>: . [AppId <String>]: [AssignedTo <String>]: [Comments <String[]>]: [Feedback <String>]: alertFeedback [Status <String>]: alertStatus [UpdatedDateTime <DateTime?>]: [User <String>]: HOSTSTATES <IMicrosoftGraphHostSecurityState[]>: Security-related stateful information generated by the provider about the host(s) related to this alert. [Fqdn <String>]: Host FQDN (Fully Qualified Domain Name) (for example, machine.company.com). [IsAzureAdJoined <Boolean?>]: [IsAzureAdRegistered <Boolean?>]: [IsHybridAzureDomainJoined <Boolean?>]: True if the host is domain joined to an on-premises Active Directory domain. [NetBiosName <String>]: The local host name, without the DNS domain name. [OS <String>]: Host Operating System. (For example, Windows10, MacOS, RHEL, etc.). [PrivateIPAddress <String>]: Private (not routable) IPv4 or IPv6 address (see RFC 1918) at the time of the alert. [PublicIPAddress <String>]: Publicly routable IPv4 or IPv6 address (see RFC 1918) at time of the alert. [RiskScore <String>]: Provider-generated/calculated risk score of the host. Recommended value range of 0-1, which equates to a percentage. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource INVESTIGATIONSECURITYSTATES <IMicrosoftGraphInvestigationSecurityState[]>: . [Name <String>]: [Status <String>]: MALWARESTATES <IMicrosoftGraphMalwareState[]>: Threat Intelligence pertaining to malware related to this alert. [Category <String>]: Provider-generated malware category (for example, trojan, ransomware, etc.). [Family <String>]: Provider-generated malware family (for example, 'wannacry', 'notpetya', etc.). [Name <String>]: Provider-generated malware variant name (for example, Trojan:Win32/Powessere.H). [Severity <String>]: Provider-determined severity of this malware. [WasRunning <Boolean?>]: Indicates whether the detected file (malware/vulnerability) was running at the time of detection or was detected at rest on the disk. MESSAGESECURITYSTATES <IMicrosoftGraphMessageSecurityState[]>: . [ConnectingIP <String>]: [DeliveryAction <String>]: [DeliveryLocation <String>]: [Directionality <String>]: [InternetMessageId <String>]: [MessageFingerprint <String>]: [MessageReceivedDateTime <DateTime?>]: [MessageSubject <String>]: [NetworkMessageId <String>]: NETWORKCONNECTIONS <IMicrosoftGraphNetworkConnection[]>: Security-related stateful information generated by the provider about the network connection(s) related to this alert. [ApplicationName <String>]: Name of the application managing the network connection (for example, Facebook or SMTP). [DestinationAddress <String>]: Destination IP address (of the network connection). [DestinationDomain <String>]: Destination domain portion of the destination URL. (for example 'www.contoso.com'). [DestinationLocation <String>]: Location (by IP address mapping) associated with the destination of a network connection. [DestinationPort <String>]: Destination port (of the network connection). [DestinationUrl <String>]: Network connection URL/URI string - excluding parameters. (for example 'www.contoso.com/products/default.html') [Direction <String>]: connectionDirection [DomainRegisteredDateTime <DateTime?>]: Date when the destination domain was registered. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z [LocalDnsName <String>]: The local DNS name resolution as it appears in the host's local DNS cache (for example, in case the 'hosts' file was tampered with). [NatDestinationAddress <String>]: Network Address Translation destination IP address. [NatDestinationPort <String>]: Network Address Translation destination port. [NatSourceAddress <String>]: Network Address Translation source IP address. [NatSourcePort <String>]: Network Address Translation source port. [Protocol <String>]: securityNetworkProtocol [RiskScore <String>]: Provider generated/calculated risk score of the network connection. Recommended value range of 0-1, which equates to a percentage. [SourceAddress <String>]: Source (i.e. origin) IP address (of the network connection). [SourceLocation <String>]: Location (by IP address mapping) associated with the source of a network connection. [SourcePort <String>]: Source (i.e. origin) IP port (of the network connection). [Status <String>]: connectionStatus [UrlParameters <String>]: Parameters (suffix) of the destination URL. PROCESSES <IMicrosoftGraphProcess[]>: Security-related stateful information generated by the provider about the process or processes related to this alert. [AccountName <String>]: User account identifier (user account context the process ran under) for example, AccountName, SID, and so on. [CommandLine <String>]: The full process invocation commandline including all parameters. [CreatedDateTime <DateTime?>]: Time at which the process was started. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [FileHash <IMicrosoftGraphFileHash>]: fileHash [(Any) <Object>]: This indicates any property can be added to this object. [HashType <String>]: fileHashType [HashValue <String>]: Value of the file hash. [IntegrityLevel <String>]: processIntegrityLevel [IsElevated <Boolean?>]: True if the process is elevated. [Name <String>]: The name of the process' Image file. [ParentProcessCreatedDateTime <DateTime?>]: DateTime at which the parent process was started. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [ParentProcessId <Int32?>]: The Process ID (PID) of the parent process. [ParentProcessName <String>]: The name of the image file of the parent process. [Path <String>]: Full path, including filename. [ProcessId <Int32?>]: The Process ID (PID) of the process. REGISTRYKEYSTATES <IMicrosoftGraphRegistryKeyState[]>: Security-related stateful information generated by the provider about the registry keys related to this alert. [Hive <String>]: registryHive [Key <String>]: Current (i.e. changed) registry key (excludes HIVE). [OldKey <String>]: Previous (i.e. before changed) registry key (excludes HIVE). [OldValueData <String>]: Previous (i.e. before changed) registry key value data (contents). [OldValueName <String>]: Previous (i.e. before changed) registry key value name. [Operation <String>]: registryOperation [ProcessId <Int32?>]: Process ID (PID) of the process that modified the registry key (process details will appear in the alert 'processes' collection). [ValueData <String>]: Current (i.e. changed) registry key value data (contents). [ValueName <String>]: Current (i.e. changed) registry key value name [ValueType <String>]: registryValueType SECURITYRESOURCES <IMicrosoftGraphSecurityResource[]>: Resources related to current alert. For example, for some alerts this can have the Azure Resource value. [Resource <String>]: Name of the resource that is related to current alert. Required. [ResourceType <String>]: securityResourceType TRIGGERS <IMicrosoftGraphAlertTrigger[]>: Security-related information about the specific properties that triggered the alert (properties appearing in the alert). Alerts might contain information about multiple users, hosts, files, ip addresses. This field indicates which properties triggered the alert generation. [Name <String>]: Name of the property serving as a detection trigger. [Type <String>]: Type of the property in the key:value pair for interpretation. For example, String, Boolean etc. [Value <String>]: Value of the property serving as a detection trigger. URICLICKSECURITYSTATES <IMicrosoftGraphUriClickSecurityState[]>: . [ClickAction <String>]: [ClickDateTime <DateTime?>]: [Id <String>]: [SourceId <String>]: [UriDomain <String>]: [Verdict <String>]: USERSTATES <IMicrosoftGraphUserSecurityState[]>: Security-related stateful information generated by the provider about the user accounts related to this alert. [AadUserId <String>]: AAD User object identifier (GUID) - represents the physical/multi-account user entity. [AccountName <String>]: Account name of user account (without Active Directory domain or DNS domain) - (also called mailNickName). [DomainName <String>]: NetBIOS/Active Directory domain of user account (that is, domain/account format). [EmailRole <String>]: emailRole [IsVpn <Boolean?>]: Indicates whether the user logged on through a VPN. [LogonDateTime <DateTime?>]: Time at which the sign-in occurred. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [LogonIP <String>]: IP Address the sign-in request originated from. [LogonId <String>]: User sign-in ID. [LogonLocation <String>]: Location (by IP address mapping) associated with a user sign-in event by this user. [LogonType <String>]: logonType [OnPremisesSecurityIdentifier <String>]: Active Directory (on-premises) Security Identifier (SID) of the user. [RiskScore <String>]: Provider-generated/calculated risk score of the user account. Recommended value range of 0-1, which equates to a percentage. [UserAccountType <String>]: userAccountSecurityType [UserPrincipalName <String>]: User sign-in name - internet format: (user account name)@(user account DNS domain name). VENDORINFORMATION <IMicrosoftGraphSecurityVendorInformation>: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required VULNERABILITYSTATES <IMicrosoftGraphVulnerabilityState[]>: Threat intelligence pertaining to one or more vulnerabilities related to this alert. [Cve <String>]: Common Vulnerabilities and Exposures (CVE) for the vulnerability. [Severity <String>]: Base Common Vulnerability Scoring System (CVSS) severity score for this vulnerability. [WasRunning <Boolean?>]: Indicates whether the detected vulnerability (file) was running at the time of detection or was the file detected at rest on the disk. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecurityalert #> function Update-MgSecurityAlert { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlert])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of alert ${AlertId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlert] # alert # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Name or alias of the activity group (attacker) this alert is attributed to. ${ActivityGroupName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlertDetection[]] # . # To construct, see NOTES section for ALERTDETECTIONS properties and create a hash table. ${AlertDetections}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Name of the analyst the alert is assigned to for triage, investigation, or remediation (supports update). ${AssignedTo}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Azure subscription ID, present if this alert is related to an Azure resource. ${AzureSubscriptionId}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Azure Active Directory tenant ID. # Required. ${AzureTenantId}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Category of the alert (for example, credentialTheft, ransomware, etc.). ${Category}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time at which the alert was closed. # The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. # For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z (supports update). ${ClosedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphCloudAppSecurityState[]] # Security-related stateful information generated by the provider about the cloud application/s related to this alert. # To construct, see NOTES section for CLOUDAPPSTATES properties and create a hash table. ${CloudAppStates}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # Customer-provided comments on alert (for customer alert management) (supports update). ${Comments}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Int32] # Confidence of the detection logic (percentage between 1-100). ${Confidence}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time at which the alert was created by the alert provider. # The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. # For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. # Required. ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Alert description. ${Description}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # Set of alerts related to this alert entity (each alert is pushed to the SIEM as a separate record). ${DetectionIds}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time at which the event(s) that served as the trigger(s) to generate the alert occurred. # The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. # For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. # Required. ${EventDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # alertFeedback ${Feedback}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphFileSecurityState[]] # Security-related stateful information generated by the provider about the file(s) related to this alert. # To construct, see NOTES section for FILESTATES properties and create a hash table. ${FileStates}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlertHistoryState[]] # . # To construct, see NOTES section for HISTORYSTATES properties and create a hash table. ${HistoryStates}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphHostSecurityState[]] # Security-related stateful information generated by the provider about the host(s) related to this alert. # To construct, see NOTES section for HOSTSTATES properties and create a hash table. ${HostStates}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # IDs of incidents related to current alert. ${IncidentIds}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphInvestigationSecurityState[]] # . # To construct, see NOTES section for INVESTIGATIONSECURITYSTATES properties and create a hash table. ${InvestigationSecurityStates}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${LastEventDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time at which the alert entity was last modified. # The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. # For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. ${LastModifiedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphMalwareState[]] # Threat Intelligence pertaining to malware related to this alert. # To construct, see NOTES section for MALWARESTATES properties and create a hash table. ${MalwareStates}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphMessageSecurityState[]] # . # To construct, see NOTES section for MESSAGESECURITYSTATES properties and create a hash table. ${MessageSecurityStates}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphNetworkConnection[]] # Security-related stateful information generated by the provider about the network connection(s) related to this alert. # To construct, see NOTES section for NETWORKCONNECTIONS properties and create a hash table. ${NetworkConnections}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphProcess[]] # Security-related stateful information generated by the provider about the process or processes related to this alert. # To construct, see NOTES section for PROCESSES properties and create a hash table. ${Processes}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # Vendor/provider recommended action(s) to take as a result of the alert (for example, isolate machine, enforce2FA, reimage host). ${RecommendedActions}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphRegistryKeyState[]] # Security-related stateful information generated by the provider about the registry keys related to this alert. # To construct, see NOTES section for REGISTRYKEYSTATES properties and create a hash table. ${RegistryKeyStates}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityResource[]] # Resources related to current alert. # For example, for some alerts this can have the Azure Resource value. # To construct, see NOTES section for SECURITYRESOURCES properties and create a hash table. ${SecurityResources}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # alertSeverity ${Severity}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # Hyperlinks (URIs) to the source material related to the alert, for example, provider's user interface for alerts or log search, etc. ${SourceMaterials}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # alertStatus ${Status}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # User-definable labels that can be applied to an alert and can serve as filter conditions (for example 'HVA', 'SAW', etc.) (supports update). ${Tags}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Alert title. # Required. ${Title}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAlertTrigger[]] # Security-related information about the specific properties that triggered the alert (properties appearing in the alert). # Alerts might contain information about multiple users, hosts, files, ip addresses. # This field indicates which properties triggered the alert generation. # To construct, see NOTES section for TRIGGERS properties and create a hash table. ${Triggers}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphUriClickSecurityState[]] # . # To construct, see NOTES section for URICLICKSECURITYSTATES properties and create a hash table. ${UriClickSecurityStates}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphUserSecurityState[]] # Security-related stateful information generated by the provider about the user accounts related to this alert. # To construct, see NOTES section for USERSTATES properties and create a hash table. ${UserStates}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityVendorInformation] # securityVendorInformation # To construct, see NOTES section for VENDORINFORMATION properties and create a hash table. ${VendorInformation}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphVulnerabilityState[]] # Threat intelligence pertaining to one or more vulnerabilities related to this alert. # To construct, see NOTES section for VULNERABILITYSTATES properties and create a hash table. ${VulnerabilityStates}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityAlert_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityAlert_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityAlert_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityAlert_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property runs in security .Description Update the navigation property runs in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomationRun .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomationRun .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSimulationAutomationRun>: simulationAutomationRun [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [EndDateTime <DateTime?>]: Date and time when the run ends in an attack simulation automation. [SimulationId <String>]: Unique identifier for the attack simulation campaign initiated in the attack simulation automation run. [StartDateTime <DateTime?>]: Date and time when the run starts in an attack simulation automation. [Status <String>]: simulationAutomationRunStatus INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecurityattacksimulationautomationrun #> function Update-MgSecurityAttackSimulationAutomationRun { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomationRun])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of simulationAutomation ${SimulationAutomationId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of simulationAutomationRun ${SimulationAutomationRunId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomationRun] # simulationAutomationRun # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time when the run ends in an attack simulation automation. ${EndDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Unique identifier for the attack simulation campaign initiated in the attack simulation automation run. ${SimulationId}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time when the run starts in an attack simulation automation. ${StartDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # simulationAutomationRunStatus ${Status}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityAttackSimulationAutomationRun_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityAttackSimulationAutomationRun_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityAttackSimulationAutomationRun_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityAttackSimulationAutomationRun_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property simulationAutomations in security .Description Update the navigation property simulationAutomations in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomation .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSimulationAutomation>: simulationAutomation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [CreatedBy <IMicrosoftGraphEmailIdentity>]: emailIdentity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Email <String>]: Email address of the user. [CreatedDateTime <DateTime?>]: Date and time when the attack simulation automation was created. [Description <String>]: Description of the attack simulation automation. [DisplayName <String>]: Display name of the attack simulation automation. Supports $filter and $orderby. [LastModifiedBy <IMicrosoftGraphEmailIdentity>]: emailIdentity [LastModifiedDateTime <DateTime?>]: Date and time when the attack simulation automation was most recently modified. [LastRunDateTime <DateTime?>]: Date and time of the latest run of the attack simulation automation. [NextRunDateTime <DateTime?>]: Date and time of the upcoming run of the attack simulation automation. [Status <String>]: simulationAutomationStatus CREATEDBY <IMicrosoftGraphEmailIdentity>: emailIdentity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Email <String>]: Email address of the user. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource LASTMODIFIEDBY <IMicrosoftGraphEmailIdentity>: emailIdentity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Email <String>]: Email address of the user. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecurityattacksimulationautomation #> function Update-MgSecurityAttackSimulationAutomation { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomation])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of simulationAutomation ${SimulationAutomationId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSimulationAutomation] # simulationAutomation # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphEmailIdentity] # emailIdentity # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time when the attack simulation automation was created. ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Description of the attack simulation automation. ${Description}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Display name of the attack simulation automation. # Supports $filter and $orderby. ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphEmailIdentity] # emailIdentity # To construct, see NOTES section for LASTMODIFIEDBY properties and create a hash table. ${LastModifiedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time when the attack simulation automation was most recently modified. ${LastModifiedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time of the latest run of the attack simulation automation. ${LastRunDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time of the upcoming run of the attack simulation automation. ${NextRunDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # simulationAutomationStatus ${Status}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityAttackSimulationAutomation_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityAttackSimulationAutomation_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityAttackSimulationAutomation_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityAttackSimulationAutomation_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Trigger an indexOperation to make a custodian and associated sources searchable. .Description Trigger an indexOperation to make a custodian and associated sources searchable. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycasecustodianindex #> function Update-MgSecurityCaseEdiscoveryCaseCustodianIndex { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Update', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianIndex_Update'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianIndex_UpdateViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property siteSources in security .Description Update the navigation property siteSources in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecuritySiteSource .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecuritySiteSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecuritySiteSource>: siteSource [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the dataSource was created. [DisplayName <String>]: The display name of the dataSource. This will be the name of the SharePoint site. [HoldStatus <String>]: dataSourceHoldStatus [Id <String>]: The unique idenfier for an entity. Read-only. [Site <IMicrosoftGraphSite>]: site [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedByUser <IMicrosoftGraphUser>]: user [(Any) <Object>]: This indicates any property can be added to this object. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique idenfier for an entity. Read-only. [AboutMe <String>]: A freeform text entry field for the user to describe themselves. Returned only on $select. [AccountEnabled <Boolean?>]: true if the account is enabled; otherwise, false. This property is required when a user is created. Returned only on $select. Supports $filter (eq, ne, not, and in). [AgeGroup <String>]: Sets the age group of the user. Allowed values: null, Minor, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]: The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate directly-assigned and inherited licenses. Use the licenseAssignmentStates property to identify the directly-assigned and inherited licenses. Not nullable. Returned only on $select. Supports $filter (eq, not, /$count eq 0, /$count ne 0). [DisabledPlans <String[]>]: A collection of the unique identifiers for plans that have been disabled. [SkuId <String>]: The unique identifier for the SKU. [AssignedPlans <IMicrosoftGraphAssignedPlan[]>]: The plans that are assigned to the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq and not). [AssignedDateTime <DateTime?>]: The date and time at which the plan was assigned. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [CapabilityStatus <String>]: Condition of the capability assignment. The possible values are Enabled, Warning, Suspended, Deleted, LockedOut. See a detailed description of each value. [Service <String>]: The name of the service; for example, exchange. [ServicePlanId <String>]: A GUID that identifies the service plan. For a complete list of GUIDs and their equivalent friendly service names, see Product names and service plan identifiers for licensing. [Authentication <IMicrosoftGraphAuthentication>]: authentication [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AuthorizationInfo <IMicrosoftGraphAuthorizationInfo>]: authorizationInfo [(Any) <Object>]: This indicates any property can be added to this object. [CertificateUserIds <String[]>]: [Birthday <DateTime?>]: The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [BusinessPhones <String[]>]: The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property. Read-only for users synced from on-premises directory. Returned by default. Supports $filter (eq, not, ge, le, startsWith). [Calendar <IMicrosoftGraphCalendar>]: calendar [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AllowedOnlineMeetingProviders <String[]>]: Represent the online meeting service providers that can be used to create online meetings in this calendar. Possible values are: unknown, skypeForBusiness, skypeForConsumer, teamsForBusiness. [CanEdit <Boolean?>]: true if the user can write to the calendar, false otherwise. This property is true for the user who created the calendar. This property is also true for a user who has been shared a calendar and granted write access. [CanShare <Boolean?>]: true if the user has the permission to share the calendar, false otherwise. Only the user who created the calendar can share it. [CanViewPrivateItems <Boolean?>]: true if the user can read calendar items that have been marked private, false otherwise. [ChangeKey <String>]: Identifies the version of the calendar object. Every time the calendar is changed, changeKey changes as well. This allows Exchange to apply changes to the correct version of the object. Read-only. [Color <String>]: calendarColor [DefaultOnlineMeetingProvider <String>]: onlineMeetingProviderType [HexColor <String>]: The calendar color, expressed in a hex color code of three hexadecimal values, each ranging from 00 to FF and representing the red, green, or blue components of the color in the RGB color space. If the user has never explicitly set a color for the calendar, this property is empty. Read-only. [IsDefaultCalendar <Boolean?>]: true if this is the default calendar where new events are created by default, false otherwise. [IsRemovable <Boolean?>]: Indicates whether this user calendar can be deleted from the user mailbox. [IsTallyingResponses <Boolean?>]: Indicates whether this user calendar supports tracking of meeting responses. Only meeting invites sent from users' primary calendars support tracking of meeting responses. [Name <String>]: The calendar name. [Owner <IMicrosoftGraphEmailAddress>]: emailAddress [City <String>]: The city in which the user is located. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CompanyName <String>]: The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [ConsentProvidedForMinor <String>]: Sets whether consent has been obtained for minors. Allowed values: null, Granted, Denied and NotRequired. