ESC
Type to search...
Navigate Open ESC Close

PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup

Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated Read/Write User Scope

Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, without a signed-in user.

Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access App-Only Access

Permission Details

Application Permission

Read, create, and delete eligibility schedules for access to Azure AD groups

Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, without a signed-in user.

Permission ID: 618b6020-bca8-4de6-99f6-ef445fa4d857
Delegated Permission Admin consent required

Read, create, and delete eligibility schedules for access to Azure AD groups

Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, on behalf of the signed-in user.

User sees: Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, on your behalf.
Permission ID: ba974594-d163-484e-ba39-c330d5897667

Properties

Microsoft Graph v1.0 endpoint-derived-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property Type Description
accessReviews object
appConsent object
entitlementManagement object
lifecycleWorkflows object
privilegedAccess object
termsOfUse object

JSON Representation

Microsoft Graph v1.0 endpoint-derived-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation 
{
  "accessReviews": {
    "sample": "value"
  },
  "appConsent": {
    "sample": "value"
  },
  "entitlementManagement": {
    "sample": "value"
  },
  "lifecycleWorkflows": {
    "sample": "value"
  },
  "privilegedAccess": {
    "sample": "value"
  },
  "termsOfUse": {
    "sample": "value"
  }
}

Relationships

Microsoft Graph v1.0 endpoint-derived-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship Type Description
accessReviews accessReviewSet Container for the base resources that expose the access reviews API and features.
appConsent appConsent Container for base resources that expose the app consent request API and features. Currently exposes only the appConsentRequests resource.
entitlementManagement entitlementManagement Container for entitlement management resources, including accessPackageCatalog, connectedOrganization, and entitlementManagementSettings.
termsOfUse termsOfUseContainer Container for the resources that expose the terms of use API and its features, including agreements and agreementAcceptances.
lifecycleWorkflows identityGovernance.lifecycleWorkflowsContainer Container for Lifecycle Workflow resources, including workflow, customTaskExtension, and lifecycleManagementSettings.
privilegedAccess privilegedAccessRoot Container for the base resources that expose the API and features related to Privileged Identity Management (PIM) for Groups.
catalogs accessPackageCatalog collection Related catalogs data exposed by this resource.
permissionsAnalytics permissionsAnalyticsAggregation Related permissionsAnalytics data exposed by this resource.

Graph Methods

Delegated access App-only access
Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances?$filter=groupId eq '{groupId}'
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances?filter=principalId eq '{principalId}'
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/{privilegedAccessGroupEligibilityScheduleInstanceId}
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/filterByCurrentUser(on='parameterValue')
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests?$filter=groupId eq '{groupId}'
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests?$filter=principalId eq '{principalId}'
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/{privilegedAccessGroupEligibilityScheduleRequestId}
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/filterByCurrentUser(on='parameterValue')
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules?$filter=groupId eq '{groupId}'
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules?filter=principalId eq '{principalId}'
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules/{privilegedAccessGroupEligibilityScheduleId}
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules/filterByCurrentUser(on='parameterValue')
POST /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests
POST /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/{privilegedAccessGroupEligibilityScheduleRequestId}/cancel
Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances?$filter=groupId eq '{groupId}'
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances?filter=principalId eq '{principalId}'
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/{privilegedAccessGroupEligibilityScheduleInstanceId}
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/filterByCurrentUser(on='parameterValue')
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests?$filter=groupId eq '{groupId}'
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests?$filter=principalId eq '{principalId}'
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/{privilegedAccessGroupEligibilityScheduleRequestId}
GET /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/filterByCurrentUser(on='parameterValue')
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules?$filter=groupId eq '{groupId}'
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules?filter=principalId eq '{principalId}'
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules/{privilegedAccessGroupEligibilityScheduleId}
GET /identityGovernance/privilegedAccess/group/eligibilitySchedules/filterByCurrentUser(on='parameterValue')
POST /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests
POST /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/{privilegedAccessGroupEligibilityScheduleRequestId}/cancel
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule /identityGovernance/privilegedAccess/group/eligibilitySchedules?$filter=groupId eq '{groupId}'
List eligibilitySchedules
Get-MgIdentityGovernancePrivilegedAccessGroupEligibilitySchedule /identityGovernance/privilegedAccess/group/eligibilitySchedules/{privilegedAccessGroupEligibilityScheduleId}
Get privilegedAccessGroupEligibilitySchedule
Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleInstance /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances?$filter=groupId eq '{groupId}'
List eligibilityScheduleInstances
Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleInstance /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/{privilegedAccessGroupEligibilityScheduleInstanceId}
Get privilegedAccessGroupEligibilityScheduleInstance
Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests?$filter=groupId eq '{groupId}'
List eligibilityScheduleRequests
Get-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/{privilegedAccessGroupEligibilityScheduleRequestId}
Get privilegedAccessGroupEligibilityScheduleRequest
Invoke-MgFilterIdentityGovernancePrivilegedAccessGroupEligibilityScheduleByCurrentUser /identityGovernance/privilegedAccess/group/eligibilitySchedules/filterByCurrentUser(on='parameterValue')
privilegedAccessGroupEligibilitySchedule: filterByCurrentUser
Invoke-MgFilterIdentityGovernancePrivilegedAccessGroupEligibilityScheduleInstanceByCurrentUser /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/filterByCurrentUser(on='parameterValue')
privilegedAccessGroupEligibilityScheduleInstance: filterByCurrentUser
Invoke-MgFilterIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequestByCurrentUser /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/filterByCurrentUser(on='parameterValue')
privilegedAccessGroupEligibilityScheduleRequest: filterByCurrentUser
New-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests
Create eligibilityScheduleRequest
Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
Get-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilitySchedule /identityGovernance/privilegedAccess/group/eligibilitySchedules?$filter=groupId eq '{groupId}'
List eligibilitySchedules
Get-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilitySchedule /identityGovernance/privilegedAccess/group/eligibilitySchedules/{privilegedAccessGroupEligibilityScheduleId}
Get privilegedAccessGroupEligibilitySchedule
Get-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleInstance /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances?$filter=groupId eq '{groupId}'
List eligibilityScheduleInstances
Get-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleInstance /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/{privilegedAccessGroupEligibilityScheduleInstanceId}
Get privilegedAccessGroupEligibilityScheduleInstance
Get-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests?$filter=groupId eq '{groupId}'
List eligibilityScheduleRequests
Get-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/{privilegedAccessGroupEligibilityScheduleRequestId}
Get privilegedAccessGroupEligibilityScheduleRequest
Invoke-MgBetaFilterIdentityGovernancePrivilegedAccessGroupEligibilityScheduleByCurrentUser /identityGovernance/privilegedAccess/group/eligibilitySchedules/filterByCurrentUser(on='parameterValue')
privilegedAccessGroupEligibilitySchedule: filterByCurrentUser
Invoke-MgBetaFilterIdentityGovernancePrivilegedAccessGroupEligibilityScheduleInstanceByCurrentUser /identityGovernance/privilegedAccess/group/eligibilityScheduleInstances/filterByCurrentUser(on='parameterValue')
privilegedAccessGroupEligibilityScheduleInstance: filterByCurrentUser
Invoke-MgBetaFilterIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequestByCurrentUser /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests/filterByCurrentUser(on='parameterValue')
privilegedAccessGroupEligibilityScheduleRequest: filterByCurrentUser
New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests
Create eligibilityScheduleRequest

