Displays a menu to be able to select Priviled Role Assignments
Default option: If no parameter is specified, displays a menu so the user can select one or more RoleAssignments
Option 1: If DisplayName is passed in, either through pipe or as parameter, the menu doesn't appear. A role assignment request is created for each displayname passed in.
An example
General notes

function Enable-PrivilegedRoleAssignment{
        # Array with DisplayNames of Role Assignments. E.g. @("Security Administrator","Cloud Device Administrator")
        [parameter(Mandatory=$false, ValueFromPipeline=$true)]
        [parameter(Mandatory=$false, ValueFromPipeline=$true)]
        $UserObjectId = $Global:CurrentLoggedInUser.ObjectId
    Write-Verbose "Enable-PrivilegedRoleAssignment"

    # Get eligible role assignments

    try {
        $null = [Role]
    catch {
        Write-Verbose "Cant't find class Role"

    $EligibleRoles = Get-PrivilegedRoleAssignments -Eligible -Detailed

        Create the menu items with eligbile roles if the SelectedRoleAssignments is empty.

    if($null -eq $SelectedRoleAssignments){
        $RoleAssignmentMenuItems = $null
        $RoleAssignmentMenuItems = @()
        $RoleAssignmentMenuItems += $EligibleRoles | %{"$($_.DisplayName) (Max grant period: $($_.GetMaximumGrantPeriodInMinutes()) minutes)"}

        Write-Debug "Role assignments: $(Out-String -InputObject $RoleAssignmentMenuItems)"
        $SelectedRoleAssignments = Menu -menuItems $RoleAssignmentMenuItems -Multiselect 
        Write-Debug "SelectedRoleAssignments: $($SelectedRoleAssignments | %{$_ + " "})"

    if($null -eq $SelectedRoleAssignments){
        Write-Output "No roles selected"

    # Prompt the user for input to schedule and reason for the privileged role request
    # Reason: Input a string. The string will be used for all selected role request for the current selected roles
    # Schedule: Input a number/int in hours. The number will be used to all selected role requests for the current selected roles.

    Write-Output "Selected Role Assignments: $($SelectedRoleAssignments | %{$_ + ", "})"
    $Reason = Read-Host -Prompt "Write a reason for activating one or more roles (This will apply to all selected roles)"
    $InputDuration = Read-Host -Prompt "Write a valid duration in hours for your selected roles (This will apply to all selected roles)"
        $Duration = [int]$InputDuration
        Throw("Duration specified is not a valid number.")

    if((-not($Duration -is [int])) -or (-not ($Duration -gt 0))){
        # Ikke et tall og ikke duration over 0
        throw("Cannot use the duration specified.")

    $schedule = New-Object Microsoft.Open.MSGraph.Model.AzureADMSPrivilegedSchedule
    $schedule.Type = "Once"
    $schedule.Duration = "PT$($Duration)H" #
    $schedule.StartDateTime = (Get-Date).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ss.fffZ") 
    #$schedule.endDateTime = $schedule.StartDateTime.AddHours($Duration)

    foreach($SelectedRoleAssignment in $SelectedRoleAssignments){
        Write-Verbose "Privileged role assignment request for $($SelectedRoleAssignment)"
        $SelectedRoleAssignmentDisplayName = ($SelectedRoleAssignment.Split('(').trim())[0]
        $SelectedEligibleRole = $EligibleRoles | Where-Object {$_.DisplayName -match $SelectedRoleAssignmentDisplayName}
        Write-Debug "Selected eligible role $($SelectedEligibleRole.DisplayName)"        
        Write-Debug "[Reason] $Reason"
        Write-Debug "[Duration] $Duration"
        $SelectedEligibleRole.OpenPrivilegedRoleAssignmentRequest($UserObjectId, $schedule, $Reason)