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [Country <String>]: The country/region in which the user is located; for example, US or UK. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CreatedDateTime <DateTime?>]: The date and time the user was created, in ISO 8601 format and in UTC time. The value cannot be modified and is automatically populated when the entity is created. Nullable. For on-premises users, the value represents when they were first created in Azure AD. Property is null for some users created before June 2018 and on-premises users that were synced to Azure AD before June 2018. Read-only. Read-only. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [CreationType <String>]: Indicates whether the user account was created through one of the following methods: As a regular school or work account (null). As an external account (Invitation). As a local account for an Azure Active Directory B2C tenant (LocalAccount). Through self-service sign-up by an internal user using email verification (EmailVerified). Through self-service sign-up by an external user signing up through a link that is part of a user flow (SelfServiceSignUp). Read-only.Returned only on $select. Supports $filter (eq, ne, not, in). [Department <String>]: The name for the department in which the user works. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, and eq on null values). [DeviceEnrollmentLimit <Int32?>]: The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000. [DisplayName <String>]: The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values), $orderBy, and $search. [Drive <IMicrosoftGraphDrive>]: drive [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedByUser <IMicrosoftGraphUser>]: user [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [(Any) <Object>]: This indicates any property can be added to this object. [DriveId <String>]: Unique identifier of the drive instance that contains the item. Read-only. [DriveType <String>]: Identifies the type of drive. See [drive][] resource for values. [Id <String>]: Unique identifier of the item in the drive. Read-only. [Name <String>]: The name of the item being referenced. Read-only. [Path <String>]: Path that can be used to navigate to the item. Read-only. [ShareId <String>]: A unique identifier for a shared resource that can be accessed via the [Shares][] API. [SharepointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [(Any) <Object>]: This indicates any property can be added to this object. [ListId <String>]: The unique identifier (guid) for the item's list in SharePoint. [ListItemId <String>]: An integer identifier for the item within the containing list. [ListItemUniqueId <String>]: The unique identifier (guid) for the item within OneDrive for Business or a SharePoint site. [SiteId <String>]: The unique identifier (guid) for the item's site collection (SPSite). [SiteUrl <String>]: The SharePoint URL for the site that contains the item. [TenantId <String>]: The unique identifier (guid) for the tenancy. [WebId <String>]: The unique identifier (guid) for the item's site (SPWeb). [SiteId <String>]: For OneDrive for Business and SharePoint, this property represents the ID of the site that contains the parent document library of the driveItem resource. The value is the same as the id property of that [site][] resource. It is an opaque string that consists of three identifiers of the site. For OneDrive, this property is not populated. [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [DriveType <String>]: Describes the type of drive represented by this resource. OneDrive personal drives will return personal. OneDrive for Business will return business. SharePoint document libraries will return documentLibrary. Read-only. [List <IMicrosoftGraphList>]: list [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedByUser <IMicrosoftGraphUser>]: user [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [DisplayName <String>]: The displayable title of the list. [Drive <IMicrosoftGraphDrive>]: drive [List <IMicrosoftGraphListInfo>]: listInfo [(Any) <Object>]: This indicates any property can be added to this object. [ContentTypesEnabled <Boolean?>]: If true, indicates that content types are enabled for this list. [Hidden <Boolean?>]: If true, indicates that the list is not normally visible in the SharePoint user experience. [Template <String>]: An enumerated value that represents the base list template used in creating the list. Possible values include documentLibrary, genericList, task, survey, announcements, contacts, and more. [SharepointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [System <IMicrosoftGraphSystemFacet>]: systemFacet [(Any) <Object>]: This indicates any property can be added to this object. [Owner <IMicrosoftGraphIdentitySet>]: identitySet [Quota <IMicrosoftGraphQuota>]: quota [(Any) <Object>]: This indicates any property can be added to this object. [Deleted <Int64?>]: Total space consumed by files in the recycle bin, in bytes. Read-only. [Remaining <Int64?>]: Total space remaining before reaching the quota limit, in bytes. Read-only. [State <String>]: Enumeration value that indicates the state of the storage space. Read-only. [StoragePlanInformation <IMicrosoftGraphStoragePlanInformation>]: storagePlanInformation [(Any) <Object>]: This indicates any property can be added to this object. [UpgradeAvailable <Boolean?>]: Indicates whether there are higher storage quota plans available. Read-only. [Total <Int64?>]: Total allowed storage space, in bytes. Read-only. [Used <Int64?>]: Total space used, in bytes. Read-only. [Root <IMicrosoftGraphDriveItem>]: driveItem [SharePointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [System <IMicrosoftGraphSystemFacet>]: systemFacet [EmployeeHireDate <DateTime?>]: The date and time when the user was hired or will start work in case of a future hire. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [EmployeeId <String>]: The employee identifier assigned to the user by the organization. The maximum length is 16 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [EmployeeOrgData <IMicrosoftGraphEmployeeOrgData>]: employeeOrgData [(Any) <Object>]: This indicates any property can be added to this object. [CostCenter <String>]: The cost center associated with the user. Returned only on $select. Supports $filter. [Division <String>]: The name of the division in which the user works. Returned only on $select. Supports $filter. [EmployeeType <String>]: Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith). [ExternalUserState <String>]: For an external user invited to the tenant using the invitation API, this property represents the invited user's invitation status. For invited users, the state can be PendingAcceptance or Accepted, or null for all other users. Returned only on $select. Supports $filter (eq, ne, not , in). [ExternalUserStateChangeDateTime <DateTime?>]: Shows the timestamp for the latest change to the externalUserState property. Returned only on $select. Supports $filter (eq, ne, not , in). [FaxNumber <String>]: The fax number of the user. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [GivenName <String>]: The given name (first name) of the user. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [HireDate <DateTime?>]: The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. Note: This property is specific to SharePoint Online. We recommend using the native employeeHireDate property to set and update hire date values using Microsoft Graph APIs. [Identities <IMicrosoftGraphObjectIdentity[]>]: Represents the identities that can be used to sign in to this user account. An identity can be provided by Microsoft (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and tied to a user account. May contain multiple items with the same signInType value. Returned only on $select. Supports $filter (eq) including on null values, only where the signInType is not userPrincipalName. [Issuer <String>]: Specifies the issuer of the identity, for example facebook.com.For local accounts (where signInType is not federated), this property is the local B2C tenant default domain name, for example contoso.onmicrosoft.com.For external users from other Azure AD organization, this will be the domain of the federated organization, for example contoso.com.Supports $filter. 512 character limit. [IssuerAssignedId <String>]: Specifies the unique identifier assigned to the user by the issuer. The combination of issuer and issuerAssignedId must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).When signInType is set to: emailAddress, (or a custom string that starts with emailAddress like emailAddress1) issuerAssignedId must be a valid email addressuserName, issuerAssignedId must begin with alphabetical character or number, and can only contain alphanumeric characters and the following symbols: - or Supports $filter. 64 character limit. [SignInType <String>]: Specifies the user sign-in types in your directory, such as emailAddress, userName, federated, or userPrincipalName. federated represents a unique identifier for a user from an issuer, that can be in any format chosen by the issuer. Setting or updating a userPrincipalName identity will update the value of the userPrincipalName property on the user object. The validations performed on the userPrincipalName property on the user object, for example, verified domains and acceptable characters, will be performed when setting or updating a userPrincipalName identity. Additional validation is enforced on issuerAssignedId when the sign-in type is set to emailAddress or userName. This property can also be set to any custom string. [ImAddresses <String[]>]: The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user. Read-only. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith). [InferenceClassification <IMicrosoftGraphInferenceClassification>]: inferenceClassification [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Insights <IMicrosoftGraphOfficeGraphInsights>]: officeGraphInsights [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Interests <String[]>]: A list for the user to describe their interests. Returned only on $select. [IsResourceAccount <Boolean?>]: Do not use – reserved for future use. [JobTitle <String>]: The user's job title. Maximum length is 128 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [LastPasswordChangeDateTime <DateTime?>]: The time when this Azure AD user last changed their password or when their password was created, whichever date the latest action was performed. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [LegalAgeGroupClassification <String>]: Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on ageGroup and consentProvidedForMinor properties. Allowed values: null, MinorWithOutParentalConsent, MinorWithParentalConsent, MinorNoParentalConsentRequired, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. [LicenseAssignmentStates <IMicrosoftGraphLicenseAssignmentState[]>]: State of license assignments for this user. Also indicates licenses that are directly-assigned and those that the user has inherited through group memberships. Read-only. Returned only on $select. [AssignedByGroup <String>]: [DisabledPlans <String[]>]: [Error <String>]: [LastUpdatedDateTime <DateTime?>]: [SkuId <String>]: [State <String>]: [Mail <String>]: The SMTP address for the user, for example, jeff@contoso.onmicrosoft.com. Changes to this property will also update the user's proxyAddresses collection to include the value as an SMTP address. This property cannot contain accent characters. NOTE: We do not recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith, and eq on null values). [MailNickname <String>]: The mail alias for the user. This property must be specified when a user is created. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MailboxSettings <IMicrosoftGraphMailboxSettings>]: mailboxSettings [(Any) <Object>]: This indicates any property can be added to this object. [ArchiveFolder <String>]: Folder ID of an archive folder for the user. [AutomaticRepliesSetting <IMicrosoftGraphAutomaticRepliesSetting>]: automaticRepliesSetting [(Any) <Object>]: This indicates any property can be added to this object. [ExternalAudience <String>]: externalAudienceScope [ExternalReplyMessage <String>]: The automatic reply to send to the specified external audience, if Status is AlwaysEnabled or Scheduled. [InternalReplyMessage <String>]: The automatic reply to send to the audience internal to the signed-in user's organization, if Status is AlwaysEnabled or Scheduled. [ScheduledEndDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [ScheduledStartDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [Status <String>]: automaticRepliesStatus [DateFormat <String>]: The date format for the user's mailbox. [DelegateMeetingMessageDeliveryOptions <String>]: delegateMeetingMessageDeliveryOptions [Language <IMicrosoftGraphLocaleInfo>]: localeInfo [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: A name representing the user's locale in natural language, for example, 'English (United States)'. [Locale <String>]: A locale representation for the user, which includes the user's preferred language and country/region. For example, 'en-us'. The language component follows 2-letter codes as defined in ISO 639-1, and the country component follows 2-letter codes as defined in ISO 3166-1 alpha-2. [TimeFormat <String>]: The time format for the user's mailbox. [TimeZone <String>]: The default time zone for the user's mailbox. [UserPurpose <String>]: userPurpose [WorkingHours <IMicrosoftGraphWorkingHours>]: workingHours [(Any) <Object>]: This indicates any property can be added to this object. [DaysOfWeek <String[]>]: The days of the week on which the user works. [EndTime <String>]: The time of the day that the user stops working. [StartTime <String>]: The time of the day that the user starts working. [TimeZone <IMicrosoftGraphTimeZoneBase>]: timeZoneBase [(Any) <Object>]: This indicates any property can be added to this object. [Name <String>]: The name of a time zone. It can be a standard time zone name such as 'Hawaii-Aleutian Standard Time', or 'Customized Time Zone' for a custom time zone. [Manager <IMicrosoftGraphDirectoryObject>]: directoryObject [MobilePhone <String>]: The primary cellular telephone number for the user. Read-only for users synced from on-premises directory. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MySite <String>]: The URL for the user's personal site. Returned only on $select. [OfficeLocation <String>]: The office location in the user's place of business. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [OnPremisesDistinguishedName <String>]: Contains the on-premises Active Directory distinguished name or DN. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesDomainName <String>]: Contains the on-premises domainFQDN, also called dnsDomainName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesExtensionAttributes <IMicrosoftGraphOnPremisesExtensionAttributes>]: onPremisesExtensionAttributes [(Any) <Object>]: This indicates any property can be added to this object. [ExtensionAttribute1 <String>]: First customizable extension attribute. [ExtensionAttribute10 <String>]: Tenth customizable extension attribute. [ExtensionAttribute11 <String>]: Eleventh customizable extension attribute. [ExtensionAttribute12 <String>]: Twelfth customizable extension attribute. [ExtensionAttribute13 <String>]: Thirteenth customizable extension attribute. [ExtensionAttribute14 <String>]: Fourteenth customizable extension attribute. [ExtensionAttribute15 <String>]: Fifteenth customizable extension attribute. [ExtensionAttribute2 <String>]: Second customizable extension attribute. [ExtensionAttribute3 <String>]: Third customizable extension attribute. [ExtensionAttribute4 <String>]: Fourth customizable extension attribute. [ExtensionAttribute5 <String>]: Fifth customizable extension attribute. [ExtensionAttribute6 <String>]: Sixth customizable extension attribute. [ExtensionAttribute7 <String>]: Seventh customizable extension attribute. [ExtensionAttribute8 <String>]: Eighth customizable extension attribute. [ExtensionAttribute9 <String>]: Ninth customizable extension attribute. [OnPremisesImmutableId <String>]: This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user's userPrincipalName (UPN) property. NOTE: The $ and _ characters cannot be used when specifying this property. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in).. [OnPremisesLastSyncDateTime <DateTime?>]: Indicates the last time at which the object was synced with the on-premises directory; for example: 2013-02-16T03:04:54Z. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in). [OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]: Errors when using Microsoft synchronization product during provisioning. Returned only on $select. Supports $filter (eq, not, ge, le). [OnPremisesSamAccountName <String>]: Contains the on-premises samAccountName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [OnPremisesSecurityIdentifier <String>]: Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud. Read-only. Returned only on $select. Supports $filter (eq including on null values). [OnPremisesSyncEnabled <Boolean?>]: true if this user object is currently being synced from an on-premises Active Directory (AD); otherwise the user isn't being synced and can be managed in Azure Active Directory (Azure AD). Read-only. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). [OnPremisesUserPrincipalName <String>]: Contains the on-premises userPrincipalName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [Onenote <IMicrosoftGraphOnenote>]: onenote [OtherMails <String[]>]: A list of additional email addresses for the user; for example: ['bob@contoso.com', 'Robert@fabrikam.com']. NOTE: This property cannot contain accent characters. Returned only on $select. Supports $filter (eq, not, ge, le, in, startsWith, endsWith, /$count eq 0, /$count ne 0). [Outlook <IMicrosoftGraphOutlookUser>]: outlookUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PasswordPolicies <String>]: Specifies password policies for the user. This value is an enumeration with one possible value being DisableStrongPassword, which allows weaker passwords than the default policy to be specified. DisablePasswordExpiration can also be specified. The two may be specified together; for example: DisablePasswordExpiration, DisableStrongPassword. Returned only on $select. For more information on the default password policies, see Azure AD pasword policies. Supports $filter (ne, not, and eq on null values). [PasswordProfile <IMicrosoftGraphPasswordProfile>]: passwordProfile [(Any) <Object>]: This indicates any property can be added to this object. [ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change her password on the next login; otherwise false. [ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multi-factor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multi-factor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false. [Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next login. The password must satisfy minimum requirements as specified by the user’s passwordPolicies property. By default, a strong password is required. [PastProjects <String[]>]: A list for the user to enumerate their past projects. Returned only on $select. [Photo <IMicrosoftGraphProfilePhoto>]: profilePhoto [Planner <IMicrosoftGraphPlannerUser>]: plannerUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PostalCode <String>]: The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. Maximum length is 40 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [PreferredDataLocation <String>]: The preferred data location for the user. For more information, see OneDrive Online Multi-Geo. [PreferredLanguage <String>]: The preferred language for the user. Should follow ISO 639-1 Code; for example en-US. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values) [PreferredName <String>]: The preferred name for the user. Not Supported. This attribute returns an empty string.Returned only on $select. [Presence <IMicrosoftGraphPresence>]: presence [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Activity <String>]: The supplemental information to a user's availability. Possible values are Available, Away, BeRightBack, Busy, DoNotDisturb, InACall, InAConferenceCall, Inactive, InAMeeting, Offline, OffWork, OutOfOffice, PresenceUnknown, Presenting, UrgentInterruptionsOnly. [Availability <String>]: The base presence information for a user. Possible values are Available, AvailableIdle, Away, BeRightBack, Busy, BusyIdle, DoNotDisturb, Offline, PresenceUnknown [ProvisionedPlans <IMicrosoftGraphProvisionedPlan[]>]: The plans that are provisioned for the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le). [CapabilityStatus <String>]: For example, 'Enabled'. [ProvisioningStatus <String>]: For example, 'Success'. [Service <String>]: The name of the service; for example, 'AccessControlS2S' [ProxyAddresses <String[]>]: For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. Changes to the mail property will also update this collection to include the value as an SMTP address. For more information, see mail and proxyAddresses properties. The proxy address prefixed with SMTP (capitalized) is the primary proxy address while those prefixed with smtp are the secondary proxy addresses. For Azure AD B2C accounts, this property has a limit of ten unique addresses. Read-only in Microsoft Graph; you can update this property only through the Microsoft 365 admin center. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith, endsWith, /$count eq 0, /$count ne 0). [Responsibilities <String[]>]: A list for the user to enumerate their responsibilities. Returned only on $select. [Schools <String[]>]: A list for the user to enumerate the schools they have attended. Returned only on $select. [SecurityIdentifier <String>]: Security identifier (SID) of the user, used in Windows scenarios. Read-only. Returned by default. Supports $select and $filter (eq, not, ge, le, startsWith). [Settings <IMicrosoftGraphUserSettings>]: userSettings [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ContributionToContentDiscoveryAsOrganizationDisabled <Boolean?>]: [ContributionToContentDiscoveryDisabled <Boolean?>]: [ShiftPreferences <IMicrosoftGraphShiftPreferences>]: shiftPreferences [(Any) <Object>]: This indicates any property can be added to this object. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [Id <String>]: The unique idenfier for an entity. Read-only. [Availability <IMicrosoftGraphShiftAvailability[]>]: Availability of the user to be scheduled for work and its recurrence pattern. [Recurrence <IMicrosoftGraphPatternedRecurrence>]: patternedRecurrence [TimeSlots <IMicrosoftGraphTimeRange[]>]: The time slot(s) preferred by the user. [EndTime <String>]: End time for the time range. [StartTime <String>]: Start time for the time range. [TimeZone <String>]: Specifies the time zone for the indicated time. [ShowInAddressList <Boolean?>]: Do not use in Microsoft Graph. Manage this property through the Microsoft 365 admin center instead. Represents whether the user should be included in the Outlook global address list. See Known issue. [SignInSessionsValidFromDateTime <DateTime?>]: Any refresh tokens or sessions tokens (session cookies) issued before this time are invalid, and applications will get an error when using an invalid refresh or sessions token to acquire a delegated access token (to access APIs such as Microsoft Graph). If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint. Read-only. Use revokeSignInSessions to reset. Returned only on $select. [Skills <String[]>]: A list for the user to enumerate their skills. Returned only on $select. [State <String>]: The state or province in the user's address. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [StreetAddress <String>]: The street address of the user's place of business. Maximum length is 1024 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Surname <String>]: The user's surname (family name or last name). Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Teamwork <IMicrosoftGraphUserTeamwork>]: userTeamwork [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Todo <IMicrosoftGraphTodo>]: todo [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [UsageLocation <String>]: A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: US, JP, and GB. Not nullable. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [UserPrincipalName <String>]: The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property cannot contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, ' . - _ ! # ^ ~. For the complete list of allowed characters, see username policies. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith) and $orderBy. [UserType <String>]: A string value that can be used to classify user types in your directory, such as Member and Guest. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). NOTE: For more information about the permissions for member and guest users, see What are the default user permissions in Azure Active Directory? [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [Analytics <IMicrosoftGraphItemAnalytics>]: itemAnalytics [DisplayName <String>]: The full title for the site. Read-only. [Drive <IMicrosoftGraphDrive>]: drive [Error <IMicrosoftGraphPublicError>]: publicError [Onenote <IMicrosoftGraphOnenote>]: onenote [Root <IMicrosoftGraphRoot>]: root [SharepointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [SiteCollection <IMicrosoftGraphSiteCollection>]: siteCollection [(Any) <Object>]: This indicates any property can be added to this object. [DataLocationCode <String>]: The geographic region code for where this site collection resides. Read-only. [Hostname <String>]: The hostname for the site collection. Read-only. [Root <IMicrosoftGraphRoot>]: root [TermStore <IMicrosoftGraphTermStore>]: store [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [DefaultLanguageTag <String>]: Default language of the term store. [LanguageTags <String[]>]: List of languages for the term store. CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource SITE <IMicrosoftGraphSite>: site [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedByUser <IMicrosoftGraphUser>]: user [(Any) <Object>]: This indicates any property can be added to this object. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique idenfier for an entity. Read-only. [AboutMe <String>]: A freeform text entry field for the user to describe themselves. Returned only on $select. [AccountEnabled <Boolean?>]: true if the account is enabled; otherwise, false. This property is required when a user is created. Returned only on $select. Supports $filter (eq, ne, not, and in). [AgeGroup <String>]: Sets the age group of the user. Allowed values: null, Minor, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]: The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate directly-assigned and inherited licenses. Use the licenseAssignmentStates property to identify the directly-assigned and inherited licenses. Not nullable. Returned only on $select. Supports $filter (eq, not, /$count eq 0, /$count ne 0). [DisabledPlans <String[]>]: A collection of the unique identifiers for plans that have been disabled. [SkuId <String>]: The unique identifier for the SKU. [AssignedPlans <IMicrosoftGraphAssignedPlan[]>]: The plans that are assigned to the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq and not). [AssignedDateTime <DateTime?>]: The date and time at which the plan was assigned. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [CapabilityStatus <String>]: Condition of the capability assignment. The possible values are Enabled, Warning, Suspended, Deleted, LockedOut. See a detailed description of each value. [Service <String>]: The name of the service; for example, exchange. [ServicePlanId <String>]: A GUID that identifies the service plan. For a complete list of GUIDs and their equivalent friendly service names, see Product names and service plan identifiers for licensing. [Authentication <IMicrosoftGraphAuthentication>]: authentication [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AuthorizationInfo <IMicrosoftGraphAuthorizationInfo>]: authorizationInfo [(Any) <Object>]: This indicates any property can be added to this object. [CertificateUserIds <String[]>]: [Birthday <DateTime?>]: The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [BusinessPhones <String[]>]: The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property. Read-only for users synced from on-premises directory. Returned by default. Supports $filter (eq, not, ge, le, startsWith). [Calendar <IMicrosoftGraphCalendar>]: calendar [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AllowedOnlineMeetingProviders <String[]>]: Represent the online meeting service providers that can be used to create online meetings in this calendar. Possible values are: unknown, skypeForBusiness, skypeForConsumer, teamsForBusiness. [CanEdit <Boolean?>]: true if the user can write to the calendar, false otherwise. This property is true for the user who created the calendar. This property is also true for a user who has been shared a calendar and granted write access. [CanShare <Boolean?>]: true if the user has the permission to share the calendar, false otherwise. Only the user who created the calendar can share it. [CanViewPrivateItems <Boolean?