Forum Discussion
Entra PIM Role Activation
# Ensure necessary modules are installed
$modules = @("DCToolbox", "Microsoft.Entra")
foreach ($module in $modules) {
if (-not (Get-Module -ListAvailable -Name $module)) {
Install-Module -Name $module -Repository PSGallery -Scope CurrentUser -Force -AllowClobber
}
}
# Check if msal.ps package is installed
if (-not (Get-Package -Name msal.ps -ErrorAction SilentlyContinue)) {
Install-Package msal.ps -Force -Confirm:$false
}
# Ensure Entra Authentication module is properly imported
Remove-Module Microsoft.Entra.Authentication -ErrorAction SilentlyContinue
Import-Module Microsoft.Entra.Authentication -Force
# Connect to Entra ID with proper authentication
Connect-Entra
Add-Type -AssemblyName System.Windows.Forms
# Create GUI Form
$form = New-Object System.Windows.Forms.Form
$form.Text = "EntraPIMRole Activation"
$form.Size = New-Object System.Drawing.Size(350, 350)
# Create Checkboxes
$checkboxes = @()
$labels = @("Global Administrator", "Teams Administrator", "SharePoint Administrator", "Exchange Administrator", "Billing Administrator")
for ($i = 0; $i -lt $labels.Count; $i++) {
$checkbox = New-Object System.Windows.Forms.CheckBox
$checkbox.Text = $labels[$i]
$checkbox.AutoSize = $true
$checkbox.Width = 250
$checkbox.Location = New-Object System.Drawing.Point(20, (20 + ($i * 30)))
$checkboxes += $checkbox
$form.Controls.Add($checkbox)
}
# Create TextBox
$textBox = New-Object System.Windows.Forms.TextBox
$textBox.Location = New-Object System.Drawing.Point(20, 180)
$textBox.Size = New-Object System.Drawing.Size(300, 20)
$form.Controls.Add($textBox)
# Create Button
$button = New-Object System.Windows.Forms.Button
$button.Text = "Run"
$button.Location = New-Object System.Drawing.Point(20, 220)
$button.Size = New-Object System.Drawing.Size(80, 30)
$button.Add_Click({
$selectedOptions = $checkboxes | Where-Object { $_.Checked } | ForEach-Object { $_.Text }
$inputText = $textBox.Text
# Verify if the required function exists before executing
if (Get-Command -Name Enable-DCEntraIDPIMRole -ErrorAction SilentlyContinue) {
Enable-DCEntraIDPIMRole -RolesToActivate $selectedOptions -UseMaximumTimeAllowed -Reason $inputText
[System.Windows.Forms.MessageBox]::Show("Activated Roles: $($selectedOptions -join ', ')`nReason: $inputText")
} else {
[System.Windows.Forms.MessageBox]::Show("Error: Enable-DCEntraIDPIMRole function not found. Ensure the correct module is installed.")
}
})
$form.Controls.Add($button)
# Show Form
$form.ShowDialog()Im trying to create a script so i can activate PIM with logon to the azure portal. But for some reason i cant get it to work. Can you all please help me out.
1 Reply
Hi cvaxel
Just use the Microsoft.Graph PowerShell Modules
Source:
https://learn.microsoft.com/en-us/answers/questions/1879083/programmatically-activate-my-entra-id-assigned-rolKind Regards
AndresConnect-MgGraph -Scopes "RoleAssignmentSchedule.ReadWrite.Directory" -NoWelcome $context = Get-MgContext $currentUser = (Get-MgUser -UserId $context.Account).Id # Get all available roles $myRoles = Get-MgRoleManagementDirectoryRoleEligibilitySchedule -ExpandProperty RoleDefinition -All -Filter "principalId eq '$currentuser'" # Get Global Reader $myRole = $myroles | Where-Object {$_.RoleDefinition.DisplayName -eq "Global Reader"} # Setup parameters for activation $params = @{ Action = "selfActivate" PrincipalId = $myRole.PrincipalId RoleDefinitionId = $myRole.RoleDefinitionId DirectoryScopeId = $myRole.DirectoryScopeId Justification = "Needed for work" ScheduleInfo = @{ StartDateTime = Get-Date Expiration = @{ Type = "AfterDuration" Duration = "PT8H" } } } # Activate the role New-MgRoleManagementDirectoryRoleAssignmentScheduleRequest -BodyParameter $params
