New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest is a Microsoft Graph PowerShell cmdlet used to create a role eligibility schedule request in Microsoft Entra ID (Azure AD).
This cmdlet is primarily used in Privileged Identity Management (PIM) scenarios to make a user eligible for a directory role for a defined period.
Instead of permanently assigning high-privilege roles like:
This cmdlet allows you to grant time-bound eligibility, meaning the user must activate the role when required. It is part of the Role Management API under Microsoft Graph.
Try the M365Corner Microsoft 365 Reporting Tool â your DIY pack with 20+ out-of-the-box M365 reports for Users, Groups, and Teams.
Permanent admin roles increase risk.
Modern security models follow Zero Trust + Just-In-Time (JIT) access principles.
This cmdlet enables:
Real-World Scenarios
For organizations using Microsoft Entra PIM, this cmdlet is essential.
Before using this cmdlet:
Delegated Permissions
Application Permissions (for automation)
â ī¸ Admin consent is required for RoleManagement permissions.
Install Microsoft Graph (If Needed)
Install-Module Microsoft.Graph -Scope CurrentUserConnect to Microsoft Graph
Connect-MgGraph -Scopes "RoleManagement.ReadWrite.Directory","Directory.Read.All"This cmdlet requires the -BodyParameter hashtable.
Syntax
New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest -BodyParameter <Hashtable>The hashtable must include:
This assigns a user as eligible for a role for 10 hours.
$params = @{
PrincipalId = "d29e358a-a443-4d83-98b3-499a5405bb5b"
RoleDefinitionId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
Justification = "Add eligible assignment"
DirectoryScopeId = "/"
Action = "AdminAssign"
ScheduleInfo = @{
StartDateTime = Get-Date
Expiration = @{
Type = "AfterDuration"
Duration = "PT10H"
}
}
}
New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest -BodyParameter $params |
Format-List Id, Status, Action, DirectoryScopeId, RoleDefinitionId, Justification, PrincipalId
Duration Format Explanation
This assigns eligibility for 1 full day.
$params = @{
PrincipalId = "d29e358a-a443-4d83-98b3-499a5405bb5b"
RoleDefinitionId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
Justification = "Grant eligibility for 1 day for support work"
DirectoryScopeId = "/"
Action = "AdminAssign"
ScheduleInfo = @{
StartDateTime = Get-Date
Expiration = @{
Type = "AfterDuration"
Duration = "P1D"
}
}
}
New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest -BodyParameter $params |
Format-List Id, Status, Action, DirectoryScopeId, RoleDefinitionId, Justification, PrincipalId
Duration Format Explanation
This assigns eligibility for 30 days, which is common for temporary projects or onboarding.
$params = @{
PrincipalId = "d29e358a-a443-4d83-98b3-499a5405bb5b"
RoleDefinitionId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
Justification = "Grant 30-day eligibility for project administration"
DirectoryScopeId = "/"
Action = "AdminAssign"
ScheduleInfo = @{
StartDateTime = Get-Date
Expiration = @{
Type = "AfterDuration"
Duration = "P30D"
}
}
}
New-MgRoleManagementDirectoryRoleEligibilityScheduleRequest -BodyParameter $params |
Format-List Id, Status, Action, DirectoryScopeId, RoleDefinitionId, Justification, PrincipalId
Important Notes
Did You Know? Managing Microsoft 365 applications is even easier with automation. Try our Graph PowerShell scripts to automate tasks like generating reports, cleaning up inactive Teams, or assigning licenses efficiently.
Ready to get the most out of Microsoft 365 tools? Explore our free Microsoft 365 administration tools to simplify your administrative tasks and boost productivity.
© Created and Maintained by LEARNIT WELL SOLUTIONS. All Rights Reserved.