>]: true if the user can read calendar items that have been marked private, false otherwise. [ChangeKey <String>]: Identifies the version of the calendar object. Every time the calendar is changed, changeKey changes as well. This allows Exchange to apply changes to the correct version of the object. Read-only. [Color <String>]: calendarColor [DefaultOnlineMeetingProvider <String>]: onlineMeetingProviderType [HexColor <String>]: The calendar color, expressed in a hex color code of three hexadecimal values, each ranging from 00 to FF and representing the red, green, or blue components of the color in the RGB color space. If the user has never explicitly set a color for the calendar, this property is empty. Read-only. [IsDefaultCalendar <Boolean?>]: true if this is the default calendar where new events are created by default, false otherwise. [IsRemovable <Boolean?>]: Indicates whether this user calendar can be deleted from the user mailbox. [IsTallyingResponses <Boolean?>]: Indicates whether this user calendar supports tracking of meeting responses. Only meeting invites sent from users' primary calendars support tracking of meeting responses. [Name <String>]: The calendar name. [Owner <IMicrosoftGraphEmailAddress>]: emailAddress [City <String>]: The city in which the user is located. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CompanyName <String>]: The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [ConsentProvidedForMinor <String>]: Sets whether consent has been obtained for minors. Allowed values: null, Granted, Denied and NotRequired. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [Country <String>]: The country/region in which the user is located; for example, US or UK. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CreatedDateTime <DateTime?>]: The date and time the user was created, in ISO 8601 format and in UTC time. The value cannot be modified and is automatically populated when the entity is created. Nullable. For on-premises users, the value represents when they were first created in Azure AD. Property is null for some users created before June 2018 and on-premises users that were synced to Azure AD before June 2018. Read-only. Read-only. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [CreationType <String>]: Indicates whether the user account was created through one of the following methods: As a regular school or work account (null). As an external account (Invitation). As a local account for an Azure Active Directory B2C tenant (LocalAccount). Through self-service sign-up by an internal user using email verification (EmailVerified). Through self-service sign-up by an external user signing up through a link that is part of a user flow (SelfServiceSignUp). Read-only.Returned only on $select. Supports $filter (eq, ne, not, in). [Department <String>]: The name for the department in which the user works. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, and eq on null values). [DeviceEnrollmentLimit <Int32?>]: The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000. [DisplayName <String>]: The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values), $orderBy, and $search. [Drive <IMicrosoftGraphDrive>]: drive [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedByUser <IMicrosoftGraphUser>]: user [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [(Any) <Object>]: This indicates any property can be added to this object. [DriveId <String>]: Unique identifier of the drive instance that contains the item. Read-only. [DriveType <String>]: Identifies the type of drive. See [drive][] resource for values. [Id <String>]: Unique identifier of the item in the drive. Read-only. [Name <String>]: The name of the item being referenced. Read-only. [Path <String>]: Path that can be used to navigate to the item. Read-only. [ShareId <String>]: A unique identifier for a shared resource that can be accessed via the [Shares][] API. [SharepointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [(Any) <Object>]: This indicates any property can be added to this object. [ListId <String>]: The unique identifier (guid) for the item's list in SharePoint. [ListItemId <String>]: An integer identifier for the item within the containing list. [ListItemUniqueId <String>]: The unique identifier (guid) for the item within OneDrive for Business or a SharePoint site. [SiteId <String>]: The unique identifier (guid) for the item's site collection (SPSite). [SiteUrl <String>]: The SharePoint URL for the site that contains the item. [TenantId <String>]: The unique identifier (guid) for the tenancy. [WebId <String>]: The unique identifier (guid) for the item's site (SPWeb). [SiteId <String>]: For OneDrive for Business and SharePoint, this property represents the ID of the site that contains the parent document library of the driveItem resource. The value is the same as the id property of that [site][] resource. It is an opaque string that consists of three identifiers of the site. For OneDrive, this property is not populated. [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [DriveType <String>]: Describes the type of drive represented by this resource. OneDrive personal drives will return personal. OneDrive for Business will return business. SharePoint document libraries will return documentLibrary. Read-only. [List <IMicrosoftGraphList>]: list [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedByUser <IMicrosoftGraphUser>]: user [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [DisplayName <String>]: The displayable title of the list. [Drive <IMicrosoftGraphDrive>]: drive [List <IMicrosoftGraphListInfo>]: listInfo [(Any) <Object>]: This indicates any property can be added to this object. [ContentTypesEnabled <Boolean?>]: If true, indicates that content types are enabled for this list. [Hidden <Boolean?>]: If true, indicates that the list is not normally visible in the SharePoint user experience. [Template <String>]: An enumerated value that represents the base list template used in creating the list. Possible values include documentLibrary, genericList, task, survey, announcements, contacts, and more. [SharepointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [System <IMicrosoftGraphSystemFacet>]: systemFacet [(Any) <Object>]: This indicates any property can be added to this object. [Owner <IMicrosoftGraphIdentitySet>]: identitySet [Quota <IMicrosoftGraphQuota>]: quota [(Any) <Object>]: This indicates any property can be added to this object. [Deleted <Int64?>]: Total space consumed by files in the recycle bin, in bytes. Read-only. [Remaining <Int64?>]: Total space remaining before reaching the quota limit, in bytes. Read-only. [State <String>]: Enumeration value that indicates the state of the storage space. Read-only. [StoragePlanInformation <IMicrosoftGraphStoragePlanInformation>]: storagePlanInformation [(Any) <Object>]: This indicates any property can be added to this object. [UpgradeAvailable <Boolean?>]: Indicates whether there are higher storage quota plans available. Read-only. [Total <Int64?>]: Total allowed storage space, in bytes. Read-only. [Used <Int64?>]: Total space used, in bytes. Read-only. [Root <IMicrosoftGraphDriveItem>]: driveItem [SharePointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [System <IMicrosoftGraphSystemFacet>]: systemFacet [EmployeeHireDate <DateTime?>]: The date and time when the user was hired or will start work in case of a future hire. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [EmployeeId <String>]: The employee identifier assigned to the user by the organization. The maximum length is 16 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [EmployeeOrgData <IMicrosoftGraphEmployeeOrgData>]: employeeOrgData [(Any) <Object>]: This indicates any property can be added to this object. [CostCenter <String>]: The cost center associated with the user. Returned only on $select. Supports $filter. [Division <String>]: The name of the division in which the user works. Returned only on $select. Supports $filter. [EmployeeType <String>]: Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith). [ExternalUserState <String>]: For an external user invited to the tenant using the invitation API, this property represents the invited user's invitation status. For invited users, the state can be PendingAcceptance or Accepted, or null for all other users. Returned only on $select. Supports $filter (eq, ne, not , in). [ExternalUserStateChangeDateTime <DateTime?>]: Shows the timestamp for the latest change to the externalUserState property. Returned only on $select. Supports $filter (eq, ne, not , in). [FaxNumber <String>]: The fax number of the user. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [GivenName <String>]: The given name (first name) of the user. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [HireDate <DateTime?>]: The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. Note: This property is specific to SharePoint Online. We recommend using the native employeeHireDate property to set and update hire date values using Microsoft Graph APIs. [Identities <IMicrosoftGraphObjectIdentity[]>]: Represents the identities that can be used to sign in to this user account. An identity can be provided by Microsoft (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and tied to a user account. May contain multiple items with the same signInType value. Returned only on $select. Supports $filter (eq) including on null values, only where the signInType is not userPrincipalName. [Issuer <String>]: Specifies the issuer of the identity, for example facebook.com.For local accounts (where signInType is not federated), this property is the local B2C tenant default domain name, for example contoso.onmicrosoft.com.For external users from other Azure AD organization, this will be the domain of the federated organization, for example contoso.com.Supports $filter. 512 character limit. [IssuerAssignedId <String>]: Specifies the unique identifier assigned to the user by the issuer. The combination of issuer and issuerAssignedId must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).When signInType is set to: emailAddress, (or a custom string that starts with emailAddress like emailAddress1) issuerAssignedId must be a valid email addressuserName, issuerAssignedId must begin with alphabetical character or number, and can only contain alphanumeric characters and the following symbols: - or Supports $filter. 64 character limit. [SignInType <String>]: Specifies the user sign-in types in your directory, such as emailAddress, userName, federated, or userPrincipalName. federated represents a unique identifier for a user from an issuer, that can be in any format chosen by the issuer. Setting or updating a userPrincipalName identity will update the value of the userPrincipalName property on the user object. The validations performed on the userPrincipalName property on the user object, for example, verified domains and acceptable characters, will be performed when setting or updating a userPrincipalName identity. Additional validation is enforced on issuerAssignedId when the sign-in type is set to emailAddress or userName. This property can also be set to any custom string. [ImAddresses <String[]>]: The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user. Read-only. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith). [InferenceClassification <IMicrosoftGraphInferenceClassification>]: inferenceClassification [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Insights <IMicrosoftGraphOfficeGraphInsights>]: officeGraphInsights [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Interests <String[]>]: A list for the user to describe their interests. Returned only on $select. [IsResourceAccount <Boolean?>]: Do not use – reserved for future use. [JobTitle <String>]: The user's job title. Maximum length is 128 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [LastPasswordChangeDateTime <DateTime?>]: The time when this Azure AD user last changed their password or when their password was created, whichever date the latest action was performed. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [LegalAgeGroupClassification <String>]: Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on ageGroup and consentProvidedForMinor properties. Allowed values: null, MinorWithOutParentalConsent, MinorWithParentalConsent, MinorNoParentalConsentRequired, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. [LicenseAssignmentStates <IMicrosoftGraphLicenseAssignmentState[]>]: State of license assignments for this user. Also indicates licenses that are directly-assigned and those that the user has inherited through group memberships. Read-only. Returned only on $select. [AssignedByGroup <String>]: [DisabledPlans <String[]>]: [Error <String>]: [LastUpdatedDateTime <DateTime?>]: [SkuId <String>]: [State <String>]: [Mail <String>]: The SMTP address for the user, for example, jeff@contoso.onmicrosoft.com. Changes to this property will also update the user's proxyAddresses collection to include the value as an SMTP address. This property cannot contain accent characters. NOTE: We do not recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith, and eq on null values). [MailNickname <String>]: The mail alias for the user. This property must be specified when a user is created. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MailboxSettings <IMicrosoftGraphMailboxSettings>]: mailboxSettings [(Any) <Object>]: This indicates any property can be added to this object. [ArchiveFolder <String>]: Folder ID of an archive folder for the user. [AutomaticRepliesSetting <IMicrosoftGraphAutomaticRepliesSetting>]: automaticRepliesSetting [(Any) <Object>]: This indicates any property can be added to this object. [ExternalAudience <String>]: externalAudienceScope [ExternalReplyMessage <String>]: The automatic reply to send to the specified external audience, if Status is AlwaysEnabled or Scheduled. [InternalReplyMessage <String>]: The automatic reply to send to the audience internal to the signed-in user's organization, if Status is AlwaysEnabled or Scheduled. [ScheduledEndDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [ScheduledStartDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [Status <String>]: automaticRepliesStatus [DateFormat <String>]: The date format for the user's mailbox. [DelegateMeetingMessageDeliveryOptions <String>]: delegateMeetingMessageDeliveryOptions [Language <IMicrosoftGraphLocaleInfo>]: localeInfo [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: A name representing the user's locale in natural language, for example, 'English (United States)'. [Locale <String>]: A locale representation for the user, which includes the user's preferred language and country/region. For example, 'en-us'. The language component follows 2-letter codes as defined in ISO 639-1, and the country component follows 2-letter codes as defined in ISO 3166-1 alpha-2. [TimeFormat <String>]: The time format for the user's mailbox. [TimeZone <String>]: The default time zone for the user's mailbox. [UserPurpose <String>]: userPurpose [WorkingHours <IMicrosoftGraphWorkingHours>]: workingHours [(Any) <Object>]: This indicates any property can be added to this object. [DaysOfWeek <String[]>]: The days of the week on which the user works. [EndTime <String>]: The time of the day that the user stops working. [StartTime <String>]: The time of the day that the user starts working. [TimeZone <IMicrosoftGraphTimeZoneBase>]: timeZoneBase [(Any) <Object>]: This indicates any property can be added to this object. [Name <String>]: The name of a time zone. It can be a standard time zone name such as 'Hawaii-Aleutian Standard Time', or 'Customized Time Zone' for a custom time zone. [Manager <IMicrosoftGraphDirectoryObject>]: directoryObject [MobilePhone <String>]: The primary cellular telephone number for the user. Read-only for users synced from on-premises directory. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MySite <String>]: The URL for the user's personal site. Returned only on $select. [OfficeLocation <String>]: The office location in the user's place of business. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [OnPremisesDistinguishedName <String>]: Contains the on-premises Active Directory distinguished name or DN. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesDomainName <String>]: Contains the on-premises domainFQDN, also called dnsDomainName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesExtensionAttributes <IMicrosoftGraphOnPremisesExtensionAttributes>]: onPremisesExtensionAttributes [(Any) <Object>]: This indicates any property can be added to this object. [ExtensionAttribute1 <String>]: First customizable extension attribute. [ExtensionAttribute10 <String>]: Tenth customizable extension attribute. [ExtensionAttribute11 <String>]: Eleventh customizable extension attribute. [ExtensionAttribute12 <String>]: Twelfth customizable extension attribute. [ExtensionAttribute13 <String>]: Thirteenth customizable extension attribute. [ExtensionAttribute14 <String>]: Fourteenth customizable extension attribute. [ExtensionAttribute15 <String>]: Fifteenth customizable extension attribute. [ExtensionAttribute2 <String>]: Second customizable extension attribute. [ExtensionAttribute3 <String>]: Third customizable extension attribute. [ExtensionAttribute4 <String>]: Fourth customizable extension attribute. [ExtensionAttribute5 <String>]: Fifth customizable extension attribute. [ExtensionAttribute6 <String>]: Sixth customizable extension attribute. [ExtensionAttribute7 <String>]: Seventh customizable extension attribute. [ExtensionAttribute8 <String>]: Eighth customizable extension attribute. [ExtensionAttribute9 <String>]: Ninth customizable extension attribute. [OnPremisesImmutableId <String>]: This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user's userPrincipalName (UPN) property. NOTE: The $ and _ characters cannot be used when specifying this property. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in).. [OnPremisesLastSyncDateTime <DateTime?>]: Indicates the last time at which the object was synced with the on-premises directory; for example: 2013-02-16T03:04:54Z. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in). [OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]: Errors when using Microsoft synchronization product during provisioning. Returned only on $select. Supports $filter (eq, not, ge, le). [OnPremisesSamAccountName <String>]: Contains the on-premises samAccountName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [OnPremisesSecurityIdentifier <String>]: Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud. Read-only. Returned only on $select. Supports $filter (eq including on null values). [OnPremisesSyncEnabled <Boolean?>]: true if this user object is currently being synced from an on-premises Active Directory (AD); otherwise the user isn't being synced and can be managed in Azure Active Directory (Azure AD). Read-only. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). [OnPremisesUserPrincipalName <String>]: Contains the on-premises userPrincipalName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [Onenote <IMicrosoftGraphOnenote>]: onenote [OtherMails <String[]>]: A list of additional email addresses for the user; for example: ['bob@contoso.com', 'Robert@fabrikam.com']. NOTE: This property cannot contain accent characters. Returned only on $select. Supports $filter (eq, not, ge, le, in, startsWith, endsWith, /$count eq 0, /$count ne 0). [Outlook <IMicrosoftGraphOutlookUser>]: outlookUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PasswordPolicies <String>]: Specifies password policies for the user. This value is an enumeration with one possible value being DisableStrongPassword, which allows weaker passwords than the default policy to be specified. DisablePasswordExpiration can also be specified. The two may be specified together; for example: DisablePasswordExpiration, DisableStrongPassword. Returned only on $select. For more information on the default password policies, see Azure AD pasword policies. Supports $filter (ne, not, and eq on null values). [PasswordProfile <IMicrosoftGraphPasswordProfile>]: passwordProfile [(Any) <Object>]: This indicates any property can be added to this object. [ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change her password on the next login; otherwise false. [ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multi-factor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multi-factor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false. [Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next login. The password must satisfy minimum requirements as specified by the user’s passwordPolicies property. By default, a strong password is required. [PastProjects <String[]>]: A list for the user to enumerate their past projects. Returned only on $select. [Photo <IMicrosoftGraphProfilePhoto>]: profilePhoto [Planner <IMicrosoftGraphPlannerUser>]: plannerUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PostalCode <String>]: The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. Maximum length is 40 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [PreferredDataLocation <String>]: The preferred data location for the user. For more information, see OneDrive Online Multi-Geo. [PreferredLanguage <String>]: The preferred language for the user. Should follow ISO 639-1 Code; for example en-US. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values) [PreferredName <String>]: The preferred name for the user. Not Supported. This attribute returns an empty string.Returned only on $select. [Presence <IMicrosoftGraphPresence>]: presence [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Activity <String>]: The supplemental information to a user's availability. Possible values are Available, Away, BeRightBack, Busy, DoNotDisturb, InACall, InAConferenceCall, Inactive, InAMeeting, Offline, OffWork, OutOfOffice, PresenceUnknown, Presenting, UrgentInterruptionsOnly. [Availability <String>]: The base presence information for a user. Possible values are Available, AvailableIdle, Away, BeRightBack, Busy, BusyIdle, DoNotDisturb, Offline, PresenceUnknown [ProvisionedPlans <IMicrosoftGraphProvisionedPlan[]>]: The plans that are provisioned for the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le). [CapabilityStatus <String>]: For example, 'Enabled'. [ProvisioningStatus <String>]: For example, 'Success'. [Service <String>]: The name of the service; for example, 'AccessControlS2S' [ProxyAddresses <String[]>]: For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. Changes to the mail property will also update this collection to include the value as an SMTP address. For more information, see mail and proxyAddresses properties. The proxy address prefixed with SMTP (capitalized) is the primary proxy address while those prefixed with smtp are the secondary proxy addresses. For Azure AD B2C accounts, this property has a limit of ten unique addresses. Read-only in Microsoft Graph; you can update this property only through the Microsoft 365 admin center. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith, endsWith, /$count eq 0, /$count ne 0). [Responsibilities <String[]>]: A list for the user to enumerate their responsibilities. Returned only on $select. [Schools <String[]>]: A list for the user to enumerate the schools they have attended. Returned only on $select. [SecurityIdentifier <String>]: Security identifier (SID) of the user, used in Windows scenarios. Read-only. Returned by default. Supports $select and $filter (eq, not, ge, le, startsWith). [Settings <IMicrosoftGraphUserSettings>]: userSettings [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ContributionToContentDiscoveryAsOrganizationDisabled <Boolean?>]: [ContributionToContentDiscoveryDisabled <Boolean?>]: [ShiftPreferences <IMicrosoftGraphShiftPreferences>]: shiftPreferences [(Any) <Object>]: This indicates any property can be added to this object. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [Id <String>]: The unique idenfier for an entity. Read-only. [Availability <IMicrosoftGraphShiftAvailability[]>]: Availability of the user to be scheduled for work and its recurrence pattern. [Recurrence <IMicrosoftGraphPatternedRecurrence>]: patternedRecurrence [TimeSlots <IMicrosoftGraphTimeRange[]>]: The time slot(s) preferred by the user. [EndTime <String>]: End time for the time range. [StartTime <String>]: Start time for the time range. [TimeZone <String>]: Specifies the time zone for the indicated time. [ShowInAddressList <Boolean?>]: Do not use in Microsoft Graph. Manage this property through the Microsoft 365 admin center instead. Represents whether the user should be included in the Outlook global address list. See Known issue. [SignInSessionsValidFromDateTime <DateTime?>]: Any refresh tokens or sessions tokens (session cookies) issued before this time are invalid, and applications will get an error when using an invalid refresh or sessions token to acquire a delegated access token (to access APIs such as Microsoft Graph). If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint. Read-only. Use revokeSignInSessions to reset. Returned only on $select. [Skills <String[]>]: A list for the user to enumerate their skills. Returned only on $select. [State <String>]: The state or province in the user's address. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [StreetAddress <String>]: The street address of the user's place of business. Maximum length is 1024 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Surname <String>]: The user's surname (family name or last name). Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Teamwork <IMicrosoftGraphUserTeamwork>]: userTeamwork [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Todo <IMicrosoftGraphTodo>]: todo [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [UsageLocation <String>]: A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: US, JP, and GB. Not nullable. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [UserPrincipalName <String>]: The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property cannot contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, ' . - _ ! # ^ ~. For the complete list of allowed characters, see username policies. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith) and $orderBy. [UserType <String>]: A string value that can be used to classify user types in your directory, such as Member and Guest. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). NOTE: For more information about the permissions for member and guest users, see What are the default user permissions in Azure Active Directory? [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [Analytics <IMicrosoftGraphItemAnalytics>]: itemAnalytics [DisplayName <String>]: The full title for the site. Read-only. [Drive <IMicrosoftGraphDrive>]: drive [Error <IMicrosoftGraphPublicError>]: publicError [Onenote <IMicrosoftGraphOnenote>]: onenote [Root <IMicrosoftGraphRoot>]: root [SharepointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [SiteCollection <IMicrosoftGraphSiteCollection>]: siteCollection [(Any) <Object>]: This indicates any property can be added to this object. [DataLocationCode <String>]: The geographic region code for where this site collection resides. Read-only. [Hostname <String>]: The hostname for the site collection. Read-only. [Root <IMicrosoftGraphRoot>]: root [TermStore <IMicrosoftGraphTermStore>]: store [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [DefaultLanguageTag <String>]: Default language of the term store. [LanguageTags <String[]>]: List of languages for the term store. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycasecustodiansitesource #> function Update-MgSecurityCaseEdiscoveryCaseCustodianSiteSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecuritySiteSource])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of siteSource ${SiteSourceId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecuritySiteSource] # siteSource # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time the dataSource was created. ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The display name of the dataSource. # This will be the name of the SharePoint site. ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceHoldStatus ${HoldStatus}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSite] # site # To construct, see NOTES section for SITE properties and create a hash table. ${Site}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianSiteSource_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianSiteSource_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianSiteSource_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianSiteSource_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property unifiedGroupSources in security .Description Update the navigation property unifiedGroupSources in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUnifiedGroupSource .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUnifiedGroupSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityUnifiedGroupSource>: unifiedGroupSource [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the dataSource was created. [DisplayName <String>]: The display name of the dataSource. This will be the name of the SharePoint site. [HoldStatus <String>]: dataSourceHoldStatus [Id <String>]: The unique idenfier for an entity. Read-only. [Group <IMicrosoftGraphGroup>]: group [(Any) <Object>]: This indicates any property can be added to this object. