Add-EntraBetaInheritablePermissionsToAgentIdentityBlueprint
Adds inheritable permissions to Agent Identity Blueprints.
Syntax
Default (Default)
Add-EntraBetaInheritablePermissionsToAgentIdentityBlueprint
[-Scopes <String[]>]
[-ResourceAppId <String>]
[<CommonParameters>]
Description
The Add-EntraBetaInheritablePermissionsToAgentIdentityBlueprint cmdlet configures inheritable Microsoft Graph permissions that can be granted to Agent Identity Blueprints. This allows agents created from the blueprint to inherit specific Microsoft Graph permissions.
Examples
Example 1: Add inheritable permissions with prompts
Connect-Entra -Scopes 'AgentIdentityBlueprint.ReadWrite.All'
Add-EntraBetaInheritablePermissionsToAgentIdentityBlueprint
This example prompts for scopes and adds inheritable permissions to the current Agent Identity Blueprint.
Example 2: Add specific inheritable permissions
Connect-Entra -Scopes 'AgentIdentityBlueprint.ReadWrite.All'
Add-EntraBetaInheritablePermissionsToAgentIdentityBlueprint -Scopes @("User.Read", "Mail.Read", "Calendars.Read")
This example adds User.Read, Mail.Read, and Calendars.Read as inheritable permissions to the Agent Identity Blueprint.
Example 3: Add inheritable permissions for a custom resource
Connect-Entra -Scopes 'AgentIdentityBlueprint.ReadWrite.All'
Add-EntraBetaInheritablePermissionsToAgentIdentityBlueprint -Scopes @("CustomScope.Read") -ResourceAppId "12345678-1234-1234-1234-123456789012"
This example adds inheritable permissions for a custom resource application by specifying the ResourceAppId.
Parameters
-ResourceAppId
The resource application ID as a GUID. Defaults to Microsoft Graph (00000003-0000-0000-c000-000000000000). This parameter accepts either a GUID object or a string that can be converted to a GUID.
Parameter properties
| Type: | System.String |
| Default value: | 00000003-0000-0000-c000-000000000000 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Scopes
Array of Microsoft Graph permission scopes to make inheritable. Common scopes include: User.Read, Mail.Read, Calendars.Read, etc. If not provided, will prompt for input.
Parameter properties
| Type: | System.String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
None
Outputs
System.Object
Returns the result of the inheritable permissions configuration.
Notes
This cmdlet requires the following Microsoft Graph permission:
- Application.ReadWrite.All
This cmdlet requires an Agent Identity Blueprint to be created first. It uses the stored blueprint ID from the last blueprint creation.