Skip to content

Commit 7d0d00b

Browse files
JarbasHorstJarbasHorst
authored
Merge branch 'main' into tonchan-spedoc0125
2 parents fb6de91 + 8e7c8ba commit 7d0d00b

File tree

1 file changed

+14
-14
lines changed

1 file changed

+14
-14
lines changed

concepts/identity-governance-pim-rules-overview.md

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -56,9 +56,9 @@ The following image shows the activation role settings on the Microsoft Entra ad
5656
| Number | Microsoft Entra admin center UX Description | Microsoft Graph rule ID / Derived resource type | Enforced for caller |
5757
|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------|----------------------|
5858
| 1 | Activation maximum duration (hours) | `Expiration_EndUser_Assignment` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicyexpirationrule) | End user |
59-
| 2 | On activation, require: None, Azure MFA <br/><br/>Require ticket information on activation<br/><br/>Require justification on activation | `Enablement_EndUser_Assignment` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicyenablementrule) | End user |
60-
| 3 | On activation, require: Microsoft Entra Conditional Access authentication context (Preview) | `AuthenticationContext_EndUser_Assignment` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicyauthenticationcontextrule) | End user |
61-
| 4 | Require approval to activate | `Approval_EndUser_Assignment` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicyapprovalrule) | End user |
59+
| 2 | On activation, require: None, Azure MFA <br/><br/>Require ticket information on activation<br/><br/>Require justification on activation | `Enablement_EndUser_Assignment` / [unifiedRoleManagementPolicyEnablementRule](/graph/api/resources/unifiedrolemanagementpolicyenablementrule) | End user |
60+
| 3 | On activation, require: Microsoft Entra Conditional Access authentication context (Preview) | `AuthenticationContext_EndUser_Assignment` / [unifiedRoleManagementPolicyAuthenticationContextRule](/graph/api/resources/unifiedrolemanagementpolicyauthenticationcontextrule) | End user |
61+
| 4 | Require approval to activate | `Approval_EndUser_Assignment` / [unifiedRoleManagementPolicyApprovalRule](/graph/api/resources/unifiedrolemanagementpolicyapprovalrule) | End user |
6262

6363
## Assignment rules
6464

@@ -70,8 +70,8 @@ The following image shows the assignment role settings on the Microsoft Entra ad
7070
|---------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------|----------------------|
7171
| 5 | Allow permanent eligible assignment<br/><br/>Expire eligible assignments after | `Expiration_Admin_Eligibility` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicyexpirationrule) | Admin |
7272
| 6 | Allow permanent active assignment<br/><br/>Expire active assignments after | `Expiration_Admin_Assignment` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicyexpirationrule) | Admin |
73-
| 7 | Require Azure Multi-Factor Authentication on active assignment<br/><br/>Require justification on active assignment | `Enablement_Admin_Assignment` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicyexpirationrule) | Admin |
74-
| 8 | Does not exist in Microsoft Entra admin center UX | `Enablement_Admin_Eligibility` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicyexpirationrule) | Admin |
73+
| 7 | Require Azure Multi-Factor Authentication on active assignment<br/><br/>Require justification on active assignment | `Enablement_Admin_Assignment` / [unifiedRoleManagementPolicyEnablementRule](/graph/api/resources/unifiedRoleManagementPolicyEnablementRule) | Admin |
74+
| 8 | Does not exist in Microsoft Entra admin center UX | `Enablement_Admin_Eligibility` / [unifiedRoleManagementPolicyEnablementRule](/graph/api/resources/unifiedRoleManagementPolicyEnablementRule) | Admin |
7575

7676
## Notification rules
7777

@@ -81,15 +81,15 @@ The following image shows the notification role settings on the Microsoft Entra
8181

8282
| Number | Microsoft Entra admin center UX Description | Microsoft Graph Rule ID / Derived resource type | Enforced for caller |
8383
|---|---|---|---|
84-
| 9 | Send notifications when members are assigned as eligible to this role: Role assignment alert | `Notification_Admin_Admin_Eligibility` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Admin |
85-
| 10 | Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee) | `Notification_Requestor_Admin_Eligibility` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Assignee / Requestor |
86-
| 11 | Send notifications when members are assigned as eligible to this role: request to approve a role assignment renewal/extension | `Notification_Approver_Admin_Eligibility` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Approver |
87-
| 12 | Send notifications when members are assigned as active to this role: Role assignment alert | `Notification_Admin_Admin_Assignment` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Admin |
88-
| 13 | Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee) | `Notification_Requestor_Admin_Assignment` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Assignee / Requestor |
89-
| 14 | Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension | `Notification_Approver_Admin_Assignment` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Approver |
90-
| 15 | Send notifications when eligible members activate this role: Role activation alert | `Notification_Admin_EndUser_Assignment` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Admin |
91-
| 16 | Send notifications when eligible members activate this role: Notification to activated user (requestor) | `Notification_Requestor_EndUser_Assignment` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Requestor |
92-
| 17 | Send notifications when eligible members activate this role: Request to approve an activation | `Notification_Approver_EndUser_Assignment` / [unifiedRoleManagementPolicyExpirationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Approver |
84+
| 9 | Send notifications when members are assigned as eligible to this role: Role assignment alert | `Notification_Admin_Admin_Eligibility` / [unifiedRoleManagementPolicyNotificationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Admin |
85+
| 10 | Send notifications when members are assigned as eligible to this role: Notification to the assigned user (assignee) | `Notification_Requestor_Admin_Eligibility` / [unifiedRoleManagementPolicyNotificationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Assignee / Requestor |
86+
| 11 | Send notifications when members are assigned as eligible to this role: request to approve a role assignment renewal/extension | `Notification_Approver_Admin_Eligibility` / [unifiedRoleManagementPolicyNotificationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Approver |
87+
| 12 | Send notifications when members are assigned as active to this role: Role assignment alert | `Notification_Admin_Admin_Assignment` / [unifiedRoleManagementPolicyNotificationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Admin |
88+
| 13 | Send notifications when members are assigned as active to this role: Notification to the assigned user (assignee) | `Notification_Requestor_Admin_Assignment` / [unifiedRoleManagementPolicyNotificationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Assignee / Requestor |
89+
| 14 | Send notifications when members are assigned as active to this role: Request to approve a role assignment renewal/extension | `Notification_Approver_Admin_Assignment` / [unifiedRoleManagementPolicyNotificationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Approver |
90+
| 15 | Send notifications when eligible members activate this role: Role activation alert | `Notification_Admin_EndUser_Assignment` / [unifiedRoleManagementPolicyNotificationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Admin |
91+
| 16 | Send notifications when eligible members activate this role: Notification to activated user (requestor) | `Notification_Requestor_EndUser_Assignment` / [unifiedRoleManagementPolicyNotificationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Requestor |
92+
| 17 | Send notifications when eligible members activate this role: Request to approve an activation | `Notification_Approver_EndUser_Assignment` / [unifiedRoleManagementPolicyNotificationRule](/graph/api/resources/unifiedrolemanagementpolicynotificationrule) | Approver |
9393

9494
## Related content
9595

0 commit comments

Comments
 (0)