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique idenfier for an entity. Read-only. [AllowExternalSenders <Boolean?>]: Indicates if people external to the organization can send messages to the group. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [AssignedLabels <IMicrosoftGraphAssignedLabel[]>]: The list of sensitivity label pairs (label ID, label name) associated with a Microsoft 365 group. Returned only on $select. [DisplayName <String>]: The display name of the label. Read-only. [LabelId <String>]: The unique identifier of the label. [AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]: The licenses that are assigned to the group. Returned only on $select. Supports $filter (eq).Read-only. [DisabledPlans <String[]>]: A collection of the unique identifiers for plans that have been disabled. [SkuId <String>]: The unique identifier for the SKU. [AutoSubscribeNewMembers <Boolean?>]: Indicates if new members added to the group will be auto-subscribed to receive email notifications. You can set this property in a PATCH request for the group; do not set it in the initial POST request that creates the group. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [Calendar <IMicrosoftGraphCalendar>]: calendar [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AllowedOnlineMeetingProviders <String[]>]: Represent the online meeting service providers that can be used to create online meetings in this calendar. Possible values are: unknown, skypeForBusiness, skypeForConsumer, teamsForBusiness. [CanEdit <Boolean?>]: true if the user can write to the calendar, false otherwise. This property is true for the user who created the calendar. This property is also true for a user who has been shared a calendar and granted write access. [CanShare <Boolean?>]: true if the user has the permission to share the calendar, false otherwise. Only the user who created the calendar can share it. [CanViewPrivateItems <Boolean?>]: true if the user can read calendar items that have been marked private, false otherwise. [ChangeKey <String>]: Identifies the version of the calendar object. Every time the calendar is changed, changeKey changes as well. This allows Exchange to apply changes to the correct version of the object. Read-only. [Color <String>]: calendarColor [DefaultOnlineMeetingProvider <String>]: onlineMeetingProviderType [HexColor <String>]: The calendar color, expressed in a hex color code of three hexadecimal values, each ranging from 00 to FF and representing the red, green, or blue components of the color in the RGB color space. If the user has never explicitly set a color for the calendar, this property is empty. Read-only. [IsDefaultCalendar <Boolean?>]: true if this is the default calendar where new events are created by default, false otherwise. [IsRemovable <Boolean?>]: Indicates whether this user calendar can be deleted from the user mailbox. [IsTallyingResponses <Boolean?>]: Indicates whether this user calendar supports tracking of meeting responses. Only meeting invites sent from users' primary calendars support tracking of meeting responses. [Name <String>]: The calendar name. [Owner <IMicrosoftGraphEmailAddress>]: emailAddress [Classification <String>]: Describes a classification for the group (such as low, medium or high business impact). Valid values for this property are defined by creating a ClassificationList setting value, based on the template definition.Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith). [CreatedDateTime <DateTime?>]: Timestamp of when the group was created. The value cannot be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. [CreatedOnBehalfOf <IMicrosoftGraphDirectoryObject>]: directoryObject [Description <String>]: An optional description for the group. Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith) and $search. [DisplayName <String>]: The display name for the group. This property is required when a group is created and cannot be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values), $search, and $orderBy. [Drive <IMicrosoftGraphDrive>]: drive [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedByUser <IMicrosoftGraphUser>]: user [(Any) <Object>]: This indicates any property can be added to this object. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique idenfier for an entity. Read-only. [AboutMe <String>]: A freeform text entry field for the user to describe themselves. Returned only on $select. [AccountEnabled <Boolean?>]: true if the account is enabled; otherwise, false. This property is required when a user is created. Returned only on $select. Supports $filter (eq, ne, not, and in). [AgeGroup <String>]: Sets the age group of the user. Allowed values: null, Minor, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]: The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate directly-assigned and inherited licenses. Use the licenseAssignmentStates property to identify the directly-assigned and inherited licenses. Not nullable. Returned only on $select. Supports $filter (eq, not, /$count eq 0, /$count ne 0). [AssignedPlans <IMicrosoftGraphAssignedPlan[]>]: The plans that are assigned to the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq and not). [AssignedDateTime <DateTime?>]: The date and time at which the plan was assigned. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [CapabilityStatus <String>]: Condition of the capability assignment. The possible values are Enabled, Warning, Suspended, Deleted, LockedOut. See a detailed description of each value. [Service <String>]: The name of the service; for example, exchange. [ServicePlanId <String>]: A GUID that identifies the service plan. For a complete list of GUIDs and their equivalent friendly service names, see Product names and service plan identifiers for licensing. [Authentication <IMicrosoftGraphAuthentication>]: authentication [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AuthorizationInfo <IMicrosoftGraphAuthorizationInfo>]: authorizationInfo [(Any) <Object>]: This indicates any property can be added to this object. [CertificateUserIds <String[]>]: [Birthday <DateTime?>]: The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [BusinessPhones <String[]>]: The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property. Read-only for users synced from on-premises directory. Returned by default. Supports $filter (eq, not, ge, le, startsWith). [Calendar <IMicrosoftGraphCalendar>]: calendar [City <String>]: The city in which the user is located. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CompanyName <String>]: The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [ConsentProvidedForMinor <String>]: Sets whether consent has been obtained for minors. Allowed values: null, Granted, Denied and NotRequired. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [Country <String>]: The country/region in which the user is located; for example, US or UK. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CreatedDateTime <DateTime?>]: The date and time the user was created, in ISO 8601 format and in UTC time. The value cannot be modified and is automatically populated when the entity is created. Nullable. For on-premises users, the value represents when they were first created in Azure AD. Property is null for some users created before June 2018 and on-premises users that were synced to Azure AD before June 2018. Read-only. Read-only. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [CreationType <String>]: Indicates whether the user account was created through one of the following methods: As a regular school or work account (null). As an external account (Invitation). As a local account for an Azure Active Directory B2C tenant (LocalAccount). Through self-service sign-up by an internal user using email verification (EmailVerified). Through self-service sign-up by an external user signing up through a link that is part of a user flow (SelfServiceSignUp). Read-only.Returned only on $select. Supports $filter (eq, ne, not, in). [Department <String>]: The name for the department in which the user works. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, and eq on null values). [DeviceEnrollmentLimit <Int32?>]: The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000. [DisplayName <String>]: The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values), $orderBy, and $search. [Drive <IMicrosoftGraphDrive>]: drive [EmployeeHireDate <DateTime?>]: The date and time when the user was hired or will start work in case of a future hire. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [EmployeeId <String>]: The employee identifier assigned to the user by the organization. The maximum length is 16 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [EmployeeOrgData <IMicrosoftGraphEmployeeOrgData>]: employeeOrgData [(Any) <Object>]: This indicates any property can be added to this object. [CostCenter <String>]: The cost center associated with the user. Returned only on $select. Supports $filter. [Division <String>]: The name of the division in which the user works. Returned only on $select. Supports $filter. [EmployeeType <String>]: Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith). [ExternalUserState <String>]: For an external user invited to the tenant using the invitation API, this property represents the invited user's invitation status. For invited users, the state can be PendingAcceptance or Accepted, or null for all other users. Returned only on $select. Supports $filter (eq, ne, not , in). [ExternalUserStateChangeDateTime <DateTime?>]: Shows the timestamp for the latest change to the externalUserState property. Returned only on $select. Supports $filter (eq, ne, not , in). [FaxNumber <String>]: The fax number of the user. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [GivenName <String>]: The given name (first name) of the user. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [HireDate <DateTime?>]: The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. Note: This property is specific to SharePoint Online. We recommend using the native employeeHireDate property to set and update hire date values using Microsoft Graph APIs. [Identities <IMicrosoftGraphObjectIdentity[]>]: Represents the identities that can be used to sign in to this user account. An identity can be provided by Microsoft (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and tied to a user account. May contain multiple items with the same signInType value. Returned only on $select. Supports $filter (eq) including on null values, only where the signInType is not userPrincipalName. [Issuer <String>]: Specifies the issuer of the identity, for example facebook.com.For local accounts (where signInType is not federated), this property is the local B2C tenant default domain name, for example contoso.onmicrosoft.com.For external users from other Azure AD organization, this will be the domain of the federated organization, for example contoso.com.Supports $filter. 512 character limit. [IssuerAssignedId <String>]: Specifies the unique identifier assigned to the user by the issuer. The combination of issuer and issuerAssignedId must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).When signInType is set to: emailAddress, (or a custom string that starts with emailAddress like emailAddress1) issuerAssignedId must be a valid email addressuserName, issuerAssignedId must begin with alphabetical character or number, and can only contain alphanumeric characters and the following symbols: - or Supports $filter. 64 character limit. [SignInType <String>]: Specifies the user sign-in types in your directory, such as emailAddress, userName, federated, or userPrincipalName. federated represents a unique identifier for a user from an issuer, that can be in any format chosen by the issuer. Setting or updating a userPrincipalName identity will update the value of the userPrincipalName property on the user object. The validations performed on the userPrincipalName property on the user object, for example, verified domains and acceptable characters, will be performed when setting or updating a userPrincipalName identity. Additional validation is enforced on issuerAssignedId when the sign-in type is set to emailAddress or userName. This property can also be set to any custom string. [ImAddresses <String[]>]: The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user. Read-only. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith). [InferenceClassification <IMicrosoftGraphInferenceClassification>]: inferenceClassification [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Insights <IMicrosoftGraphOfficeGraphInsights>]: officeGraphInsights [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Interests <String[]>]: A list for the user to describe their interests. Returned only on $select. [IsResourceAccount <Boolean?>]: Do not use – reserved for future use. [JobTitle <String>]: The user's job title. Maximum length is 128 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [LastPasswordChangeDateTime <DateTime?>]: The time when this Azure AD user last changed their password or when their password was created, whichever date the latest action was performed. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [LegalAgeGroupClassification <String>]: Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on ageGroup and consentProvidedForMinor properties. Allowed values: null, MinorWithOutParentalConsent, MinorWithParentalConsent, MinorNoParentalConsentRequired, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. [LicenseAssignmentStates <IMicrosoftGraphLicenseAssignmentState[]>]: State of license assignments for this user. Also indicates licenses that are directly-assigned and those that the user has inherited through group memberships. Read-only. Returned only on $select. [AssignedByGroup <String>]: [DisabledPlans <String[]>]: [Error <String>]: [LastUpdatedDateTime <DateTime?>]: [SkuId <String>]: [State <String>]: [Mail <String>]: The SMTP address for the user, for example, jeff@contoso.onmicrosoft.com. Changes to this property will also update the user's proxyAddresses collection to include the value as an SMTP address. This property cannot contain accent characters. NOTE: We do not recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith, and eq on null values). [MailNickname <String>]: The mail alias for the user. This property must be specified when a user is created. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MailboxSettings <IMicrosoftGraphMailboxSettings>]: mailboxSettings [(Any) <Object>]: This indicates any property can be added to this object. [ArchiveFolder <String>]: Folder ID of an archive folder for the user. [AutomaticRepliesSetting <IMicrosoftGraphAutomaticRepliesSetting>]: automaticRepliesSetting [(Any) <Object>]: This indicates any property can be added to this object. [ExternalAudience <String>]: externalAudienceScope [ExternalReplyMessage <String>]: The automatic reply to send to the specified external audience, if Status is AlwaysEnabled or Scheduled. [InternalReplyMessage <String>]: The automatic reply to send to the audience internal to the signed-in user's organization, if Status is AlwaysEnabled or Scheduled. [ScheduledEndDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [ScheduledStartDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [Status <String>]: automaticRepliesStatus [DateFormat <String>]: The date format for the user's mailbox. [DelegateMeetingMessageDeliveryOptions <String>]: delegateMeetingMessageDeliveryOptions [Language <IMicrosoftGraphLocaleInfo>]: localeInfo [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: A name representing the user's locale in natural language, for example, 'English (United States)'. [Locale <String>]: A locale representation for the user, which includes the user's preferred language and country/region. For example, 'en-us'. The language component follows 2-letter codes as defined in ISO 639-1, and the country component follows 2-letter codes as defined in ISO 3166-1 alpha-2. [TimeFormat <String>]: The time format for the user's mailbox. [TimeZone <String>]: The default time zone for the user's mailbox. [UserPurpose <String>]: userPurpose [WorkingHours <IMicrosoftGraphWorkingHours>]: workingHours [(Any) <Object>]: This indicates any property can be added to this object. [DaysOfWeek <String[]>]: The days of the week on which the user works. [EndTime <String>]: The time of the day that the user stops working. [StartTime <String>]: The time of the day that the user starts working. [TimeZone <IMicrosoftGraphTimeZoneBase>]: timeZoneBase [(Any) <Object>]: This indicates any property can be added to this object. [Name <String>]: The name of a time zone. It can be a standard time zone name such as 'Hawaii-Aleutian Standard Time', or 'Customized Time Zone' for a custom time zone. [Manager <IMicrosoftGraphDirectoryObject>]: directoryObject [MobilePhone <String>]: The primary cellular telephone number for the user. Read-only for users synced from on-premises directory. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MySite <String>]: The URL for the user's personal site. Returned only on $select. [OfficeLocation <String>]: The office location in the user's place of business. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [OnPremisesDistinguishedName <String>]: Contains the on-premises Active Directory distinguished name or DN. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesDomainName <String>]: Contains the on-premises domainFQDN, also called dnsDomainName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesExtensionAttributes <IMicrosoftGraphOnPremisesExtensionAttributes>]: onPremisesExtensionAttributes [(Any) <Object>]: This indicates any property can be added to this object. [ExtensionAttribute1 <String>]: First customizable extension attribute. [ExtensionAttribute10 <String>]: Tenth customizable extension attribute. [ExtensionAttribute11 <String>]: Eleventh customizable extension attribute. [ExtensionAttribute12 <String>]: Twelfth customizable extension attribute. [ExtensionAttribute13 <String>]: Thirteenth customizable extension attribute. [ExtensionAttribute14 <String>]: Fourteenth customizable extension attribute. [ExtensionAttribute15 <String>]: Fifteenth customizable extension attribute. [ExtensionAttribute2 <String>]: Second customizable extension attribute. [ExtensionAttribute3 <String>]: Third customizable extension attribute. [ExtensionAttribute4 <String>]: Fourth customizable extension attribute. [ExtensionAttribute5 <String>]: Fifth customizable extension attribute. [ExtensionAttribute6 <String>]: Sixth customizable extension attribute. [ExtensionAttribute7 <String>]: Seventh customizable extension attribute. [ExtensionAttribute8 <String>]: Eighth customizable extension attribute. [ExtensionAttribute9 <String>]: Ninth customizable extension attribute. [OnPremisesImmutableId <String>]: This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user's userPrincipalName (UPN) property. NOTE: The $ and _ characters cannot be used when specifying this property. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in).. [OnPremisesLastSyncDateTime <DateTime?>]: Indicates the last time at which the object was synced with the on-premises directory; for example: 2013-02-16T03:04:54Z. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in). [OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]: Errors when using Microsoft synchronization product during provisioning. Returned only on $select. Supports $filter (eq, not, ge, le). [Category <String>]: Category of the provisioning error. Note: Currently, there is only one possible value. Possible value: PropertyConflict - indicates a property value is not unique. Other objects contain the same value for the property. [OccurredDateTime <DateTime?>]: The date and time at which the error occurred. [PropertyCausingError <String>]: Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress [Value <String>]: Value of the property causing the error. [OnPremisesSamAccountName <String>]: Contains the on-premises samAccountName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [OnPremisesSecurityIdentifier <String>]: Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud. Read-only. Returned only on $select. Supports $filter (eq including on null values). [OnPremisesSyncEnabled <Boolean?>]: true if this user object is currently being synced from an on-premises Active Directory (AD); otherwise the user isn't being synced and can be managed in Azure Active Directory (Azure AD). Read-only. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). [OnPremisesUserPrincipalName <String>]: Contains the on-premises userPrincipalName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [Onenote <IMicrosoftGraphOnenote>]: onenote [OtherMails <String[]>]: A list of additional email addresses for the user; for example: ['bob@contoso.com', 'Robert@fabrikam.com']. NOTE: This property cannot contain accent characters. Returned only on $select. Supports $filter (eq, not, ge, le, in, startsWith, endsWith, /$count eq 0, /$count ne 0). [Outlook <IMicrosoftGraphOutlookUser>]: outlookUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PasswordPolicies <String>]: Specifies password policies for the user. This value is an enumeration with one possible value being DisableStrongPassword, which allows weaker passwords than the default policy to be specified. DisablePasswordExpiration can also be specified. The two may be specified together; for example: DisablePasswordExpiration, DisableStrongPassword. Returned only on $select. For more information on the default password policies, see Azure AD pasword policies. Supports $filter (ne, not, and eq on null values). [PasswordProfile <IMicrosoftGraphPasswordProfile>]: passwordProfile [(Any) <Object>]: This indicates any property can be added to this object. [ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change her password on the next login; otherwise false. [ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multi-factor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multi-factor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false. [Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next login. The password must satisfy minimum requirements as specified by the user’s passwordPolicies property. By default, a strong password is required. [PastProjects <String[]>]: A list for the user to enumerate their past projects. Returned only on $select. [Photo <IMicrosoftGraphProfilePhoto>]: profilePhoto [Planner <IMicrosoftGraphPlannerUser>]: plannerUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PostalCode <String>]: The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. Maximum length is 40 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [PreferredDataLocation <String>]: The preferred data location for the user. For more information, see OneDrive Online Multi-Geo. [PreferredLanguage <String>]: The preferred language for the user. Should follow ISO 639-1 Code; for example en-US. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values) [PreferredName <String>]: The preferred name for the user. Not Supported. This attribute returns an empty string.Returned only on $select. [Presence <IMicrosoftGraphPresence>]: presence [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Activity <String>]: The supplemental information to a user's availability. Possible values are Available, Away, BeRightBack, Busy, DoNotDisturb, InACall, InAConferenceCall, Inactive, InAMeeting, Offline, OffWork, OutOfOffice, PresenceUnknown, Presenting, UrgentInterruptionsOnly. [Availability <String>]: The base presence information for a user. Possible values are Available, AvailableIdle, Away, BeRightBack, Busy, BusyIdle, DoNotDisturb, Offline, PresenceUnknown [ProvisionedPlans <IMicrosoftGraphProvisionedPlan[]>]: The plans that are provisioned for the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le). [CapabilityStatus <String>]: For example, 'Enabled'. [ProvisioningStatus <String>]: For example, 'Success'. [Service <String>]: The name of the service; for example, 'AccessControlS2S' [ProxyAddresses <String[]>]: For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. Changes to the mail property will also update this collection to include the value as an SMTP address. For more information, see mail and proxyAddresses properties. The proxy address prefixed with SMTP (capitalized) is the primary proxy address while those prefixed with smtp are the secondary proxy addresses. For Azure AD B2C accounts, this property has a limit of ten unique addresses. Read-only in Microsoft Graph; you can update this property only through the Microsoft 365 admin center. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith, endsWith, /$count eq 0, /$count ne 0). [Responsibilities <String[]>]: A list for the user to enumerate their responsibilities. Returned only on $select. [Schools <String[]>]: A list for the user to enumerate the schools they have attended. Returned only on $select. [SecurityIdentifier <String>]: Security identifier (SID) of the user, used in Windows scenarios. Read-only. Returned by default. Supports $select and $filter (eq, not, ge, le, startsWith). [Settings <IMicrosoftGraphUserSettings>]: userSettings [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ContributionToContentDiscoveryAsOrganizationDisabled <Boolean?>]: [ContributionToContentDiscoveryDisabled <Boolean?>]: [ShiftPreferences <IMicrosoftGraphShiftPreferences>]: shiftPreferences [(Any) <Object>]: This indicates any property can be added to this object. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [Id <String>]: The unique idenfier for an entity. Read-only. [Availability <IMicrosoftGraphShiftAvailability[]>]: Availability of the user to be scheduled for work and its recurrence pattern. [Recurrence <IMicrosoftGraphPatternedRecurrence>]: patternedRecurrence [TimeSlots <IMicrosoftGraphTimeRange[]>]: The time slot(s) preferred by the user. [EndTime <String>]: End time for the time range. [StartTime <String>]: Start time for the time range. [TimeZone <String>]: Specifies the time zone for the indicated time. [ShowInAddressList <Boolean?>]: Do not use in Microsoft Graph. Manage this property through the Microsoft 365 admin center instead. Represents whether the user should be included in the Outlook global address list. See Known issue. [SignInSessionsValidFromDateTime <DateTime?>]: Any refresh tokens or sessions tokens (session cookies) issued before this time are invalid, and applications will get an error when using an invalid refresh or sessions token to acquire a delegated access token (to access APIs such as Microsoft Graph). If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint. Read-only. Use revokeSignInSessions to reset. Returned only on $select. [Skills <String[]>]: A list for the user to enumerate their skills. Returned only on $select. [State <String>]: The state or province in the user's address. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [StreetAddress <String>]: The street address of the user's place of business. Maximum length is 1024 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Surname <String>]: The user's surname (family name or last name). Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Teamwork <IMicrosoftGraphUserTeamwork>]: userTeamwork [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Todo <IMicrosoftGraphTodo>]: todo [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [UsageLocation <String>]: A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: US, JP, and GB. Not nullable. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [UserPrincipalName <String>]: The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property cannot contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, ' . - _ ! # ^ ~. For the complete list of allowed characters, see username policies. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith) and $orderBy. [UserType <String>]: A string value that can be used to classify user types in your directory, such as Member and Guest. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). NOTE: For more information about the permissions for member and guest users, see What are the default user permissions in Azure Active Directory? [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [DriveType <String>]: Describes the type of drive represented by this resource. OneDrive personal drives will return personal. OneDrive for Business will return business. SharePoint document libraries will return documentLibrary. Read-only. [List <IMicrosoftGraphList>]: list [Owner <IMicrosoftGraphIdentitySet>]: identitySet [Quota <IMicrosoftGraphQuota>]: quota [(Any) <Object>]: This indicates any property can be added to this object. [Deleted <Int64?>]: Total space consumed by files in the recycle bin, in bytes. Read-only. [Remaining <Int64?>]: Total space remaining before reaching the quota limit, in bytes. Read-only. [State <String>]: Enumeration value that indicates the state of the storage space. Read-only. [StoragePlanInformation <IMicrosoftGraphStoragePlanInformation>]: storagePlanInformation [(Any) <Object>]: This indicates any property can be added to this object. [UpgradeAvailable <Boolean?