skip to Main Content

Bonjour !
I want to use Update-MgPrivilegedAccessResourceRoleSetting cmdlet, from the Microsoft.Graph PowerShell module, in my Azure portal.
I want to update some settings of my PIM role (for example MfaRule or ExpirationRule)

But I obtain this error :

{"message":"No HTTP resource was found that matches the request URI 'https://api.azrbac.mspim.azure.com/api/v2/governanceResources('********-****-****-****-************')/roleSettings('********-****-****-****-************')?'."}

What is this URL ??

In the debug log (I can’t copy/paste the .jpg here), I have :

DEBUG: [CmdletBeginProcessing]: - Update-MgPrivilegedAccessResourceRoleSetting begin processing with parameterSet 'UpdateExpanded'.
DEBUG: [Authentication]: - AuthType: 'Delegated', AuthProviderType: 'InteractiveAuthenticationProvider', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph PowerShell'.
DEBUG: [Authentication]: - Scopes: [Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Directory.Read.All, Domain.Read.All, Group.Read.All, openid, Policy.Read.All, Policy.Read.ConditionalAccess, Policy.ReadWrite.ConditionalAccess, PrivilegedAccess.Read.AzureAD, PrivilegedAccess.Read.AzureADGroup, PrivilegedAccess.Read.AzureResources, PrivilegedAccess.ReadWrite.AzureResources, profile, RoleAssignmentSchedule.Read.Directory, RoleEligibilitySchedule.Read.Directory, RoleEligibilitySchedule.ReadWrite.Directory, RoleManagement.Read.All, RoleManagement.Read.Directory, RoleManagement.ReadWrite.Directory, User.Read, User.ReadWrite.All, email].
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PATCH

Absolute Uri:
https://graph.microsoft.com/beta/privilegedAccess/azureResources/resources/********-****-****-****-************/roleSettings/********-****-****-****-************

Headers:
FeatureFlag                   : 00000047
Cache-Control                 : no-store, no-cache
SdkVersion                    : graph-powershell/1.18.0,Graph-dotnet-1.25.1
User-Agent                    : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.22621; fr-CA),PowerShell/7.3.1
Accept-Encoding               : gzip

Body:
{}


DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
NotFound

Headers:
Transfer-Encoding             : chunked
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : 5fb90750-367b-4976-8913-659c5b5863ba
client-request-id             : 5fb90750-367b-4976-8913-659c5b5863ba
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"Canada East","Slice":"E","Ring":"2","ScaleUnit":"002","RoleInstance":"QB1PEPF00001038"}}
Date                          : Fri, 16 Dec 2022 21:00:48 GMT

Body:
{
  "error": {
    "code": "UnknownError",
    "message": "{"message":"No HTTP resource was found that matches the request URI 'https://api.azrbac.mspim.azure.com/api/v2/governanceResources('********-****-****-****-************')/roleSettings('********-****-****-****-************')?'."}",
    "innerError": {
      "date": "2022-12-16T21:00:48",
      "request-id": "5fb90750-367b-4976-8913-659c5b5863ba",
      "client-request-id": "5fb90750-367b-4976-8913-659c5b5863ba"
    }
  }
}


Update-MgPrivilegedAccessResourceRoleSetting_UpdateExpanded:
Line |
  20 |  …             Update-MgPrivilegedAccessResourceRoleSetting -PrivilegedA …
     |                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | {"message":"No HTTP resource was found that matches the request URI 'https://api.azrbac.mspim.azure.com/api/v2/governanceResources('********-****-****-****-************')/roleSettings('********-****-****-****-************')?'."}
DEBUG: [CmdletEndProcessing]: - Update-MgPrivilegedAccessResourceRoleSetting end processing.

The first Id is always the rigth resource id, and the second the rolesettings id

My exact command is :

Update-MgPrivilegedAccessResourceRoleSetting -PrivilegedAccessId azureResources -GovernanceResourceId $RoleSetting.ResourceId -GovernanceRoleSettingId $RoleSetting.Id

And I’m sure to have the right Ids for ResourceId and RoleSettingsId.
Maybe I forgot something ?

That works with AzureAD module, but I don’t want to use it anymore :

Set-AzureADMSPrivilegedRoleSetting -ProviderId AzureResources -Id $RoleSetting.Id -ResourceId $RoleSetting.ResourceId -RoleDefinitionId $RoleSetting.RoleDefinitionId -UserMemberSettings $setting

Is there someone to help me ?
Microsoft documentation page is not very complete !

Thanks, a lot

2

Answers


  1. Chosen as BEST ANSWER

    FYI, I had my response (here).

    I have to use this cmdlet : Update-MgPrivilegedAccessRoleSetting

    This one is not functionnal : Update-MgPrivilegedAccessResourceRoleSetting

    So, just use :

    $setting = @{
      UserMemberSettings = @(
        @{
           RuleIdentifier = "MfaRule"
           Setting  = '{"mfaRequired":true}'
         }
      )
    }
    Update-MgPrivilegedAccessRoleSetting -PrivilegedAccessId "azureResources" -GovernanceRoleSettingId $RoleSetting.Id -BodyParameter $setting
    

  2. Install Governance module to run Graph Powershell Cmd.

    Module Name:

    Import-Module Microsoft.Graph.Identity.Goverance

    Follow the MS Doc here: https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.governance/update-mgprivilegedaccessrolesetting?view=graph-powershell-beta

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search