PrivilegedEligibilitySchedule.Remove.AzureADGroup

Allows the app to delete time-based eligibility schedules for access to Azure AD groups, on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the PrivilegedEligibilitySchedule.Remove.AzureADGroup permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	55745561-7572-4314-a737-a2c2a1b0dd2e	c5ea9ab4-9b41-4c09-a400-53e652fb5096
DisplayText	Delete eligibility schedules for access to Azure AD groups	Delete eligibility schedules for access to Azure AD groups
Description	Delete time-based eligibility schedules for access to Azure AD groups, without a signed-in user.	Allows the app to delete time-based eligibility schedules for access to Azure AD groups, on behalf of the signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	POST /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	POST /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	New-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: privilegedAccessGroupEligibilityScheduleRequest

Property	Type	Description
accessId	privilegedAccessGroupRelationships	The identifier of membership or ownership eligibility relationship to the group. Required. The possible values are: `owner`, `member`, `unknownFutureValue`.
action	String	Represents the type of operation on the group membership or ownership eligibility assignment request. The possible values are: `adminAssign`, `adminUpdate`, `adminRemove`, `selfActivate`, `selfDeactivate`, `adminExtend`, `adminRenew`. `adminAssign`: For administrators to assign group membership or ownership eligibility to principals. `adminRemove`: For administrators to remove principals from group membership or ownership eligibilities. `adminUpdate`: For administrators to change existing eligible assignments. `adminExtend`: For administrators to extend expiring eligible assignments. `adminRenew`: For administrators to renew expired eligible assignments. `selfActivate`: For principals to activate their eligible assignments. `selfDeactivate`: For principals to deactivate their eligible assignments.
approvalId	String	The identifier of the approval of the request. Inherited from request.
completedDateTime	DateTimeOffset	The request completion date time. Inherited from request.
createdBy	identitySet	The principal that created this request. Inherited from request. Read-only. Supports `$filter` (`eq`, `ne`, and on `null` values).
createdDateTime	DateTimeOffset	The request creation date time. Inherited from request. Read-only.
customData	String	Free text field to define any custom data for the request. Not used. Inherited from request.
groupId	String	The identifier of the group representing the scope of the membership and ownership eligibility through PIM for groups. Required.
id	String	The unique identifier for the privilegedAccessGroupEligibilityScheduleRequest object. Key, not nullable, read-only. Inherited from entity. Supports `$filter` (`eq`, `ne`).
isValidationOnly	Boolean	Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.
justification	String	A message provided by users and administrators when they create the privilegedAccessGroupEligibilityScheduleRequest object.
principalId	String	The identifier of the principal whose membership or ownership eligibility to the group is managed through PIM for groups. Required.
scheduleInfo	requestSchedule	The period of the group membership or ownership assignment. Recurring schedules are currently unsupported.
status	String	The status of the group membership or ownership assignment request. Inherited from request. Read-only. Supports `$filter` (`eq`, `ne`).
targetScheduleId	String	The identifier of the schedule that's created from the eligibility request. Optional.
ticketInfo	ticketInfo	Ticket details linked to the group membership or ownership assignment request including details of the ticket number and ticket system.

Graph reference: requestSchedule

Property	Type	Description
expiration	expirationPattern	When the eligible or active assignment expires.
recurrence	patternedRecurrence	The frequency of the eligible or active assignment. This property is currently unsupported in PIM.
startDateTime	DateTimeOffset	When the eligible or active assignment becomes active.

Property	Type	Description
ticketNumber	String	The ticket number.
ticketSystem	String	The description of the ticket system.

Table of Contents

PrivilegedEligibilitySchedule.Remove.AzureADGroup

Graph Methods

Resources