>]: Indicates whether there are higher storage quota plans available. Read-only. [Total <Int64?>]: Total allowed storage space, in bytes. Read-only. [Used <Int64?>]: Total space used, in bytes. Read-only. [Root <IMicrosoftGraphDriveItem>]: driveItem [SharePointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [System <IMicrosoftGraphSystemFacet>]: systemFacet [ExpirationDateTime <DateTime?>]: Timestamp of when the group is set to expire. The value cannot be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. [GroupTypes <String[]>]: Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static. Returned by default. Supports $filter (eq, not). [HasMembersWithLicenseErrors <Boolean?>]: Indicates whether there are members in this group that have license errors from its group-based license assignment. This property is never returned on a GET operation. You can use it as a $filter argument to get groups that have members with license errors (that is, filter for this property being true). See an example. Supports $filter (eq). [HideFromAddressLists <Boolean?>]: True if the group is not displayed in certain parts of the Outlook UI: the Address Book, address lists for selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [HideFromOutlookClients <Boolean?>]: True if the group is not displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [IsArchived <Boolean?>]: When a group is associated with a team this property determines whether the team is in read-only mode.To read this property, use the /group/{groupId}/team endpoint or the Get team API. To update this property, use the archiveTeam and unarchiveTeam APIs. [IsAssignableToRole <Boolean?>]: Indicates whether this group can be assigned to an Azure Active Directory role or not. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group cannot be a dynamic group (that is, groupTypes cannot contain DynamicMembership). Only callers in Global Administrator and Privileged Role Administrator roles can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Azure AD role assignmentsUsing this feature requires a Azure AD Premium P1 license. Returned by default. Supports $filter (eq, ne, not). [IsSubscribedByMail <Boolean?>]: Indicates whether the signed-in user is subscribed to receive email conversations. Default value is true. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [LicenseProcessingState <IMicrosoftGraphLicenseProcessingState>]: licenseProcessingState [(Any) <Object>]: This indicates any property can be added to this object. [State <String>]: [Mail <String>]: The SMTP address for the group, for example, 'serviceadmins@contoso.onmicrosoft.com'. Returned by default. Read-only. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MailEnabled <Boolean?>]: Specifies whether the group is mail-enabled. Required. Returned by default. Supports $filter (eq, ne, not). [MailNickname <String>]: The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () / [] ' ; : <> , SPACE. Required. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MembershipRule <String>]: The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax. Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith). [MembershipRuleProcessingState <String>]: Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused. Returned by default. Supports $filter (eq, ne, not, in). [OnPremisesDomainName <String>]: [OnPremisesLastSyncDateTime <DateTime?>]: Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Read-only. Supports $filter (eq, ne, not, ge, le, in). [OnPremisesNetBiosName <String>]: [OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]: Errors when using Microsoft synchronization product during provisioning. Returned by default. Supports $filter (eq, not). [OnPremisesSamAccountName <String>]: Contains the on-premises SAM account name synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect.Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith). Read-only. [OnPremisesSecurityIdentifier <String>]: Contains the on-premises security identifier (SID) for the group that was synchronized from on-premises to the cloud. Returned by default. Supports $filter (eq including on null values). Read-only. [OnPremisesSyncEnabled <Boolean?>]: true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default). Returned by default. Read-only. Supports $filter (eq, ne, not, in, and eq on null values). [Onenote <IMicrosoftGraphOnenote>]: onenote [Photo <IMicrosoftGraphProfilePhoto>]: profilePhoto [Planner <IMicrosoftGraphPlannerGroup>]: plannerGroup [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PreferredDataLocation <String>]: The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling user must be assigned one of the following Azure AD roles: Global Administrator User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo. Nullable. Returned by default. [PreferredLanguage <String>]: The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example en-US. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [ProxyAddresses <String[]>]: Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required to filter expressions on multi-valued properties. Returned by default. Read-only. Not nullable. Supports $filter (eq, not, ge, le, startsWith, endsWith, /$count eq 0, /$count ne 0). [RenewedDateTime <DateTime?>]: Timestamp of when the group was last renewed. This cannot be modified directly and is only updated via the renew service action. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. [SecurityEnabled <Boolean?>]: Specifies whether the group is a security group. Required. Returned by default. Supports $filter (eq, ne, not, in). [SecurityIdentifier <String>]: Security identifier of the group, used in Windows scenarios. Returned by default. [Team <IMicrosoftGraphTeam>]: team [Theme <String>]: Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red. Returned by default. [UnseenCount <Int32?>]: Count of conversations that have received new posts since the signed-in user last visited the group. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [Visibility <String>]: Specifies the group join policy and group content visibility for groups. Possible values are: Private, Public, or HiddenMembership. HiddenMembership can be set only for Microsoft 365 groups, when the groups are created. It can't be updated later. Other values of visibility can be updated after group creation. If visibility value is not specified during group creation on Microsoft Graph, a security group is created as Private by default and Microsoft 365 group is Public. Groups assignable to roles are always Private. See group visibility options to learn more. Returned by default. Nullable. [IncludedSources <String>]: sourceType CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity GROUP <IMicrosoftGraphGroup>: group [(Any) <Object>]: This indicates any property can be added to this object. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique idenfier for an entity. Read-only. [AllowExternalSenders <Boolean?>]: Indicates if people external to the organization can send messages to the group. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [AssignedLabels <IMicrosoftGraphAssignedLabel[]>]: The list of sensitivity label pairs (label ID, label name) associated with a Microsoft 365 group. Returned only on $select. [DisplayName <String>]: The display name of the label. Read-only. [LabelId <String>]: The unique identifier of the label. [AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]: The licenses that are assigned to the group. Returned only on $select. Supports $filter (eq).Read-only. [DisabledPlans <String[]>]: A collection of the unique identifiers for plans that have been disabled. [SkuId <String>]: The unique identifier for the SKU. [AutoSubscribeNewMembers <Boolean?>]: Indicates if new members added to the group will be auto-subscribed to receive email notifications. You can set this property in a PATCH request for the group; do not set it in the initial POST request that creates the group. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [Calendar <IMicrosoftGraphCalendar>]: calendar [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AllowedOnlineMeetingProviders <String[]>]: Represent the online meeting service providers that can be used to create online meetings in this calendar. Possible values are: unknown, skypeForBusiness, skypeForConsumer, teamsForBusiness. [CanEdit <Boolean?>]: true if the user can write to the calendar, false otherwise. This property is true for the user who created the calendar. This property is also true for a user who has been shared a calendar and granted write access. [CanShare <Boolean?>]: true if the user has the permission to share the calendar, false otherwise. Only the user who created the calendar can share it. [CanViewPrivateItems <Boolean?>]: true if the user can read calendar items that have been marked private, false otherwise. [ChangeKey <String>]: Identifies the version of the calendar object. Every time the calendar is changed, changeKey changes as well. This allows Exchange to apply changes to the correct version of the object. Read-only. [Color <String>]: calendarColor [DefaultOnlineMeetingProvider <String>]: onlineMeetingProviderType [HexColor <String>]: The calendar color, expressed in a hex color code of three hexadecimal values, each ranging from 00 to FF and representing the red, green, or blue components of the color in the RGB color space. If the user has never explicitly set a color for the calendar, this property is empty. Read-only. [IsDefaultCalendar <Boolean?>]: true if this is the default calendar where new events are created by default, false otherwise. [IsRemovable <Boolean?>]: Indicates whether this user calendar can be deleted from the user mailbox. [IsTallyingResponses <Boolean?>]: Indicates whether this user calendar supports tracking of meeting responses. Only meeting invites sent from users' primary calendars support tracking of meeting responses. [Name <String>]: The calendar name. [Owner <IMicrosoftGraphEmailAddress>]: emailAddress [Classification <String>]: Describes a classification for the group (such as low, medium or high business impact). Valid values for this property are defined by creating a ClassificationList setting value, based on the template definition.Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith). [CreatedDateTime <DateTime?>]: Timestamp of when the group was created. The value cannot be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. [CreatedOnBehalfOf <IMicrosoftGraphDirectoryObject>]: directoryObject [Description <String>]: An optional description for the group. Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith) and $search. [DisplayName <String>]: The display name for the group. This property is required when a group is created and cannot be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values), $search, and $orderBy. [Drive <IMicrosoftGraphDrive>]: drive [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedByUser <IMicrosoftGraphUser>]: user [(Any) <Object>]: This indicates any property can be added to this object. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique idenfier for an entity. Read-only. [AboutMe <String>]: A freeform text entry field for the user to describe themselves. Returned only on $select. [AccountEnabled <Boolean?>]: true if the account is enabled; otherwise, false. This property is required when a user is created. Returned only on $select. Supports $filter (eq, ne, not, and in). [AgeGroup <String>]: Sets the age group of the user. Allowed values: null, Minor, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [AssignedLicenses <IMicrosoftGraphAssignedLicense[]>]: The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate directly-assigned and inherited licenses. Use the licenseAssignmentStates property to identify the directly-assigned and inherited licenses. Not nullable. Returned only on $select. Supports $filter (eq, not, /$count eq 0, /$count ne 0). [AssignedPlans <IMicrosoftGraphAssignedPlan[]>]: The plans that are assigned to the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq and not). [AssignedDateTime <DateTime?>]: The date and time at which the plan was assigned. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. [CapabilityStatus <String>]: Condition of the capability assignment. The possible values are Enabled, Warning, Suspended, Deleted, LockedOut. See a detailed description of each value. [Service <String>]: The name of the service; for example, exchange. [ServicePlanId <String>]: A GUID that identifies the service plan. For a complete list of GUIDs and their equivalent friendly service names, see Product names and service plan identifiers for licensing. [Authentication <IMicrosoftGraphAuthentication>]: authentication [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AuthorizationInfo <IMicrosoftGraphAuthorizationInfo>]: authorizationInfo [(Any) <Object>]: This indicates any property can be added to this object. [CertificateUserIds <String[]>]: [Birthday <DateTime?>]: The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [BusinessPhones <String[]>]: The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property. Read-only for users synced from on-premises directory. Returned by default. Supports $filter (eq, not, ge, le, startsWith). [Calendar <IMicrosoftGraphCalendar>]: calendar [City <String>]: The city in which the user is located. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CompanyName <String>]: The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [ConsentProvidedForMinor <String>]: Sets whether consent has been obtained for minors. Allowed values: null, Granted, Denied and NotRequired. Refer to the legal age group property definitions for further information. Returned only on $select. Supports $filter (eq, ne, not, and in). [Country <String>]: The country/region in which the user is located; for example, US or UK. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [CreatedDateTime <DateTime?>]: The date and time the user was created, in ISO 8601 format and in UTC time. The value cannot be modified and is automatically populated when the entity is created. Nullable. For on-premises users, the value represents when they were first created in Azure AD. Property is null for some users created before June 2018 and on-premises users that were synced to Azure AD before June 2018. Read-only. Read-only. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [CreationType <String>]: Indicates whether the user account was created through one of the following methods: As a regular school or work account (null). As an external account (Invitation). As a local account for an Azure Active Directory B2C tenant (LocalAccount). Through self-service sign-up by an internal user using email verification (EmailVerified). Through self-service sign-up by an external user signing up through a link that is part of a user flow (SelfServiceSignUp). Read-only.Returned only on $select. Supports $filter (eq, ne, not, in). [Department <String>]: The name for the department in which the user works. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, and eq on null values). [DeviceEnrollmentLimit <Int32?>]: The limit on the maximum number of devices that the user is permitted to enroll. Allowed values are 5 or 1000. [DisplayName <String>]: The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values), $orderBy, and $search. [Drive <IMicrosoftGraphDrive>]: drive [EmployeeHireDate <DateTime?>]: The date and time when the user was hired or will start work in case of a future hire. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). [EmployeeId <String>]: The employee identifier assigned to the user by the organization. The maximum length is 16 characters. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [EmployeeOrgData <IMicrosoftGraphEmployeeOrgData>]: employeeOrgData [(Any) <Object>]: This indicates any property can be added to this object. [CostCenter <String>]: The cost center associated with the user. Returned only on $select. Supports $filter. [Division <String>]: The name of the division in which the user works. Returned only on $select. Supports $filter. [EmployeeType <String>]: Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith). [ExternalUserState <String>]: For an external user invited to the tenant using the invitation API, this property represents the invited user's invitation status. For invited users, the state can be PendingAcceptance or Accepted, or null for all other users. Returned only on $select. Supports $filter (eq, ne, not , in). [ExternalUserStateChangeDateTime <DateTime?>]: Shows the timestamp for the latest change to the externalUserState property. Returned only on $select. Supports $filter (eq, ne, not , in). [FaxNumber <String>]: The fax number of the user. Returned only on $select. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [GivenName <String>]: The given name (first name) of the user. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [HireDate <DateTime?>]: The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. Note: This property is specific to SharePoint Online. We recommend using the native employeeHireDate property to set and update hire date values using Microsoft Graph APIs. [Identities <IMicrosoftGraphObjectIdentity[]>]: Represents the identities that can be used to sign in to this user account. An identity can be provided by Microsoft (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and tied to a user account. May contain multiple items with the same signInType value. Returned only on $select. Supports $filter (eq) including on null values, only where the signInType is not userPrincipalName. [Issuer <String>]: Specifies the issuer of the identity, for example facebook.com.For local accounts (where signInType is not federated), this property is the local B2C tenant default domain name, for example contoso.onmicrosoft.com.For external users from other Azure AD organization, this will be the domain of the federated organization, for example contoso.com.Supports $filter. 512 character limit. [IssuerAssignedId <String>]: Specifies the unique identifier assigned to the user by the issuer. The combination of issuer and issuerAssignedId must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).When signInType is set to: emailAddress, (or a custom string that starts with emailAddress like emailAddress1) issuerAssignedId must be a valid email addressuserName, issuerAssignedId must begin with alphabetical character or number, and can only contain alphanumeric characters and the following symbols: - or Supports $filter. 64 character limit. [SignInType <String>]: Specifies the user sign-in types in your directory, such as emailAddress, userName, federated, or userPrincipalName. federated represents a unique identifier for a user from an issuer, that can be in any format chosen by the issuer. Setting or updating a userPrincipalName identity will update the value of the userPrincipalName property on the user object. The validations performed on the userPrincipalName property on the user object, for example, verified domains and acceptable characters, will be performed when setting or updating a userPrincipalName identity. Additional validation is enforced on issuerAssignedId when the sign-in type is set to emailAddress or userName. This property can also be set to any custom string. [ImAddresses <String[]>]: The instant message voice over IP (VOIP) session initiation protocol (SIP) addresses for the user. Read-only. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith). [InferenceClassification <IMicrosoftGraphInferenceClassification>]: inferenceClassification [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Insights <IMicrosoftGraphOfficeGraphInsights>]: officeGraphInsights [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Interests <String[]>]: A list for the user to describe their interests. Returned only on $select. [IsResourceAccount <Boolean?>]: Do not use – reserved for future use. [JobTitle <String>]: The user's job title. Maximum length is 128 characters. Returned by default. Supports $filter (eq, ne, not , ge, le, in, startsWith, and eq on null values). [LastPasswordChangeDateTime <DateTime?>]: The time when this Azure AD user last changed their password or when their password was created, whichever date the latest action was performed. The date and time information uses ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned only on $select. [LegalAgeGroupClassification <String>]: Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on ageGroup and consentProvidedForMinor properties. Allowed values: null, MinorWithOutParentalConsent, MinorWithParentalConsent, MinorNoParentalConsentRequired, NotAdult and Adult. Refer to the legal age group property definitions for further information. Returned only on $select. [LicenseAssignmentStates <IMicrosoftGraphLicenseAssignmentState[]>]: State of license assignments for this user. Also indicates licenses that are directly-assigned and those that the user has inherited through group memberships. Read-only. Returned only on $select. [AssignedByGroup <String>]: [DisabledPlans <String[]>]: [Error <String>]: [LastUpdatedDateTime <DateTime?>]: [SkuId <String>]: [State <String>]: [Mail <String>]: The SMTP address for the user, for example, jeff@contoso.onmicrosoft.com. Changes to this property will also update the user's proxyAddresses collection to include the value as an SMTP address. This property cannot contain accent characters. NOTE: We do not recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith, and eq on null values). [MailNickname <String>]: The mail alias for the user. This property must be specified when a user is created. Maximum length is 64 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MailboxSettings <IMicrosoftGraphMailboxSettings>]: mailboxSettings [(Any) <Object>]: This indicates any property can be added to this object. [ArchiveFolder <String>]: Folder ID of an archive folder for the user. [AutomaticRepliesSetting <IMicrosoftGraphAutomaticRepliesSetting>]: automaticRepliesSetting [(Any) <Object>]: This indicates any property can be added to this object. [ExternalAudience <String>]: externalAudienceScope [ExternalReplyMessage <String>]: The automatic reply to send to the specified external audience, if Status is AlwaysEnabled or Scheduled. [InternalReplyMessage <String>]: The automatic reply to send to the audience internal to the signed-in user's organization, if Status is AlwaysEnabled or Scheduled. [ScheduledEndDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [ScheduledStartDateTime <IMicrosoftGraphDateTimeZone>]: dateTimeTimeZone [Status <String>]: automaticRepliesStatus [DateFormat <String>]: The date format for the user's mailbox. [DelegateMeetingMessageDeliveryOptions <String>]: delegateMeetingMessageDeliveryOptions [Language <IMicrosoftGraphLocaleInfo>]: localeInfo [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: A name representing the user's locale in natural language, for example, 'English (United States)'. [Locale <String>]: A locale representation for the user, which includes the user's preferred language and country/region. For example, 'en-us'. The language component follows 2-letter codes as defined in ISO 639-1, and the country component follows 2-letter codes as defined in ISO 3166-1 alpha-2. [TimeFormat <String>]: The time format for the user's mailbox. [TimeZone <String>]: The default time zone for the user's mailbox. [UserPurpose <String>]: userPurpose [WorkingHours <IMicrosoftGraphWorkingHours>]: workingHours [(Any) <Object>]: This indicates any property can be added to this object. [DaysOfWeek <String[]>]: The days of the week on which the user works. [EndTime <String>]: The time of the day that the user stops working. [StartTime <String>]: The time of the day that the user starts working. [TimeZone <IMicrosoftGraphTimeZoneBase>]: timeZoneBase [(Any) <Object>]: This indicates any property can be added to this object. [Name <String>]: The name of a time zone. It can be a standard time zone name such as 'Hawaii-Aleutian Standard Time', or 'Customized Time Zone' for a custom time zone. [Manager <IMicrosoftGraphDirectoryObject>]: directoryObject [MobilePhone <String>]: The primary cellular telephone number for the user. Read-only for users synced from on-premises directory. Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MySite <String>]: The URL for the user's personal site. Returned only on $select. [OfficeLocation <String>]: The office location in the user's place of business. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [OnPremisesDistinguishedName <String>]: Contains the on-premises Active Directory distinguished name or DN. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesDomainName <String>]: Contains the on-premises domainFQDN, also called dnsDomainName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. [OnPremisesExtensionAttributes <IMicrosoftGraphOnPremisesExtensionAttributes>]: onPremisesExtensionAttributes [(Any) <Object>]: This indicates any property can be added to this object. [ExtensionAttribute1 <String>]: First customizable extension attribute. [ExtensionAttribute10 <String>]: Tenth customizable extension attribute. [ExtensionAttribute11 <String>]: Eleventh customizable extension attribute. [ExtensionAttribute12 <String>]: Twelfth customizable extension attribute. [ExtensionAttribute13 <String>]: Thirteenth customizable extension attribute. [ExtensionAttribute14 <String>]: Fourteenth customizable extension attribute. [ExtensionAttribute15 <String>]: Fifteenth customizable extension attribute. [ExtensionAttribute2 <String>]: Second customizable extension attribute. [ExtensionAttribute3 <String>]: Third customizable extension attribute. [ExtensionAttribute4 <String>]: Fourth customizable extension attribute. [ExtensionAttribute5 <String>]: Fifth customizable extension attribute. [ExtensionAttribute6 <String>]: Sixth customizable extension attribute. [ExtensionAttribute7 <String>]: Seventh customizable extension attribute. [ExtensionAttribute8 <String>]: Eighth customizable extension attribute. [ExtensionAttribute9 <String>]: Ninth customizable extension attribute. [OnPremisesImmutableId <String>]: This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user's userPrincipalName (UPN) property. NOTE: The $ and _ characters cannot be used when specifying this property. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in).. [OnPremisesLastSyncDateTime <DateTime?>]: Indicates the last time at which the object was synced with the on-premises directory; for example: 2013-02-16T03:04:54Z. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in). [OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]: Errors when using Microsoft synchronization product during provisioning. Returned only on $select. Supports $filter (eq, not, ge, le). [Category <String>]: Category of the provisioning error. Note: Currently, there is only one possible value. Possible value: PropertyConflict - indicates a property value is not unique. Other objects contain the same value for the property. [OccurredDateTime <DateTime?>]: The date and time at which the error occurred. [PropertyCausingError <String>]: Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress [Value <String>]: Value of the property causing the error. [OnPremisesSamAccountName <String>]: Contains the on-premises samAccountName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [OnPremisesSecurityIdentifier <String>]: Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud. Read-only. Returned only on $select. Supports $filter (eq including on null values). [OnPremisesSyncEnabled <Boolean?>]: true if this user object is currently being synced from an on-premises Active Directory (AD); otherwise the user isn't being synced and can be managed in Azure Active Directory (Azure AD). Read-only. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). [OnPremisesUserPrincipalName <String>]: Contains the on-premises userPrincipalName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Read-only. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith). [Onenote <IMicrosoftGraphOnenote>]: onenote [OtherMails <String[]>]: A list of additional email addresses for the user; for example: ['bob@contoso.com', 'Robert@fabrikam.com']. NOTE: This property cannot contain accent characters. Returned only on $select. Supports $filter (eq, not, ge, le, in, startsWith, endsWith, /$count eq 0, /$count ne 0). [Outlook <IMicrosoftGraphOutlookUser>]: outlookUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PasswordPolicies <String>]: Specifies password policies for the user. This value is an enumeration with one possible value being DisableStrongPassword, which allows weaker passwords than the default policy to be specified. DisablePasswordExpiration can also be specified. The two may be specified together; for example: DisablePasswordExpiration, DisableStrongPassword. Returned only on $select. For more information on the default password policies, see Azure AD pasword policies. Supports $filter (ne, not, and eq on null values). [PasswordProfile <IMicrosoftGraphPasswordProfile>]: passwordProfile [(Any) <Object>]: This indicates any property can be added to this object. [ForceChangePasswordNextSignIn <Boolean?>]: true if the user must change her password on the next login; otherwise false. [ForceChangePasswordNextSignInWithMfa <Boolean?