Set-EntraBetaAuthorizationPolicy
Updates an authorization policy.
Syntax
Default (Default)
Set-EntraBetaAuthorizationPolicy
-Id <String>
[-DisplayName <String>]
[-EnabledPreviewFeatures <System.Collections.Generic.List`1[System.String]>]
[-DefaultUserRolePermissions <DefaultUserRolePermissions>]
[-AllowedToSignUpEmailBasedSubscriptions <Boolean>]
[-AllowedToUseSSPR <Boolean>]
[-PermissionGrantPolicyIdsAssignedToDefaultUserRole <System.Collections.Generic.List`1[System.String]>]
[-AllowEmailVerifiedUsersToJoinOrganization <Boolean>]
[-Description <String>]
[-BlockMsolPowerShell <Boolean>]
[-GuestUserRoleId <String>]
[<CommonParameters>]
Description
The Set-EntraBetaAuthorizationPolicy cmdlet updates a Microsoft Entra ID authorization policy.
In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or custom role with the necessary permissions. The least privileged role for this operation is:
Privileged Role Administrator
Examples
Example 1: Update an authorization policy
Connect-Entra -Scopes 'Policy.ReadWrite.Authorization'
$Params = @{
Id = 'authorizationPolicy'
DisplayName = 'updated displayname'
Description = 'updated description'
GuestUserRoleId = '10dae51f-b6af-4016-8d66-8c2a99b929b3'
EnabledPreviewFeatures = @('EnableGranularConsent')
}
Set-EntraBetaAuthorizationPolicy @Params
This example demonstrates how to update a Microsoft Entra ID authorization policy.
-Id parameter specifies the authorization policy ID.-DisplayName parameter specifies display name of the authorization policy.-Description parameter specifies the description of a authorization policy.-GuestUserRoleId parameter specifies the roletemplateId for the role that should be granted to guest user.-EnabledPreviewFeatures parameter specifies the preview features enabled for private preview on the tenant.
Example 2: Update DefaultUserRolePermissions of authorization policy
Connect-Entra -Scopes 'Policy.ReadWrite.Authorization'
$defaultUserRolePermissions = New-Object -TypeName Microsoft.Open.MSGraph.Model.DefaultUserRolePermissions
$defaultUserRolePermissions.AllowedToCreateApps = $false
$defaultUserRolePermissions.AllowedToCreateSecurityGroups = $false
$defaultUserRolePermissions.AllowedToReadOtherUsers = $false
Set-EntraBetaAuthorizationPolicy -Id 'authorizationPolicy' -DefaultUserRolePermissions $defaultUserRolePermissions
This example demonstrates how to update a DefaultUserRolePermissions of authorization policy in Microsoft Entra ID.
-Id parameter specifies the authorization policy ID.-DefaultUserRolePermissions parameter specifies the customizable default user role permissions.
Parameters
-AllowedToSignUpEmailBasedSubscriptions
Specifies whether users can sign up for email based subscriptions.
The initial default value is true.
Parameter properties
Type: System.Boolean
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-AllowedToUseSSPR
Specifies whether the Self-Serve Password Reset feature can be used by users on the tenant.
The initial default value is true.
Parameter properties
Type: System.Boolean
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-AllowEmailVerifiedUsersToJoinOrganization
Specifies whether a user can join the tenant by email validation.
The initial default value is true.
Parameter properties
Type: System.Boolean
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-BlockMsolPowerShell
Specifies whether the user-based access to the legacy service endpoint used by MSOL PowerShell is blocked or not.
Parameter properties
Type: System.Boolean
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultUserRolePermissions
Contains various customizable default user role permissions.
Parameter properties
Type: DefaultUserRolePermissions
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Description
Specifies the description of the authorization policy.
Parameter properties
Type: System.String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DisplayName
Specifies the display name of the authorization policy.
Parameter properties
Type: System.String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EnabledPreviewFeatures
Specifies the preview features enabled for private preview on the tenant.
Parameter properties
Type: System.Collections.Generic.List`1 [ System.String ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-GuestUserRoleId
Specifies the roletemplateId for the role that should be granted to guest user.
Parameter properties
Type: System.String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Id
Specifies the unique identifier of the authorization policy.
Parameter properties
Type: System.String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: True Value from remaining arguments: False
-PermissionGrantPolicyIdsAssignedToDefaultUserRole
Specifies the policy Ids of permission grant policies assgined to the default user role.
Parameter properties
Type: System.Collections.Generic.List`1 [ System.String ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Microsoft.Open.MSGraph.Model.DefaultUserRolePermissions