Code Examples

C# / .NET SDK
Create eligibilityScheduleRequest
View official example on Microsoft Learn
// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new PrivilegedAccessGroupEligibilityScheduleRequest
{
	AccessId = PrivilegedAccessGroupRelationships.Member,
	PrincipalId = "3cce9d87-3986-4f19-8335-7ed075408ca2",
	GroupId = "2b5ed229-4072-478d-9504-a047ebd4b07d",
	Action = ScheduleRequestActions.AdminAssign,
	ScheduleInfo = new RequestSchedule
	{
		StartDateTime = DateTimeOffset.Parse("2023-02-06T19:25:00.000Z"),
		Expiration = new ExpirationPattern
		{
			Type = ExpirationPatternType.AfterDateTime,
			EndDateTime = DateTimeOffset.Parse("2023-02-07T19:56:00.000Z"),
		},
	},
	Justification = "Assign eligible request.",
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PrivilegedAccess.Group.EligibilityScheduleRequests.PostAsync(requestBody);
JavaScript
Create eligibilityScheduleRequest
View official example on Microsoft Learn
const options = {
	authProvider,
};

const client = Client.init(options);

const privilegedAccessGroupEligibilityScheduleRequest = {
    accessId: 'member',
    principalId: '3cce9d87-3986-4f19-8335-7ed075408ca2',
    groupId: '2b5ed229-4072-478d-9504-a047ebd4b07d',
    action: 'AdminAssign',
    scheduleInfo: {
        startDateTime: '2023-02-06T19:25:00.000Z',
        expiration: {
            type: 'AfterDateTime',
            endDateTime: '2023-02-07T19:56:00.000Z'
        }
    },
    justification: 'Assign eligible request.'
};

await client.api('/identityGovernance/privilegedAccess/group/eligibilityScheduleRequests')
	.post(privilegedAccessGroupEligibilityScheduleRequest);
PowerShell
Create eligibilityScheduleRequest
View official example on Microsoft Learn
Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	accessId = "member"
	principalId = "3cce9d87-3986-4f19-8335-7ed075408ca2"
	groupId = "2b5ed229-4072-478d-9504-a047ebd4b07d"
	action = "AdminAssign"
	scheduleInfo = @{
		startDateTime = [System.DateTime]::Parse("2023-02-06T19:25:00.000Z")
		expiration = @{
			type = "AfterDateTime"
			endDateTime = [System.DateTime]::Parse("2023-02-07T19:56:00.000Z")
		}
	}
	justification = "Assign eligible request."
}

New-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -BodyParameter $params
Python
Create eligibilityScheduleRequest
View official example on Microsoft Learn
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.privileged_access_group_eligibility_schedule_request import PrivilegedAccessGroupEligibilityScheduleRequest
from msgraph.generated.models.privileged_access_group_relationships import PrivilegedAccessGroupRelationships
from msgraph.generated.models.schedule_request_actions import ScheduleRequestActions
from msgraph.generated.models.request_schedule import RequestSchedule
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.expiration_pattern_type import ExpirationPatternType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = PrivilegedAccessGroupEligibilityScheduleRequest(
	access_id = PrivilegedAccessGroupRelationships.Member,
	principal_id = "3cce9d87-3986-4f19-8335-7ed075408ca2",
	group_id = "2b5ed229-4072-478d-9504-a047ebd4b07d",
	action = ScheduleRequestActions.AdminAssign,
	schedule_info = RequestSchedule(
		start_date_time = "2023-02-06T19:25:00.000Z",
		expiration = ExpirationPattern(
			type = ExpirationPatternType.AfterDateTime,
			end_date_time = "2023-02-07T19:56:00.000Z",
		),
	),
	justification = "Assign eligible request.",
)

result = await graph_client.identity_governance.privileged_access.group.eligibility_schedule_requests.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup

4

Grant Admin Consent

Application permissions always require admin consent.