>]: If true, at next sign-in, the user must perform a multi-factor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multi-factor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false. [Password <String>]: The password for the user. This property is required when a user is created. It can be updated, but the user will be required to change the password on the next login. The password must satisfy minimum requirements as specified by the user’s passwordPolicies property. By default, a strong password is required. [PastProjects <String[]>]: A list for the user to enumerate their past projects. Returned only on $select. [Photo <IMicrosoftGraphProfilePhoto>]: profilePhoto [Planner <IMicrosoftGraphPlannerUser>]: plannerUser [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PostalCode <String>]: The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. Maximum length is 40 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [PreferredDataLocation <String>]: The preferred data location for the user. For more information, see OneDrive Online Multi-Geo. [PreferredLanguage <String>]: The preferred language for the user. Should follow ISO 639-1 Code; for example en-US. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values) [PreferredName <String>]: The preferred name for the user. Not Supported. This attribute returns an empty string.Returned only on $select. [Presence <IMicrosoftGraphPresence>]: presence [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Activity <String>]: The supplemental information to a user's availability. Possible values are Available, Away, BeRightBack, Busy, DoNotDisturb, InACall, InAConferenceCall, Inactive, InAMeeting, Offline, OffWork, OutOfOffice, PresenceUnknown, Presenting, UrgentInterruptionsOnly. [Availability <String>]: The base presence information for a user. Possible values are Available, AvailableIdle, Away, BeRightBack, Busy, BusyIdle, DoNotDisturb, Offline, PresenceUnknown [ProvisionedPlans <IMicrosoftGraphProvisionedPlan[]>]: The plans that are provisioned for the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le). [CapabilityStatus <String>]: For example, 'Enabled'. [ProvisioningStatus <String>]: For example, 'Success'. [Service <String>]: The name of the service; for example, 'AccessControlS2S' [ProxyAddresses <String[]>]: For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. Changes to the mail property will also update this collection to include the value as an SMTP address. For more information, see mail and proxyAddresses properties. The proxy address prefixed with SMTP (capitalized) is the primary proxy address while those prefixed with smtp are the secondary proxy addresses. For Azure AD B2C accounts, this property has a limit of ten unique addresses. Read-only in Microsoft Graph; you can update this property only through the Microsoft 365 admin center. Not nullable. Returned only on $select. Supports $filter (eq, not, ge, le, startsWith, endsWith, /$count eq 0, /$count ne 0). [Responsibilities <String[]>]: A list for the user to enumerate their responsibilities. Returned only on $select. [Schools <String[]>]: A list for the user to enumerate the schools they have attended. Returned only on $select. [SecurityIdentifier <String>]: Security identifier (SID) of the user, used in Windows scenarios. Read-only. Returned by default. Supports $select and $filter (eq, not, ge, le, startsWith). [Settings <IMicrosoftGraphUserSettings>]: userSettings [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ContributionToContentDiscoveryAsOrganizationDisabled <Boolean?>]: [ContributionToContentDiscoveryDisabled <Boolean?>]: [ShiftPreferences <IMicrosoftGraphShiftPreferences>]: shiftPreferences [(Any) <Object>]: This indicates any property can be added to this object. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [Id <String>]: The unique idenfier for an entity. Read-only. [Availability <IMicrosoftGraphShiftAvailability[]>]: Availability of the user to be scheduled for work and its recurrence pattern. [Recurrence <IMicrosoftGraphPatternedRecurrence>]: patternedRecurrence [TimeSlots <IMicrosoftGraphTimeRange[]>]: The time slot(s) preferred by the user. [EndTime <String>]: End time for the time range. [StartTime <String>]: Start time for the time range. [TimeZone <String>]: Specifies the time zone for the indicated time. [ShowInAddressList <Boolean?>]: Do not use in Microsoft Graph. Manage this property through the Microsoft 365 admin center instead. Represents whether the user should be included in the Outlook global address list. See Known issue. [SignInSessionsValidFromDateTime <DateTime?>]: Any refresh tokens or sessions tokens (session cookies) issued before this time are invalid, and applications will get an error when using an invalid refresh or sessions token to acquire a delegated access token (to access APIs such as Microsoft Graph). If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint. Read-only. Use revokeSignInSessions to reset. Returned only on $select. [Skills <String[]>]: A list for the user to enumerate their skills. Returned only on $select. [State <String>]: The state or province in the user's address. Maximum length is 128 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [StreetAddress <String>]: The street address of the user's place of business. Maximum length is 1024 characters. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Surname <String>]: The user's surname (family name or last name). Maximum length is 64 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [Teamwork <IMicrosoftGraphUserTeamwork>]: userTeamwork [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Todo <IMicrosoftGraphTodo>]: todo [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [UsageLocation <String>]: A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: US, JP, and GB. Not nullable. Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [UserPrincipalName <String>]: The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property cannot contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, ' . - _ ! # ^ ~. For the complete list of allowed characters, see username policies. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, endsWith) and $orderBy. [UserType <String>]: A string value that can be used to classify user types in your directory, such as Member and Guest. Returned only on $select. Supports $filter (eq, ne, not, in, and eq on null values). NOTE: For more information about the permissions for member and guest users, see What are the default user permissions in Azure Active Directory? [CreatedDateTime <DateTime?>]: Date and time of item creation. Read-only. [Description <String>]: Provides a user-visible description of the item. Optional. [ETag <String>]: ETag for the item. Read-only. [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedByUser <IMicrosoftGraphUser>]: user [LastModifiedDateTime <DateTime?>]: Date and time the item was last modified. Read-only. [Name <String>]: The name of the item. Read-write. [ParentReference <IMicrosoftGraphItemReference>]: itemReference [WebUrl <String>]: URL that displays the resource in the browser. Read-only. [Id <String>]: The unique idenfier for an entity. Read-only. [DriveType <String>]: Describes the type of drive represented by this resource. OneDrive personal drives will return personal. OneDrive for Business will return business. SharePoint document libraries will return documentLibrary. Read-only. [List <IMicrosoftGraphList>]: list [Owner <IMicrosoftGraphIdentitySet>]: identitySet [Quota <IMicrosoftGraphQuota>]: quota [(Any) <Object>]: This indicates any property can be added to this object. [Deleted <Int64?>]: Total space consumed by files in the recycle bin, in bytes. Read-only. [Remaining <Int64?>]: Total space remaining before reaching the quota limit, in bytes. Read-only. [State <String>]: Enumeration value that indicates the state of the storage space. Read-only. [StoragePlanInformation <IMicrosoftGraphStoragePlanInformation>]: storagePlanInformation [(Any) <Object>]: This indicates any property can be added to this object. [UpgradeAvailable <Boolean?>]: Indicates whether there are higher storage quota plans available. Read-only. [Total <Int64?>]: Total allowed storage space, in bytes. Read-only. [Used <Int64?>]: Total space used, in bytes. Read-only. [Root <IMicrosoftGraphDriveItem>]: driveItem [SharePointIds <IMicrosoftGraphSharepointIds>]: sharepointIds [System <IMicrosoftGraphSystemFacet>]: systemFacet [ExpirationDateTime <DateTime?>]: Timestamp of when the group is set to expire. The value cannot be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. [GroupTypes <String[]>]: Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static. Returned by default. Supports $filter (eq, not). [HasMembersWithLicenseErrors <Boolean?>]: Indicates whether there are members in this group that have license errors from its group-based license assignment. This property is never returned on a GET operation. You can use it as a $filter argument to get groups that have members with license errors (that is, filter for this property being true). See an example. Supports $filter (eq). [HideFromAddressLists <Boolean?>]: True if the group is not displayed in certain parts of the Outlook UI: the Address Book, address lists for selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [HideFromOutlookClients <Boolean?>]: True if the group is not displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [IsArchived <Boolean?>]: When a group is associated with a team this property determines whether the team is in read-only mode.To read this property, use the /group/{groupId}/team endpoint or the Get team API. To update this property, use the archiveTeam and unarchiveTeam APIs. [IsAssignableToRole <Boolean?>]: Indicates whether this group can be assigned to an Azure Active Directory role or not. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group cannot be a dynamic group (that is, groupTypes cannot contain DynamicMembership). Only callers in Global Administrator and Privileged Role Administrator roles can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Azure AD role assignmentsUsing this feature requires a Azure AD Premium P1 license. Returned by default. Supports $filter (eq, ne, not). [IsSubscribedByMail <Boolean?>]: Indicates whether the signed-in user is subscribed to receive email conversations. Default value is true. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [LicenseProcessingState <IMicrosoftGraphLicenseProcessingState>]: licenseProcessingState [(Any) <Object>]: This indicates any property can be added to this object. [State <String>]: [Mail <String>]: The SMTP address for the group, for example, 'serviceadmins@contoso.onmicrosoft.com'. Returned by default. Read-only. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MailEnabled <Boolean?>]: Specifies whether the group is mail-enabled. Required. Returned by default. Supports $filter (eq, ne, not). [MailNickname <String>]: The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () / [] ' ; : <> , SPACE. Required. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [MembershipRule <String>]: The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax. Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith). [MembershipRuleProcessingState <String>]: Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused. Returned by default. Supports $filter (eq, ne, not, in). [OnPremisesDomainName <String>]: [OnPremisesLastSyncDateTime <DateTime?>]: Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Read-only. Supports $filter (eq, ne, not, ge, le, in). [OnPremisesNetBiosName <String>]: [OnPremisesProvisioningErrors <IMicrosoftGraphOnPremisesProvisioningError[]>]: Errors when using Microsoft synchronization product during provisioning. Returned by default. Supports $filter (eq, not). [OnPremisesSamAccountName <String>]: Contains the on-premises SAM account name synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect.Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith). Read-only. [OnPremisesSecurityIdentifier <String>]: Contains the on-premises security identifier (SID) for the group that was synchronized from on-premises to the cloud. Returned by default. Supports $filter (eq including on null values). Read-only. [OnPremisesSyncEnabled <Boolean?>]: true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default). Returned by default. Read-only. Supports $filter (eq, ne, not, in, and eq on null values). [Onenote <IMicrosoftGraphOnenote>]: onenote [Photo <IMicrosoftGraphProfilePhoto>]: profilePhoto [Planner <IMicrosoftGraphPlannerGroup>]: plannerGroup [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [PreferredDataLocation <String>]: The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling user must be assigned one of the following Azure AD roles: Global Administrator User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo. Nullable. Returned by default. [PreferredLanguage <String>]: The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example en-US. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). [ProxyAddresses <String[]>]: Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required to filter expressions on multi-valued properties. Returned by default. Read-only. Not nullable. Supports $filter (eq, not, ge, le, startsWith, endsWith, /$count eq 0, /$count ne 0). [RenewedDateTime <DateTime?>]: Timestamp of when the group was last renewed. This cannot be modified directly and is only updated via the renew service action. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. [SecurityEnabled <Boolean?>]: Specifies whether the group is a security group. Required. Returned by default. Supports $filter (eq, ne, not, in). [SecurityIdentifier <String>]: Security identifier of the group, used in Windows scenarios. Returned by default. [Team <IMicrosoftGraphTeam>]: team [Theme <String>]: Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red. Returned by default. [UnseenCount <Int32?>]: Count of conversations that have received new posts since the signed-in user last visited the group. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). [Visibility <String>]: Specifies the group join policy and group content visibility for groups. Possible values are: Private, Public, or HiddenMembership. HiddenMembership can be set only for Microsoft 365 groups, when the groups are created. It can't be updated later. Other values of visibility can be updated after group creation. If visibility value is not specified during group creation on Microsoft Graph, a security group is created as Private by default and Microsoft 365 group is Public. Groups assignable to roles are always Private. See group visibility options to learn more. Returned by default. Nullable. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycasecustodianunifiedgroupsource #> function Update-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUnifiedGroupSource])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of unifiedGroupSource ${UnifiedGroupSourceId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUnifiedGroupSource] # unifiedGroupSource # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time the dataSource was created. ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The display name of the dataSource. # This will be the name of the SharePoint site. ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphGroup] # group # To construct, see NOTES section for GROUP properties and create a hash table. ${Group}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceHoldStatus ${HoldStatus}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # sourceType ${IncludedSources}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianUnifiedGroupSource_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property userSources in security .Description Update the navigation property userSources in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUserSource .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUserSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityUserSource>: userSource [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the dataSource was created. [DisplayName <String>]: The display name of the dataSource. This will be the name of the SharePoint site. [HoldStatus <String>]: dataSourceHoldStatus [Id <String>]: The unique idenfier for an entity. Read-only. [Email <String>]: Email address of the user's mailbox. [IncludedSources <String>]: sourceType [SiteWebUrl <String>]: The URL of the user's OneDrive for Business site. Read-only. CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycasecustodianusersource #> function Update-MgSecurityCaseEdiscoveryCaseCustodianUserSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUserSource])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of userSource ${UserSourceId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityUserSource] # userSource # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time the dataSource was created. ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The display name of the dataSource. # This will be the name of the SharePoint site. ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Email address of the user's mailbox. ${Email}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceHoldStatus ${HoldStatus}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # sourceType ${IncludedSources}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The URL of the user's OneDrive for Business site. # Read-only. ${SiteWebUrl}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianUserSource_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianUserSource_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianUserSource_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodianUserSource_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property custodians in security .Description Update the navigation property custodians in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCustodian .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCustodian .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityEdiscoveryCustodian>: ediscoveryCustodian [(Any) <Object>]: This indicates any property can be added to this object. [CreatedDateTime <DateTime?>]: Created date and time of the dataSourceContainer entity. [DisplayName <String>]: Display name of the dataSourceContainer entity. [HoldStatus <String>]: dataSourceHoldStatus [LastModifiedDateTime <DateTime?>]: Last modified date and time of the dataSourceContainer. [ReleasedDateTime <DateTime?>]: Date and time that the dataSourceContainer was released from the case. [Status <String>]: dataSourceContainerStatus [Id <String>]: The unique idenfier for an entity. Read-only. [AcknowledgedDateTime <DateTime?>]: Date and time the custodian acknowledged a hold notification. [Email <String>]: Email address of the custodian. [LastIndexOperation <IMicrosoftGraphSecurityEdiscoveryIndexOperation>]: ediscoveryIndexOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycasecustodian #> function Update-MgSecurityCaseEdiscoveryCaseCustodian { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCustodian])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCustodian ${EdiscoveryCustodianId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCustodian] # ediscoveryCustodian # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time the custodian acknowledged a hold notification. ${AcknowledgedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Created date and time of the dataSourceContainer entity. ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Display name of the dataSourceContainer entity. ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Email address of the custodian. ${Email}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceHoldStatus ${HoldStatus}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Runtime.Info(PossibleTypes=([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryIndexOperation]))] [System.Collections.Hashtable] # ediscoveryIndexOperation ${LastIndexOperation}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Last modified date and time of the dataSourceContainer. ${LastModifiedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time that the dataSourceContainer was released from the case. ${ReleasedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceContainerStatus ${Status}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodian_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodian_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodian_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseCustodian_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Trigger an indexOperation to make a non-custodial data source and its associated data source searchable. .Description Trigger an indexOperation to make a non-custodial data source and its associated data source searchable. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs System.Boolean .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycasenoncustodialdatasourceindex #> function Update-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceIndex { [OutputType([System.Boolean])] [CmdletBinding(DefaultParameterSetName='Update', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Update', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryNoncustodialDataSource ${EdiscoveryNoncustodialDataSourceId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Returns true when the command succeeds ${PassThru}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceIndex_Update'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseNoncustodialDataSourceIndex_UpdateViaIdentity'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property noncustodialDataSources in security .Description Update the navigation property noncustodialDataSources in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource>: ediscoveryNoncustodialDataSource [(Any) <Object>]: This indicates any property can be added to this object. [CreatedDateTime <DateTime?>]: Created date and time of the dataSourceContainer entity. [DisplayName <String>]: Display name of the dataSourceContainer entity. [HoldStatus <String>]: dataSourceHoldStatus [LastModifiedDateTime <DateTime?>]: Last modified date and time of the dataSourceContainer. [ReleasedDateTime <DateTime?>]: Date and time that the dataSourceContainer was released from the case. [Status <String>]: dataSourceContainerStatus [Id <String>]: The unique idenfier for an entity. Read-only. [DataSource <IMicrosoftGraphSecurityDataSource>]: dataSource [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the dataSource was created. [DisplayName <String>]: The display name of the dataSource. This will be the name of the SharePoint site. [HoldStatus <String>]: dataSourceHoldStatus [LastIndexOperation <IMicrosoftGraphSecurityEdiscoveryIndexOperation>]: ediscoveryIndexOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. DATASOURCE <IMicrosoftGraphSecurityDataSource>: dataSource [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the dataSource was created. [DisplayName <String>]: The display name of the dataSource. This will be the name of the SharePoint site. [HoldStatus <String>]: dataSourceHoldStatus INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycasenoncustodialdatasource #> function Update-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryNoncustodialDataSource ${EdiscoveryNoncustodialDataSourceId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryNoncustodialDataSource] # ediscoveryNoncustodialDataSource # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Created date and time of the dataSourceContainer entity. ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource] # dataSource # To construct, see NOTES section for DATASOURCE properties and create a hash table. ${DataSource}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Display name of the dataSourceContainer entity. ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceHoldStatus ${HoldStatus}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Runtime.Info(PossibleTypes=([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryIndexOperation]))] [System.Collections.Hashtable] # ediscoveryIndexOperation ${LastIndexOperation}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Last modified date and time of the dataSourceContainer. ${LastModifiedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Date and time that the dataSourceContainer was released from the case. ${ReleasedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceContainerStatus ${Status}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseNoncustodialDataSource_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property operations in security .Description Update the navigation property operations in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCaseOperation .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCaseOperation .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityCaseOperation>: caseOperation [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource RESULTINFO <IMicrosoftGraphResultInfo>: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycaseoperation #> function Update-MgSecurityCaseEdiscoveryCaseOperation { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCaseOperation])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of caseOperation ${CaseOperationId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCaseOperation] # caseOperation # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # caseAction ${Action}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time the operation was completed. ${CompletedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time the operation was created. ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Int32] # The progress of the operation. ${PercentProgress}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphResultInfo] # resultInfo # To construct, see NOTES section for RESULTINFO properties and create a hash table. ${ResultInfo}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # caseOperationStatus ${Status}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseOperation_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseOperation_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseOperation_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseOperation_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property queries in security .Description Update the navigation property queries in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Inputs System.Collections.Hashtable .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSetQuery .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource LASTMODIFIEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycasereviewsetquery #> function Update-MgSecurityCaseEdiscoveryCaseReviewSetQuery { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSetQuery])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewSet ${EdiscoveryReviewSetId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewSetQuery ${EdiscoveryReviewSetQueryId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Runtime.Info(Required, PossibleTypes=([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSetQuery]))] [System.Collections.Hashtable] # ediscoveryReviewSetQuery ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${ContentQuery}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${Description}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for LASTMODIFIEDBY properties and create a hash table. ${LastModifiedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${LastModifiedDateTime}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseReviewSetQuery_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseReviewSetQuery_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseReviewSetQuery_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseReviewSetQuery_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property reviewSets in security .Description Update the navigation property reviewSets in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSet .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSet .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityEdiscoveryReviewSet>: ediscoveryReviewSet [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: [DisplayName <String>]: [Id <String>]: The unique idenfier for an entity. Read-only. CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycasereviewset #> function Update-MgSecurityCaseEdiscoveryCaseReviewSet { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSet])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewSet ${EdiscoveryReviewSetId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewSet] # ediscoveryReviewSet # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseReviewSet_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseReviewSet_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseReviewSet_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseReviewSet_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property additionalSources in security .Description Update the navigation property additionalSources in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityDataSource>: dataSource [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the dataSource was created. [DisplayName <String>]: The display name of the dataSource. This will be the name of the SharePoint site. [HoldStatus <String>]: dataSourceHoldStatus CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycasesearchadditionalsource #> function Update-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of dataSource ${DataSourceId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoverySearch ${EdiscoverySearchId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityDataSource] # dataSource # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time the dataSource was created. ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The display name of the dataSource. # This will be the name of the SharePoint site. ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceHoldStatus ${HoldStatus}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseSearchAdditionalSource_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property searches in security .Description Update the navigation property searches in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoverySearch .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoverySearch .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. ADDTOREVIEWSETOPERATION <IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation>: ediscoveryAddToReviewSetOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [ReviewSet <IMicrosoftGraphSecurityEdiscoveryReviewSet>]: ediscoveryReviewSet [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: [DisplayName <String>]: [Id <String>]: The unique idenfier for an entity. Read-only. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [(Any) <Object>]: This indicates any property can be added to this object. [ContentQuery <String>]: [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: [Description <String>]: [DisplayName <String>]: [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [AddToReviewSetOperation <IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation>]: ediscoveryAddToReviewSetOperation [DataSourceScopes <String>]: dataSourceScopes [LastEstimateStatisticsOperation <IMicrosoftGraphSecurityEdiscoveryEstimateOperation>]: ediscoveryEstimateOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [IndexedItemCount <Int64?>]: The estimated count of items for the search that matched the content query. [IndexedItemsSize <Int64?>]: The estimated size of items for the search that matched the content query. [MailboxCount <Int32?>]: The number of mailboxes that had search hits. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [SiteCount <Int32?>]: The number of mailboxes that had search hits. [UnindexedItemCount <Int64?>]: The estimated count of unindexed items for the collection. [UnindexedItemsSize <Int64?>]: The estimated size of unindexed items for the collection. BODYPARAMETER <IMicrosoftGraphSecurityEdiscoverySearch>: ediscoverySearch [(Any) <Object>]: This indicates any property can be added to this object. [ContentQuery <String>]: [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: [Description <String>]: [DisplayName <String>]: [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [AddToReviewSetOperation <IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation>]: ediscoveryAddToReviewSetOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [ReviewSet <IMicrosoftGraphSecurityEdiscoveryReviewSet>]: ediscoveryReviewSet [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: [DisplayName <String>]: [Id <String>]: The unique idenfier for an entity. Read-only. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [DataSourceScopes <String>]: dataSourceScopes [LastEstimateStatisticsOperation <IMicrosoftGraphSecurityEdiscoveryEstimateOperation>]: ediscoveryEstimateOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [IndexedItemCount <Int64?>]: The estimated count of items for the search that matched the content query. [IndexedItemsSize <Int64?>]: The estimated size of items for the search that matched the content query. [MailboxCount <Int32?>]: The number of mailboxes that had search hits. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [SiteCount <Int32?>]: The number of mailboxes that had search hits. [UnindexedItemCount <Int64?>]: The estimated count of unindexed items for the collection. [UnindexedItemsSize <Int64?>]: The estimated size of unindexed items for the collection. CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource LASTESTIMATESTATISTICSOPERATION <IMicrosoftGraphSecurityEdiscoveryEstimateOperation>: ediscoveryEstimateOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [(Any) <Object>]: This indicates any property can be added to this object. [Code <Int32?>]: The result code. [Message <String>]: The message. [Subcode <Int32?>]: The result sub-code. [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [IndexedItemCount <Int64?>]: The estimated count of items for the search that matched the content query. [IndexedItemsSize <Int64?>]: The estimated size of items for the search that matched the content query. [MailboxCount <Int32?>]: The number of mailboxes that had search hits. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [(Any) <Object>]: This indicates any property can be added to this object. [ContentQuery <String>]: [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: [Description <String>]: [DisplayName <String>]: [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [AddToReviewSetOperation <IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation>]: ediscoveryAddToReviewSetOperation [(Any) <Object>]: This indicates any property can be added to this object. [Action <String>]: caseAction [CompletedDateTime <DateTime?>]: The date and time the operation was completed. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: The date and time the operation was created. [PercentProgress <Int32?>]: The progress of the operation. [ResultInfo <IMicrosoftGraphResultInfo>]: resultInfo [Status <String>]: caseOperationStatus [Id <String>]: The unique idenfier for an entity. Read-only. [ReviewSet <IMicrosoftGraphSecurityEdiscoveryReviewSet>]: ediscoveryReviewSet [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [CreatedDateTime <DateTime?>]: [DisplayName <String>]: [Id <String>]: The unique idenfier for an entity. Read-only. [Search <IMicrosoftGraphSecurityEdiscoverySearch>]: ediscoverySearch [DataSourceScopes <String>]: dataSourceScopes [LastEstimateStatisticsOperation <IMicrosoftGraphSecurityEdiscoveryEstimateOperation>]: ediscoveryEstimateOperation [SiteCount <Int32?>]: The number of mailboxes that had search hits. [UnindexedItemCount <Int64?>]: The estimated count of unindexed items for the collection. [UnindexedItemsSize <Int64?>]: The estimated size of unindexed items for the collection. LASTMODIFIEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycasesearch #> function Update-MgSecurityCaseEdiscoveryCaseSearch { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoverySearch])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoverySearch ${EdiscoverySearchId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoverySearch] # ediscoverySearch # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryAddToReviewSetOperation] # ediscoveryAddToReviewSetOperation # To construct, see NOTES section for ADDTOREVIEWSETOPERATION properties and create a hash table. ${AddToReviewSetOperation}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${ContentQuery}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # dataSourceScopes ${DataSourceScopes}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${Description}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryEstimateOperation] # ediscoveryEstimateOperation # To construct, see NOTES section for LASTESTIMATESTATISTICSOPERATION properties and create a hash table. ${LastEstimateStatisticsOperation}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for LASTMODIFIEDBY properties and create a hash table. ${LastModifiedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${LastModifiedDateTime}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseSearch_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseSearch_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseSearch_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseSearch_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the properties of an ediscoveryCaseSettings object. .Description Update the properties of an ediscoveryCaseSettings object. .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCaseSettings .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCaseSettings .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityEdiscoveryCaseSettings>: ediscoveryCaseSettings [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Ocr <IMicrosoftGraphSecurityOcrSettings>]: ocrSettings [(Any) <Object>]: This indicates any property can be added to this object. [IsEnabled <Boolean?>]: Indicates whether or not OCR is enabled for the case. [MaxImageSize <Int32?>]: Maximum image size that will be processed in KB). [Timeout <TimeSpan?>]: The timeout duration for the OCR engine. A longer timeout might increase success of OCR, but might add to the total processing time. [RedundancyDetection <IMicrosoftGraphSecurityRedundancyDetectionSettings>]: redundancyDetectionSettings [(Any) <Object>]: This indicates any property can be added to this object. [IsEnabled <Boolean?>]: Indicates whether email threading and near duplicate detection are enabled. [MaxWords <Int32?>]: Specifies the maximum number of words used for email threading and near duplicate detection. To learn more, see Minimum/maximum number of words. [MinWords <Int32?>]: Specifies the minimum number of words used for email threading and near duplicate detection. To learn more, see Minimum/maximum number of words. [SimilarityThreshold <Int32?>]: Specifies the similarity level for documents to be put in the same near duplicate set. To learn more, see Document and email similarity threshold. [TopicModeling <IMicrosoftGraphSecurityTopicModelingSettings>]: topicModelingSettings [(Any) <Object>]: This indicates any property can be added to this object. [DynamicallyAdjustTopicCount <Boolean?>]: Indicates whether the themes model should dynamically optimize the number of generated topics. To learn more, see Adjust maximum number of themes dynamically. [IgnoreNumbers <Boolean?>]: Indicates whether the themes model should exclude numbers while parsing document texts. To learn more, see Include numbers in themes. [IsEnabled <Boolean?>]: Indicates whether themes model is enabled for the case. [TopicCount <Int32?>]: The total number of topics that the themes model will generate for a review set. To learn more, see Maximum number of themes. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource OCR <IMicrosoftGraphSecurityOcrSettings>: ocrSettings [(Any) <Object>]: This indicates any property can be added to this object. [IsEnabled <Boolean?>]: Indicates whether or not OCR is enabled for the case. [MaxImageSize <Int32?>]: Maximum image size that will be processed in KB). [Timeout <TimeSpan?>]: The timeout duration for the OCR engine. A longer timeout might increase success of OCR, but might add to the total processing time. REDUNDANCYDETECTION <IMicrosoftGraphSecurityRedundancyDetectionSettings>: redundancyDetectionSettings [(Any) <Object>]: This indicates any property can be added to this object. [IsEnabled <Boolean?>]: Indicates whether email threading and near duplicate detection are enabled. [MaxWords <Int32?>]: Specifies the maximum number of words used for email threading and near duplicate detection. To learn more, see Minimum/maximum number of words. [MinWords <Int32?>]: Specifies the minimum number of words used for email threading and near duplicate detection. To learn more, see Minimum/maximum number of words. [SimilarityThreshold <Int32?>]: Specifies the similarity level for documents to be put in the same near duplicate set. To learn more, see Document and email similarity threshold. TOPICMODELING <IMicrosoftGraphSecurityTopicModelingSettings>: topicModelingSettings [(Any) <Object>]: This indicates any property can be added to this object. [DynamicallyAdjustTopicCount <Boolean?>]: Indicates whether the themes model should dynamically optimize the number of generated topics. To learn more, see Adjust maximum number of themes dynamically. [IgnoreNumbers <Boolean?>]: Indicates whether the themes model should exclude numbers while parsing document texts. To learn more, see Include numbers in themes. [IsEnabled <Boolean?>]: Indicates whether themes model is enabled for the case. [TopicCount <Int32?>]: The total number of topics that the themes model will generate for a review set. To learn more, see Maximum number of themes. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycasesetting #> function Update-MgSecurityCaseEdiscoveryCaseSetting { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCaseSettings])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCaseSettings] # ediscoveryCaseSettings # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityOcrSettings] # ocrSettings # To construct, see NOTES section for OCR properties and create a hash table. ${Ocr}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityRedundancyDetectionSettings] # redundancyDetectionSettings # To construct, see NOTES section for REDUNDANCYDETECTION properties and create a hash table. ${RedundancyDetection}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityTopicModelingSettings] # topicModelingSettings # To construct, see NOTES section for TOPICMODELING properties and create a hash table. ${TopicModeling}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseSetting_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseSetting_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseSetting_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseSetting_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property tags in security .Description Update the navigation property tags in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityEdiscoveryReviewTag>: ediscoveryReviewTag [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [Description <String>]: [DisplayName <String>]: [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [ChildSelectability <String>]: childSelectability [Parent <IMicrosoftGraphSecurityEdiscoveryReviewTag>]: ediscoveryReviewTag CREATEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource PARENT <IMicrosoftGraphSecurityEdiscoveryReviewTag>: ediscoveryReviewTag [(Any) <Object>]: This indicates any property can be added to this object. [CreatedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [Description <String>]: [DisplayName <String>]: [LastModifiedDateTime <DateTime?>]: [Id <String>]: The unique idenfier for an entity. Read-only. [ChildSelectability <String>]: childSelectability [Parent <IMicrosoftGraphSecurityEdiscoveryReviewTag>]: ediscoveryReviewTag .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycasetag #> function Update-MgSecurityCaseEdiscoveryCaseTag { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryReviewTag ${EdiscoveryReviewTagId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag] # ediscoveryReviewTag # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # childSelectability ${ChildSelectability}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CREATEDBY properties and create a hash table. ${CreatedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${Description}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${LastModifiedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryReviewTag] # ediscoveryReviewTag # To construct, see NOTES section for PARENT properties and create a hash table. ${Parent}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseTag_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseTag_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseTag_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCaseTag_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property ediscoveryCases in security .Description Update the navigation property ediscoveryCases in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCase .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCase .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityEdiscoveryCase>: ediscoveryCase [(Any) <Object>]: This indicates any property can be added to this object. [CreatedDateTime <DateTime?>]: [Description <String>]: [DisplayName <String>]: [LastModifiedBy <IMicrosoftGraphIdentitySet>]: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity [LastModifiedDateTime <DateTime?>]: [Status <String>]: caseStatus [Id <String>]: The unique idenfier for an entity. Read-only. [ClosedBy <IMicrosoftGraphIdentitySet>]: identitySet [ClosedDateTime <DateTime?>]: The date and time when the case was closed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z [ExternalId <String>]: The external case number for customer reference. [Settings <IMicrosoftGraphSecurityEdiscoveryCaseSettings>]: ediscoveryCaseSettings [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Ocr <IMicrosoftGraphSecurityOcrSettings>]: ocrSettings [(Any) <Object>]: This indicates any property can be added to this object. [IsEnabled <Boolean?>]: Indicates whether or not OCR is enabled for the case. [MaxImageSize <Int32?>]: Maximum image size that will be processed in KB). [Timeout <TimeSpan?>]: The timeout duration for the OCR engine. A longer timeout might increase success of OCR, but might add to the total processing time. [RedundancyDetection <IMicrosoftGraphSecurityRedundancyDetectionSettings>]: redundancyDetectionSettings [(Any) <Object>]: This indicates any property can be added to this object. [IsEnabled <Boolean?>]: Indicates whether email threading and near duplicate detection are enabled. [MaxWords <Int32?>]: Specifies the maximum number of words used for email threading and near duplicate detection. To learn more, see Minimum/maximum number of words. [MinWords <Int32?>]: Specifies the minimum number of words used for email threading and near duplicate detection. To learn more, see Minimum/maximum number of words. [SimilarityThreshold <Int32?>]: Specifies the similarity level for documents to be put in the same near duplicate set. To learn more, see Document and email similarity threshold. [TopicModeling <IMicrosoftGraphSecurityTopicModelingSettings>]: topicModelingSettings [(Any) <Object>]: This indicates any property can be added to this object. [DynamicallyAdjustTopicCount <Boolean?>]: Indicates whether the themes model should dynamically optimize the number of generated topics. To learn more, see Adjust maximum number of themes dynamically. [IgnoreNumbers <Boolean?>]: Indicates whether the themes model should exclude numbers while parsing document texts. To learn more, see Include numbers in themes. [IsEnabled <Boolean?>]: Indicates whether themes model is enabled for the case. [TopicCount <Int32?>]: The total number of topics that the themes model will generate for a review set. To learn more, see Maximum number of themes. CLOSEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource LASTMODIFIEDBY <IMicrosoftGraphIdentitySet>: identitySet [(Any) <Object>]: This indicates any property can be added to this object. [Application <IMicrosoftGraphIdentity>]: identity [(Any) <Object>]: This indicates any property can be added to this object. [DisplayName <String>]: The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using delta. [Id <String>]: Unique identifier for the identity. [Device <IMicrosoftGraphIdentity>]: identity [User <IMicrosoftGraphIdentity>]: identity SETTINGS <IMicrosoftGraphSecurityEdiscoveryCaseSettings>: ediscoveryCaseSettings [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [Ocr <IMicrosoftGraphSecurityOcrSettings>]: ocrSettings [(Any) <Object>]: This indicates any property can be added to this object. [IsEnabled <Boolean?>]: Indicates whether or not OCR is enabled for the case. [MaxImageSize <Int32?>]: Maximum image size that will be processed in KB). [Timeout <TimeSpan?>]: The timeout duration for the OCR engine. A longer timeout might increase success of OCR, but might add to the total processing time. [RedundancyDetection <IMicrosoftGraphSecurityRedundancyDetectionSettings>]: redundancyDetectionSettings [(Any) <Object>]: This indicates any property can be added to this object. [IsEnabled <Boolean?>]: Indicates whether email threading and near duplicate detection are enabled. [MaxWords <Int32?>]: Specifies the maximum number of words used for email threading and near duplicate detection. To learn more, see Minimum/maximum number of words. [MinWords <Int32?>]: Specifies the minimum number of words used for email threading and near duplicate detection. To learn more, see Minimum/maximum number of words. [SimilarityThreshold <Int32?>]: Specifies the similarity level for documents to be put in the same near duplicate set. To learn more, see Document and email similarity threshold. [TopicModeling <IMicrosoftGraphSecurityTopicModelingSettings>]: topicModelingSettings [(Any) <Object>]: This indicates any property can be added to this object. [DynamicallyAdjustTopicCount <Boolean?>]: Indicates whether the themes model should dynamically optimize the number of generated topics. To learn more, see Adjust maximum number of themes dynamically. [IgnoreNumbers <Boolean?>]: Indicates whether the themes model should exclude numbers while parsing document texts. To learn more, see Include numbers in themes. [IsEnabled <Boolean?>]: Indicates whether themes model is enabled for the case. [TopicCount <Int32?>]: The total number of topics that the themes model will generate for a review set. To learn more, see Maximum number of themes. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycaseediscoverycase #> function Update-MgSecurityCaseEdiscoveryCase { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCase])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of ediscoveryCase ${EdiscoveryCaseId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCase] # ediscoveryCase # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for CLOSEDBY properties and create a hash table. ${ClosedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date and time when the case was closed. # The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. # For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z ${ClosedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${Description}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The external case number for customer reference. ${ExternalId}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphIdentitySet] # identitySet # To construct, see NOTES section for LASTMODIFIEDBY properties and create a hash table. ${LastModifiedBy}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # . ${LastModifiedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityEdiscoveryCaseSettings] # ediscoveryCaseSettings # To construct, see NOTES section for SETTINGS properties and create a hash table. ${Settings}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # caseStatus ${Status}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCase_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCase_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCase_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCaseEdiscoveryCase_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property cases in security .Description Update the navigation property cases in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCasesRoot .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCasesRoot .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityCasesRoot>: casesRoot [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritycase #> function Update-MgSecurityCase { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCasesRoot])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityCasesRoot] # casesRoot # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityCase_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityCase_UpdateExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property incidents in security .Description Update the navigation property incidents in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityIncident .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityIncident .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecurityIncident>: incident [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [AssignedTo <String>]: Owner of the incident, or null if no owner is assigned. Free editable text. [Classification <String>]: alertClassification [Comments <IMicrosoftGraphSecurityAlertComment[]>]: Array of comments created by the Security Operations (SecOps) team when the incident is managed. [CreatedDateTime <DateTime?>]: Time when the incident was first created. [CustomTags <String[]>]: Array of custom tags associated with an incident. [Determination <String>]: alertDetermination [DisplayName <String>]: The incident name. [IncidentWebUrl <String>]: The URL for the incident page in the Microsoft 365 Defender portal. [LastUpdateDateTime <DateTime?>]: Time when the incident was last updated. [RedirectIncidentId <String>]: Only populated in case an incident is grouped together with another incident, as part of the logic that processes incidents. In such a case, the status property is redirected. [Severity <String>]: alertSeverity [Status <String>]: incidentStatus [TenantId <String>]: The Azure Active Directory tenant in which the alert was created. COMMENTS <IMicrosoftGraphSecurityAlertComment[]>: Array of comments created by the Security Operations (SecOps) team when the incident is managed. [Comment <String>]: The comment text. [CreatedByDisplayName <String>]: The person or app name that submitted the comment. [CreatedDateTime <DateTime?>]: The time when the comment was submitted. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecurityincident #> function Update-MgSecurityIncident { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityIncident])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of incident ${IncidentId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityIncident] # incident # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Owner of the incident, or null if no owner is assigned. # Free editable text. ${AssignedTo}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # alertClassification ${Classification}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityAlertComment[]] # Array of comments created by the Security Operations (SecOps) team when the incident is managed. # To construct, see NOTES section for COMMENTS properties and create a hash table. ${Comments}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time when the incident was first created. ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # Array of custom tags associated with an incident. ${CustomTags}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # alertDetermination ${Determination}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The incident name. ${DisplayName}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The URL for the incident page in the Microsoft 365 Defender portal. ${IncidentWebUrl}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time when the incident was last updated. ${LastUpdateDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Only populated in case an incident is grouped together with another incident, as part of the logic that processes incidents. # In such a case, the status property is redirected. ${RedirectIncidentId}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # alertSeverity ${Severity}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # incidentStatus ${Status}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The Azure Active Directory tenant in which the alert was created. ${TenantId}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecurityIncident_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityIncident_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecurityIncident_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecurityIncident_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property secureScoreControlProfiles in security .Description Update the navigation property secureScoreControlProfiles in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScoreControlProfile .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScoreControlProfile .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. BODYPARAMETER <IMicrosoftGraphSecureScoreControlProfile>: secureScoreControlProfile [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ActionType <String>]: Control action type (Config, Review, Behavior). [ActionUrl <String>]: URL to where the control can be actioned. [AzureTenantId <String>]: GUID string for tenant ID. [ComplianceInformation <IMicrosoftGraphComplianceInformation[]>]: The collection of compliance information associated with secure score control [CertificationControls <IMicrosoftGraphCertificationControl[]>]: Collection of the certification controls associated with certification [Name <String>]: Certification control name [Url <String>]: URL for the Microsoft Service Trust Portal [CertificationName <String>]: Compliance certification name (for example, ISO 27018:2014, GDPR, FedRAMP, NIST 800-171) [ControlCategory <String>]: Control action category (Identity, Data, Device, Apps, Infrastructure). [ControlStateUpdates <IMicrosoftGraphSecureScoreControlStateUpdate[]>]: Flag to indicate where the tenant has marked a control (ignored, thirdParty, reviewed) (supports update). [AssignedTo <String>]: Assigns the control to the user who will take the action. [Comment <String>]: Provides optional comment about the control. [State <String>]: State of the control, which can be modified via a PATCH command (for example, ignored, thirdParty). [UpdatedBy <String>]: ID of the user who updated tenant state. [UpdatedDateTime <DateTime?>]: Time at which the control state was updated. [Deprecated <Boolean?>]: Flag to indicate if a control is depreciated. [ImplementationCost <String>]: Resource cost of implemmentating control (low, moderate, high). [LastModifiedDateTime <DateTime?>]: Time at which the control profile entity was last modified. The Timestamp type represents date and time [MaxScore <Double?>]: max attainable score for the control. [Rank <Int32?>]: Microsoft's stack ranking of control. [Remediation <String>]: Description of what the control will help remediate. [RemediationImpact <String>]: Description of the impact on users of the remediation. [Service <String>]: Service that owns the control (Exchange, Sharepoint, Azure AD). [Threats <String[]>]: List of threats the control mitigates (accountBreach,dataDeletion,dataExfiltration,dataSpillage, [Tier <String>]: [Title <String>]: [UserImpact <String>]: [VendorInformation <IMicrosoftGraphSecurityVendorInformation>]: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required COMPLIANCEINFORMATION <IMicrosoftGraphComplianceInformation[]>: The collection of compliance information associated with secure score control [CertificationControls <IMicrosoftGraphCertificationControl[]>]: Collection of the certification controls associated with certification [Name <String>]: Certification control name [Url <String>]: URL for the Microsoft Service Trust Portal [CertificationName <String>]: Compliance certification name (for example, ISO 27018:2014, GDPR, FedRAMP, NIST 800-171) CONTROLSTATEUPDATES <IMicrosoftGraphSecureScoreControlStateUpdate[]>: Flag to indicate where the tenant has marked a control (ignored, thirdParty, reviewed) (supports update). [AssignedTo <String>]: Assigns the control to the user who will take the action. [Comment <String>]: Provides optional comment about the control. [State <String>]: State of the control, which can be modified via a PATCH command (for example, ignored, thirdParty). [UpdatedBy <String>]: ID of the user who updated tenant state. [UpdatedDateTime <DateTime?>]: Time at which the control state was updated. INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource VENDORINFORMATION <IMicrosoftGraphSecurityVendorInformation>: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritysecurescorecontrolprofile #> function Update-MgSecuritySecureScoreControlProfile { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScoreControlProfile])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of secureScoreControlProfile ${SecureScoreControlProfileId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScoreControlProfile] # secureScoreControlProfile # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Control action type (Config, Review, Behavior). ${ActionType}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # URL to where the control can be actioned. ${ActionUrl}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # GUID string for tenant ID. ${AzureTenantId}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphComplianceInformation[]] # The collection of compliance information associated with secure score control # To construct, see NOTES section for COMPLIANCEINFORMATION properties and create a hash table. ${ComplianceInformation}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Control action category (Identity, Data, Device, Apps, Infrastructure). ${ControlCategory}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScoreControlStateUpdate[]] # Flag to indicate where the tenant has marked a control (ignored, thirdParty, reviewed) (supports update). # To construct, see NOTES section for CONTROLSTATEUPDATES properties and create a hash table. ${ControlStateUpdates}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Management.Automation.SwitchParameter] # Flag to indicate if a control is depreciated. ${Deprecated}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Resource cost of implemmentating control (low, moderate, high). ${ImplementationCost}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # Time at which the control profile entity was last modified. # The Timestamp type represents date and time ${LastModifiedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Double] # max attainable score for the control. ${MaxScore}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Int32] # Microsoft's stack ranking of control. ${Rank}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Description of what the control will help remediate. ${Remediation}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Description of the impact on users of the remediation. ${RemediationImpact}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # Service that owns the control (Exchange, Sharepoint, Azure AD). ${Service}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # List of threats the control mitigates (accountBreach,dataDeletion,dataExfiltration,dataSpillage, ${Threats}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${Tier}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${Title}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # . ${UserImpact}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityVendorInformation] # securityVendorInformation # To construct, see NOTES section for VENDORINFORMATION properties and create a hash table. ${VendorInformation}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecuritySecureScoreControlProfile_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecuritySecureScoreControlProfile_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecuritySecureScoreControlProfile_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecuritySecureScoreControlProfile_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } <# .Synopsis Update the navigation property secureScores in security .Description Update the navigation property secureScores in security .Example {{ Add code here }} .Example {{ Add code here }} .Inputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScore .Inputs Microsoft.Graph.PowerShell.Models.ISecurityIdentity .Outputs Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScore .Notes COMPLEX PARAMETER PROPERTIES To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables. AVERAGECOMPARATIVESCORES <IMicrosoftGraphAverageComparativeScore[]>: Average score by different scopes (for example, average by industry, average by seating) and control category (Identity, Data, Device, Apps, Infrastructure) within the scope. [AverageScore <Double?>]: Average score within specified basis. [Basis <String>]: Scope type. The possible values are: AllTenants, TotalSeats, IndustryTypes. BODYPARAMETER <IMicrosoftGraphSecureScore>: secureScore [(Any) <Object>]: This indicates any property can be added to this object. [Id <String>]: The unique idenfier for an entity. Read-only. [ActiveUserCount <Int32?>]: Active user count of the given tenant. [AverageComparativeScores <IMicrosoftGraphAverageComparativeScore[]>]: Average score by different scopes (for example, average by industry, average by seating) and control category (Identity, Data, Device, Apps, Infrastructure) within the scope. [AverageScore <Double?>]: Average score within specified basis. [Basis <String>]: Scope type. The possible values are: AllTenants, TotalSeats, IndustryTypes. [AzureTenantId <String>]: GUID string for tenant ID. [ControlScores <IMicrosoftGraphControlScore[]>]: Contains tenant scores for a set of controls. [ControlCategory <String>]: Control action category (Identity, Data, Device, Apps, Infrastructure). [ControlName <String>]: Control unique name. [Description <String>]: Description of the control. [Score <Double?>]: Tenant achieved score for the control (it varies day by day depending on tenant operations on the control). [CreatedDateTime <DateTime?>]: The date when the entity is created. [CurrentScore <Double?>]: Tenant current attained score on specified date. [EnabledServices <String[]>]: Microsoft-provided services for the tenant (for example, Exchange online, Skype, Sharepoint). [LicensedUserCount <Int32?>]: Licensed user count of the given tenant. [MaxScore <Double?>]: Tenant maximum possible score on specified date. [VendorInformation <IMicrosoftGraphSecurityVendorInformation>]: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required CONTROLSCORES <IMicrosoftGraphControlScore[]>: Contains tenant scores for a set of controls. [ControlCategory <String>]: Control action category (Identity, Data, Device, Apps, Infrastructure). [ControlName <String>]: Control unique name. [Description <String>]: Description of the control. [Score <Double?>]: Tenant achieved score for the control (it varies day by day depending on tenant operations on the control). INPUTOBJECT <ISecurityIdentity>: Identity Parameter [AlertId <String>]: key: id of alert [CaseOperationId <String>]: key: id of caseOperation [DataSourceId <String>]: key: id of dataSource [EdiscoveryCaseId <String>]: key: id of ediscoveryCase [EdiscoveryCustodianId <String>]: key: id of ediscoveryCustodian [EdiscoveryNoncustodialDataSourceId <String>]: key: id of ediscoveryNoncustodialDataSource [EdiscoveryReviewSetId <String>]: key: id of ediscoveryReviewSet [EdiscoveryReviewSetQueryId <String>]: key: id of ediscoveryReviewSetQuery [EdiscoveryReviewTagId <String>]: key: id of ediscoveryReviewTag [EdiscoveryReviewTagId1 <String>]: key: id of ediscoveryReviewTag [EdiscoverySearchId <String>]: key: id of ediscoverySearch [IncidentId <String>]: key: id of incident [SecureScoreControlProfileId <String>]: key: id of secureScoreControlProfile [SecureScoreId <String>]: key: id of secureScore [SimulationAutomationId <String>]: key: id of simulationAutomation [SimulationAutomationRunId <String>]: key: id of simulationAutomationRun [SimulationId <String>]: key: id of simulation [SiteSourceId <String>]: key: id of siteSource [UnifiedGroupSourceId <String>]: key: id of unifiedGroupSource [UserSourceId <String>]: key: id of userSource VENDORINFORMATION <IMicrosoftGraphSecurityVendorInformation>: securityVendorInformation [(Any) <Object>]: This indicates any property can be added to this object. [Provider <String>]: Specific provider (product/service - not vendor company); for example, WindowsDefenderATP. [ProviderVersion <String>]: Version of the provider or subprovider, if it exists, that generated the alert. Required [SubProvider <String>]: Specific subprovider (under aggregating provider); for example, WindowsDefenderATP.SmartScreen. [Vendor <String>]: Name of the alert vendor (for example, Microsoft, Dell, FireEye). Required .Link https://docs.microsoft.com/en-us/powershell/module/microsoft.graph.security/update-mgsecuritysecurescore #> function Update-MgSecuritySecureScore { [OutputType([Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScore])] [CmdletBinding(DefaultParameterSetName='UpdateExpanded', PositionalBinding=$false, SupportsShouldProcess, ConfirmImpact='Medium')] param( [Parameter(ParameterSetName='Update', Mandatory)] [Parameter(ParameterSetName='UpdateExpanded', Mandatory)] [Microsoft.Graph.PowerShell.Category('Path')] [System.String] # key: id of secureScore ${SecureScoreId}, [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentityExpanded', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Path')] [Microsoft.Graph.PowerShell.Models.ISecurityIdentity] # Identity Parameter # To construct, see NOTES section for INPUTOBJECT properties and create a hash table. ${InputObject}, [Parameter(ParameterSetName='Update', Mandatory, ValueFromPipeline)] [Parameter(ParameterSetName='UpdateViaIdentity', Mandatory, ValueFromPipeline)] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecureScore] # secureScore # To construct, see NOTES section for BODYPARAMETER properties and create a hash table. ${BodyParameter}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Int32] # Active user count of the given tenant. ${ActiveUserCount}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Collections.Hashtable] # Additional Parameters ${AdditionalProperties}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAverageComparativeScore[]] # Average score by different scopes (for example, average by industry, average by seating) and control category (Identity, Data, Device, Apps, Infrastructure) within the scope. # To construct, see NOTES section for AVERAGECOMPARATIVESCORES properties and create a hash table. ${AverageComparativeScores}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # GUID string for tenant ID. ${AzureTenantId}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphControlScore[]] # Contains tenant scores for a set of controls. # To construct, see NOTES section for CONTROLSCORES properties and create a hash table. ${ControlScores}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.DateTime] # The date when the entity is created. ${CreatedDateTime}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Double] # Tenant current attained score on specified date. ${CurrentScore}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [AllowEmptyCollection()] [Microsoft.Graph.PowerShell.Category('Body')] [System.String[]] # Microsoft-provided services for the tenant (for example, Exchange online, Skype, Sharepoint). ${EnabledServices}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.String] # The unique idenfier for an entity. # Read-only. ${Id}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Int32] # Licensed user count of the given tenant. ${LicensedUserCount}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [System.Double] # Tenant maximum possible score on specified date. ${MaxScore}, [Parameter(ParameterSetName='UpdateExpanded')] [Parameter(ParameterSetName='UpdateViaIdentityExpanded')] [Microsoft.Graph.PowerShell.Category('Body')] [Microsoft.Graph.PowerShell.Models.IMicrosoftGraphSecurityVendorInformation] # securityVendorInformation # To construct, see NOTES section for VENDORINFORMATION properties and create a hash table. ${VendorInformation}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Wait for .NET debugger to attach ${Break}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be appended to the front of the pipeline ${HttpPipelineAppend}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]] # SendAsync Pipeline Steps to be prepended to the front of the pipeline ${HttpPipelinePrepend}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Uri] # The URI for the proxy server to use ${Proxy}, [Parameter(DontShow)] [ValidateNotNull()] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.PSCredential] # Credentials for a proxy server to use for the remote call ${ProxyCredential}, [Parameter(DontShow)] [Microsoft.Graph.PowerShell.Category('Runtime')] [System.Management.Automation.SwitchParameter] # Use the default credentials for the proxy ${ProxyUseDefaultCredentials} ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $parameterSet = $PSCmdlet.ParameterSetName $mapping = @{ Update = 'Microsoft.Graph.Security.private\Update-MgSecuritySecureScore_Update'; UpdateExpanded = 'Microsoft.Graph.Security.private\Update-MgSecuritySecureScore_UpdateExpanded'; UpdateViaIdentity = 'Microsoft.Graph.Security.private\Update-MgSecuritySecureScore_UpdateViaIdentity'; UpdateViaIdentityExpanded = 'Microsoft.Graph.Security.private\Update-MgSecuritySecureScore_UpdateViaIdentityExpanded'; } $cmdInfo = Get-Command -Name $mapping[$parameterSet] [Microsoft.Graph.PowerShell.Runtime.MessageAttributeHelper]::ProcessCustomAttributesAtRuntime($cmdInfo, $MyInvocation, $parameterSet, $PSCmdlet) $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand(($mapping[$parameterSet]), [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = {& $wrappedCmd @PSBoundParameters} $steppablePipeline = $scriptCmd.GetSteppablePipeline($MyInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } } # SIG # Begin signature block # MIInqgYJKoZIhvcNAQcCoIInmzCCJ5cCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDwLvkfCKsJ9Dv7 # uJ3RvuHdqG5YE4ROgUfkrPGvTmaBgaCCDYEwggX/MIID56ADAgECAhMzAAACzI61 # lqa90clOAAAAAALMMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjIwNTEyMjA0NjAxWhcNMjMwNTExMjA0NjAxWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQCiTbHs68bADvNud97NzcdP0zh0mRr4VpDv68KobjQFybVAuVgiINf9aG2zQtWK # No6+2X2Ix65KGcBXuZyEi0oBUAAGnIe5O5q/Y0Ij0WwDyMWaVad2Te4r1Eic3HWH # UfiiNjF0ETHKg3qa7DCyUqwsR9q5SaXuHlYCwM+m59Nl3jKnYnKLLfzhl13wImV9 # DF8N76ANkRyK6BYoc9I6hHF2MCTQYWbQ4fXgzKhgzj4zeabWgfu+ZJCiFLkogvc0 # RVb0x3DtyxMbl/3e45Eu+sn/x6EVwbJZVvtQYcmdGF1yAYht+JnNmWwAxL8MgHMz # xEcoY1Q1JtstiY3+u3ulGMvhAgMBAAGjggF+MIIBejAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUiLhHjTKWzIqVIp+sM2rOHH11rfQw # UAYDVR0RBEkwR6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1 # ZXJ0byBSaWNvMRYwFAYDVQQFEw0yMzAwMTIrNDcwNTI5MB8GA1UdIwQYMBaAFEhu # ZOVQBdOCqhc3NyK1bajKdQKVMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY0NvZFNpZ1BDQTIwMTFfMjAxMS0w # Ny0wOC5jcmwwYQYIKwYBBQUHAQEEVTBTMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvZFNpZ1BDQTIwMTFfMjAx # MS0wNy0wOC5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAeA8D # sOAHS53MTIHYu8bbXrO6yQtRD6JfyMWeXaLu3Nc8PDnFc1efYq/F3MGx/aiwNbcs # J2MU7BKNWTP5JQVBA2GNIeR3mScXqnOsv1XqXPvZeISDVWLaBQzceItdIwgo6B13 # vxlkkSYMvB0Dr3Yw7/W9U4Wk5K/RDOnIGvmKqKi3AwyxlV1mpefy729FKaWT7edB # d3I4+hldMY8sdfDPjWRtJzjMjXZs41OUOwtHccPazjjC7KndzvZHx/0VWL8n0NT/ # 404vftnXKifMZkS4p2sB3oK+6kCcsyWsgS/3eYGw1Fe4MOnin1RhgrW1rHPODJTG # AUOmW4wc3Q6KKr2zve7sMDZe9tfylonPwhk971rX8qGw6LkrGFv31IJeJSe/aUbG # dUDPkbrABbVvPElgoj5eP3REqx5jdfkQw7tOdWkhn0jDUh2uQen9Atj3RkJyHuR0 # GUsJVMWFJdkIO/gFwzoOGlHNsmxvpANV86/1qgb1oZXdrURpzJp53MsDaBY/pxOc # J0Cvg6uWs3kQWgKk5aBzvsX95BzdItHTpVMtVPW4q41XEvbFmUP1n6oL5rdNdrTM # j/HXMRk1KCksax1Vxo3qv+13cCsZAaQNaIAvt5LvkshZkDZIP//0Hnq7NnWeYR3z # 4oFiw9N2n3bb9baQWuWPswG0Dq9YT9kb+Cs4qIIwggd6MIIFYqADAgECAgphDpDS # AAAAAAADMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0 # ZSBBdXRob3JpdHkgMjAxMTAeFw0xMTA3MDgyMDU5MDlaFw0yNjA3MDgyMTA5MDla # MH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMT # H01pY3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTEwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQCr8PpyEBwurdhuqoIQTTS68rZYIZ9CGypr6VpQqrgG # OBoESbp/wwwe3TdrxhLYC/A4wpkGsMg51QEUMULTiQ15ZId+lGAkbK+eSZzpaF7S # 35tTsgosw6/ZqSuuegmv15ZZymAaBelmdugyUiYSL+erCFDPs0S3XdjELgN1q2jz # y23zOlyhFvRGuuA4ZKxuZDV4pqBjDy3TQJP4494HDdVceaVJKecNvqATd76UPe/7 # 4ytaEB9NViiienLgEjq3SV7Y7e1DkYPZe7J7hhvZPrGMXeiJT4Qa8qEvWeSQOy2u # M1jFtz7+MtOzAz2xsq+SOH7SnYAs9U5WkSE1JcM5bmR/U7qcD60ZI4TL9LoDho33 # X/DQUr+MlIe8wCF0JV8YKLbMJyg4JZg5SjbPfLGSrhwjp6lm7GEfauEoSZ1fiOIl # XdMhSz5SxLVXPyQD8NF6Wy/VI+NwXQ9RRnez+ADhvKwCgl/bwBWzvRvUVUvnOaEP # 6SNJvBi4RHxF5MHDcnrgcuck379GmcXvwhxX24ON7E1JMKerjt/sW5+v/N2wZuLB # l4F77dbtS+dJKacTKKanfWeA5opieF+yL4TXV5xcv3coKPHtbcMojyyPQDdPweGF # RInECUzF1KVDL3SV9274eCBYLBNdYJWaPk8zhNqwiBfenk70lrC8RqBsmNLg1oiM # CwIDAQABo4IB7TCCAekwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFEhuZOVQ # BdOCqhc3NyK1bajKdQKVMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1Ud # DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFHItOgIxkEO5FAVO # 4eqnxzHRI4k0MFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwubWljcm9zb2Z0 # LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcmwwXgYIKwYBBQUHAQEEUjBQME4GCCsGAQUFBzAChkJodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcnQwgZ8GA1UdIASBlzCBlDCBkQYJKwYBBAGCNy4DMIGDMD8GCCsGAQUFBwIB # FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2RvY3MvcHJpbWFyeWNw # cy5odG0wQAYIKwYBBQUHAgIwNB4yIB0ATABlAGcAYQBsAF8AcABvAGwAaQBjAHkA # XwBzAHQAYQB0AGUAbQBlAG4AdAAuIB0wDQYJKoZIhvcNAQELBQADggIBAGfyhqWY # 4FR5Gi7T2HRnIpsLlhHhY5KZQpZ90nkMkMFlXy4sPvjDctFtg/6+P+gKyju/R6mj # 82nbY78iNaWXXWWEkH2LRlBV2AySfNIaSxzzPEKLUtCw/WvjPgcuKZvmPRul1LUd # d5Q54ulkyUQ9eHoj8xN9ppB0g430yyYCRirCihC7pKkFDJvtaPpoLpWgKj8qa1hJ # Yx8JaW5amJbkg/TAj/NGK978O9C9Ne9uJa7lryft0N3zDq+ZKJeYTQ49C/IIidYf # wzIY4vDFLc5bnrRJOQrGCsLGra7lstnbFYhRRVg4MnEnGn+x9Cf43iw6IGmYslmJ # aG5vp7d0w0AFBqYBKig+gj8TTWYLwLNN9eGPfxxvFX1Fp3blQCplo8NdUmKGwx1j # NpeG39rz+PIWoZon4c2ll9DuXWNB41sHnIc+BncG0QaxdR8UvmFhtfDcxhsEvt9B # xw4o7t5lL+yX9qFcltgA1qFGvVnzl6UJS0gQmYAf0AApxbGbpT9Fdx41xtKiop96 # eiL6SJUfq/tHI4D1nvi/a7dLl+LrdXga7Oo3mXkYS//WsyNodeav+vyL6wuA6mk7 # r/ww7QRMjt/fdW1jkT3RnVZOT7+AVyKheBEyIXrvQQqxP/uozKRdwaGIm1dxVk5I # RcBCyZt2WwqASGv9eZ/BvW1taslScxMNelDNMYIZfzCCGXsCAQEwgZUwfjELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9z # b2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAxMQITMwAAAsyOtZamvdHJTgAAAAACzDAN # BglghkgBZQMEAgEFAKCBrjAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgor # BgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgaaNV8kNA # /aaFX2jyqaqH4Uhvi5nMCk2yQb6vHEalhFYwQgYKKwYBBAGCNwIBDDE0MDKgFIAS # AE0AaQBjAHIAbwBzAG8AZgB0oRqAGGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbTAN # BgkqhkiG9w0BAQEFAASCAQAWha0mlnA3bn6Co1pAsx+cGW4DejuUkBB3N+Fz5EKc # AxmGt8PSPu+9fxNU0oqpg6GFlU4A0b9ajj09wHEvVwKnEXAWYg+CDs4IDFlNDgeA # poQ6KDoGZK+tdm0q0x1issqkq20Q1lhENGsqmFQU0kuszX3lk9DeGUj81rGmAzDd # BLjG2lyH3e3RVl/uuWyhPmD2CY5nkVBNDEIo0jTp8/LNVwLbfdKBWU7CUOdQVEdo # TOsDT/kKDIqji2YPzXXCFn5DqMQI720XbK0LDrUYqwg9H88JHqCwJyquFy8Wf650 # Uy67H9jhO6VsEZn9cG+tZe7J0tTbXb8oMDW2cG6UY4FYoYIXCTCCFwUGCisGAQQB # gjcDAwExghb1MIIW8QYJKoZIhvcNAQcCoIIW4jCCFt4CAQMxDzANBglghkgBZQME # AgEFADCCAVUGCyqGSIb3DQEJEAEEoIIBRASCAUAwggE8AgEBBgorBgEEAYRZCgMB # MDEwDQYJYIZIAWUDBAIBBQAEIAa86jxxPOwwwgvOs7cRm9WxSCHojfnigKb0pW6/ # AwjkAgZjxouEpDQYEzIwMjMwMTI0MTU0NDA4LjIwNVowBIACAfSggdSkgdEwgc4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKTAnBgNVBAsTIE1p # Y3Jvc29mdCBPcGVyYXRpb25zIFB1ZXJ0byBSaWNvMSYwJAYDVQQLEx1UaGFsZXMg # VFNTIEVTTjpDNEJELUUzN0YtNUZGQzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUt # U3RhbXAgU2VydmljZaCCEVwwggcQMIIE+KADAgECAhMzAAABo/uas457hkNPAAEA # AAGjMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo # aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEw # MB4XDTIyMDMwMjE4NTExNloXDTIzMDUxMTE4NTExNlowgc4xCzAJBgNVBAYTAlVT # MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVy # YXRpb25zIFB1ZXJ0byBSaWNvMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpDNEJE # LUUzN0YtNUZGQzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2Vydmlj # ZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO+9TcrLeyoKcCqLbNtz # 7Nt2JbP1TEzzMhi84gS6YLI7CF6dVSA5I1bFCHcw6ZF2eF8Qiaf0o2XSXf/jp5sg # mUYtMbGi4neAtWSNK5yht4iyQhBxn0TIQqF+NisiBxW+ehMYWEbFI+7cSdX/dWw+ # /Y8/Mu9uq3XCK5P2G+ZibVwOVH95+IiTGnmocxWgds0qlBpa1rYg3bl8XVe5L2qT # UmJBvnQpx2bUru70lt2/HoU5bBbLKAhCPpxy4nmsrdOR3Gv4UbfAmtpQntP758NR # Phg1bACH06FlvbIyP8/uRs3x2323daaGpJQYQoZpABg62rFDTJ4+e06tt+xbfvp8 # M9lo8a1agfxZQ1pIT1VnJdaO98gWMiMW65deFUiUR+WngQVfv2gLsv6o7+Ocpzy6 # RHZIm6WEGZ9LBt571NfCsx5z0Ilvr6SzN0QbaWJTLIWbXwbUVKYebrXEVFMyhuVG # QHesZB+VwV386hYonMxs0jvM8GpOcx0xLyym42XA99VSpsuivTJg4o8a1ACJbTBV # FoEA3VrFSYzOdQ6vzXxrxw6i/T138m+XF+yKtAEnhp+UeAMhlw7jP99EAlgGUl0K # kcBjTYTz+jEyPgKadrU1of5oFi/q9YDlrVv9H4JsVe8GHMOkPTNoB4028j88OEe4 # 26BsfcXLki0phPp7irW0AbRdAgMBAAGjggE2MIIBMjAdBgNVHQ4EFgQUUFH7szwm # CLHPTS9Bo2irLnJji6owHwYDVR0jBBgwFoAUn6cVXQBeYl2D9OXSZacbUzUZ6XIw # XwYDVR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9w # cy9jcmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3Js # MGwGCCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDovL3d3dy5taWNyb3Nv # ZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENB # JTIwMjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcD # CDANBgkqhkiG9w0BAQsFAAOCAgEAWvLep2mXw6iuBxGu0PsstmXI5gLmgPkTKQnj # gZlsoeipsta9oku0MTVxlHVdcdBbFcVHMLRRkUFIkfKnaclyl5eyj03weD6b/pUf # FyDZB8AZpGUXhTYLNR8PepM6yD6g+0E1nH0MhOGoE6XFufkbn6eIdNTGuWwBeEr2 # DNiGhDGlwaUH5ELz3htuyMyWKAgYF28C4iyyhYdvlG9VN6JnC4mc/EIt50BCHp8Z # QAk7HC3ROltg1gu5NjGaSVdisai5OJWf6e5sYQdDBNYKXJdiHei1N7K+L5s1vV+C # 6d3TsF9+ANpioBDAOGnFSYt4P+utW11i37iLLLb926pCL4Ly++GU0wlzYfn7n22R # yQmvD11oyiZHhmRssDBqsA+nvCVtfnH183Df5oBBVskzZcJTUjCxaagDK7AqB6QA # 3H7l/2SFeeqfX/Dtdle4B+vPV4lq1CCs0A1LB9lmzS0vxoRDusY80DQi10K3SfZK # 1hyyaj9a8pbZG0BsBp2Nwc4xtODEeBTWoAzF9ko4V6d09uFFpJrLoV+e8cJU/hT3 # +SlW7dnr5dtYvziHTpZuuRv4KU6F3OQzNpHf7cBLpWKRXRjGYdVnAGb8NzW6wWTj # ZjMCNdCFG7pkKLMOGdqPDFdfk+EYE5RSG9yxS76cPfXqRKVtJZScIF64ejnXbFIs # 5bh8KwEwggdxMIIFWaADAgECAhMzAAAAFcXna54Cm0mZAAAAAAAVMA0GCSqGSIb3 # DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4G # A1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIw # MAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAx # MDAeFw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMyMjVaMHwxCzAJBgNVBAYTAlVT # MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1l # LVN0YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA # 5OGmTOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51yMo1V/YBf2xK4OK9uT4XYDP/ # XE/HZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY6GB9alKDRLemjkZrBxTzxXb1 # hlDcwUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9cmmvHaus9ja+NSZk2pg7uhp7 # M62AW36MEBydUv626GIl3GoPz130/o5Tz9bshVZN7928jaTjkY+yOSxRnOlwaQ3K # Ni1wjjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDuaRr3tpK56KTesy+uDRedGbsoy # 1cCGMFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74kpEeHT39IM9zfUGaRnXNxF80 # 3RKJ1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2K26oElHovwUDo9Fzpk03dJQc # NIIP8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5TI4CvEJoLhDqhFFG4tG9ahha # YQFzymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZki1ugpoMhXV8wdJGUlNi5UPkL # iWHzNgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9QBXpsxREdcu+N+VLEhReTwDwV # 2xo3xwgVGD94q0W29R6HXtqPnhZyacaue7e3PmriLq0CAwEAAaOCAd0wggHZMBIG # CSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFCqnUv5kxJq+gpE8RjUp # zxD/LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJlpxtTNRnpcjBcBgNVHSAEVTBT # MFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jv # c29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wEwYDVR0lBAwwCgYI # KwYBBQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGG # MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186a # GMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3Br # aS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsG # AQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwDQYJKoZIhvcN # AQELBQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/ypb+pcFLY+TkdkeLEGk5c9MTO1 # OdfCcTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulmZzpTTd2YurYeeNg2LpypglYA # A7AFvonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM9W0jVOR4U3UkV7ndn/OOPcbz # aN9l9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECWOKz3+SmJw7wXsFSFQrP8DJ6L # GYnn8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4FOmRsqlb30mjdAy87JGA0j3m # Sj5mO0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3UwxTSwethQ/gpY3UA8x1RtnWN0 # SCyxTkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPXfx5bRAGOWhmRaw2fpCjcZxko # JLo4S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVXVAmxaQFEfnyhYWxz/gq77EFm # PWn9y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGConsXHRWJjXD+57XQKBqJC482 # 2rpM+Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU5nR0W2rRnj7tfqAxM328y+l7 # vzhwRNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEGahC0HVUzWLOhcGbyoYICzzCC # AjgCAQEwgfyhgdSkgdEwgc4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n # dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y # YXRpb24xKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1ZXJ0byBSaWNv # MSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpDNEJELUUzN0YtNUZGQzElMCMGA1UE # AxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIaAxUA # Hl/pXkLMAbPapCwa+GXc3SlDDROggYMwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEG # A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFt # cCBQQ0EgMjAxMDANBgkqhkiG9w0BAQUFAAIFAOd6RDkwIhgPMjAyMzAxMjQxNTQ5 # MTNaGA8yMDIzMDEyNTE1NDkxM1owdDA6BgorBgEEAYRZCgQBMSwwKjAKAgUA53pE # OQIBADAHAgEAAgIgrzAHAgEAAgIROjAKAgUA53uVuQIBADA2BgorBgEEAYRZCgQC # MSgwJjAMBgorBgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqG # SIb3DQEBBQUAA4GBABhfHN29V9Kw4gfUFFqoRHJ5FQMxOP/LpkRPeFPef4K2C1ZU # qE5WkZ5STjzM4pe6m2sDK32vt2XsZ95sPg8wzQhxM4msUC2sZw6csvlwO4ZPh9E1 # 2calzvlhNaoN8Vv3QSEfLZdXt4Bts84NKdvB9va4omQ8arvW3oVDjpm+OO01MYIE # DTCCBAkCAQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAGj # +5qzjnuGQ08AAQAAAaMwDQYJYIZIAWUDBAIBBQCgggFKMBoGCSqGSIb3DQEJAzEN # BgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQg2x0DMyAVHGlVKVzlN8Z5A9xp # NAUgT2DDkbwIdA14FsEwgfoGCyqGSIb3DQEJEAIvMYHqMIHnMIHkMIG9BCCM+Liw # BnHMMoOd/sgbaYxpwvEJlREZl/pTPklz6euN/jCBmDCBgKR+MHwxCzAJBgNVBAYT # AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBU # aW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABo/uas457hkNPAAEAAAGjMCIEII0fz7lA # F5Pwf2OyR1CyQhFY8fG0+xOvesC2VMToQlIZMA0GCSqGSIb3DQEBCwUABIICACwf # 2AtOlUJ7pxzAseqeu1JSXs2wkCGV2NVya50jFHaJl8nTvE8Wutaf1X5AI9rLwvk0 # L61u/jb6D2EIIJWdGGA89R1HhQmWtnkunEYFRZPKtoCuHyvWH1ejDNdYNjnyhsOO # 2561VFt8V9aAWmvhGfJIVKUk3g7H29l3BEVLXNnYYOosXIxAiTvOXbcr5rdCcV0L # GRp/Mz4mMBPFukZUP2qoGecuyOQBZre8lhOXZfonSqJRPjG2Y3yaOCpuuc1YfN1d # +ouPZwwQvUevufBxlRqQzKYkA6ut6bjyniitf1Mi7+fuJSe41jaAQ/k1tXpk7AeN # Kzs73ZJM0k0CbD7dWBelFf+E6nRk9iPbcKT+DvzZT9yj4PLN2MYBF7LeONcETVR4 # 8082Rg2vekwk7Xj1w+JosCybCI6gXFAYQJ8wTDKurJI/YMKQUlXZELiCDxVYkq/0 # rsxITVC3WFbCktaA7oYMVrt2owqwWo8bRzPfXOZ7IREmt+rBq/NGhMn4Slt5ARsu # gEJ2z+k4ftVKEVFsuXT2UfEpE6cSV9bp31sVSkWRPp2zaESzDF2ixfCjV3OPhm+4 # XKMYExlSmIlh/9INoLNoG+1Jp5xVFBTlyoYZzOqRQJChs3DBG711hMX89XD22hKz # fH038SFkFMPa/yTVEyBAE2UpcpogG9K++Otrf+Fb # SIG # End signature block |