PrivilegedEligibilitySchedule.Remove.AzureADGroup

Permission Details

Application Permission

Delete eligibility schedules for access to Azure AD groups

Delete time-based eligibility schedules for access to Azure AD groups, without a signed-in user.

Permission ID: 55745561-7572-4314-a737-a2c2a1b0dd2e

Delegated Permission

Delete eligibility schedules for access to Azure AD groups

Allows the app to delete time-based eligibility schedules for access to Azure AD groups, on behalf of the signed-in user.

Permission ID: c5ea9ab4-9b41-4c09-a400-53e652fb5096

Properties

Microsoft Graph v1.0 endpoint-derived-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property	Type	Description
`accessReviews`	`object`
`appConsent`	`object`
`entitlementManagement`	`object`
`lifecycleWorkflows`	`object`
`privilegedAccess`	`object`
`termsOfUse`	`object`

JSON Representation

Microsoft Graph v1.0 endpoint-derived-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation

{
  "accessReviews": {
    "sample": "value"
  },
  "appConsent": {
    "sample": "value"
  },
  "entitlementManagement": {
    "sample": "value"
  },
  "lifecycleWorkflows": {
    "sample": "value"
  },
  "privilegedAccess": {
    "sample": "value"
  },
  "termsOfUse": {
    "sample": "value"
  }
}

Relationships

Microsoft Graph v1.0 endpoint-derived-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship	Type	Description
`accessReviews`	`accessReviewSet`	Container for the base resources that expose the access reviews API and features.
`appConsent`	`appConsent`	Container for base resources that expose the app consent request API and features. Currently exposes only the appConsentRequests resource.
`entitlementManagement`	`entitlementManagement`	Container for entitlement management resources, including accessPackageCatalog, connectedOrganization, and entitlementManagementSettings.
`termsOfUse`	`termsOfUseContainer`	Container for the resources that expose the terms of use API and its features, including agreements and agreementAcceptances.
`lifecycleWorkflows`	`identityGovernance.lifecycleWorkflowsContainer`	Container for Lifecycle Workflow resources, including workflow, customTaskExtension, and lifecycleManagementSettings.
`privilegedAccess`	`privilegedAccessRoot`	Container for the base resources that expose the API and features related to Privileged Identity Management (PIM) for Groups.
`catalogs`	`accessPackageCatalog collection`	Related catalogs data exposed by this resource.
`permissionsAnalytics`	`permissionsAnalyticsAggregation`	Related permissionsAnalytics data exposed by this resource.

Graph Methods

Delegated access App-only access

Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
POST `/identityGovernance/privilegedAccess/group/eligibilityScheduleRequests`

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
POST `/identityGovernance/privilegedAccess/group/eligibilityScheduleRequests`

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`New-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest` /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests Create eligibilityScheduleRequest

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`New-MgBetaIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest` /identityGovernance/privilegedAccess/group/eligibilityScheduleRequests Create eligibilityScheduleRequest

Code Examples

C# / .NET SDK

Create eligibilityScheduleRequest

View official example on Microsoft Learn

// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Models;

var requestBody = new PrivilegedAccessGroupEligibilityScheduleRequest
{
	AccessId = PrivilegedAccessGroupRelationships.Member,
	PrincipalId = "3cce9d87-3986-4f19-8335-7ed075408ca2",
	GroupId = "2b5ed229-4072-478d-9504-a047ebd4b07d",
	Action = ScheduleRequestActions.AdminAssign,
	ScheduleInfo = new RequestSchedule
	{
		StartDateTime = DateTimeOffset.Parse("2023-02-06T19:25:00.000Z"),
		Expiration = new ExpirationPattern
		{
			Type = ExpirationPatternType.AfterDateTime,
			EndDateTime = DateTimeOffset.Parse("2023-02-07T19:56:00.000Z"),
		},
	},
	Justification = "Assign eligible request.",
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.PrivilegedAccess.Group.EligibilityScheduleRequests.PostAsync(requestBody);

JavaScript

Create eligibilityScheduleRequest

View official example on Microsoft Learn

const options = {
	authProvider,
};

const client = Client.init(options);

const privilegedAccessGroupEligibilityScheduleRequest = {
    accessId: 'member',
    principalId: '3cce9d87-3986-4f19-8335-7ed075408ca2',
    groupId: '2b5ed229-4072-478d-9504-a047ebd4b07d',
    action: 'AdminAssign',
    scheduleInfo: {
        startDateTime: '2023-02-06T19:25:00.000Z',
        expiration: {
            type: 'AfterDateTime',
            endDateTime: '2023-02-07T19:56:00.000Z'
        }
    },
    justification: 'Assign eligible request.'
};

await client.api('/identityGovernance/privilegedAccess/group/eligibilityScheduleRequests')
	.post(privilegedAccessGroupEligibilityScheduleRequest);

PowerShell

Create eligibilityScheduleRequest

View official example on Microsoft Learn

Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	accessId = "member"
	principalId = "3cce9d87-3986-4f19-8335-7ed075408ca2"
	groupId = "2b5ed229-4072-478d-9504-a047ebd4b07d"
	action = "AdminAssign"
	scheduleInfo = @{
		startDateTime = [System.DateTime]::Parse("2023-02-06T19:25:00.000Z")
		expiration = @{
			type = "AfterDateTime"
			endDateTime = [System.DateTime]::Parse("2023-02-07T19:56:00.000Z")
		}
	}
	justification = "Assign eligible request."
}

New-MgIdentityGovernancePrivilegedAccessGroupEligibilityScheduleRequest -BodyParameter $params

Python

Create eligibilityScheduleRequest

View official example on Microsoft Learn

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.privileged_access_group_eligibility_schedule_request import PrivilegedAccessGroupEligibilityScheduleRequest
from msgraph.generated.models.privileged_access_group_relationships import PrivilegedAccessGroupRelationships
from msgraph.generated.models.schedule_request_actions import ScheduleRequestActions
from msgraph.generated.models.request_schedule import RequestSchedule
from msgraph.generated.models.expiration_pattern import ExpirationPattern
from msgraph.generated.models.expiration_pattern_type import ExpirationPatternType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = PrivilegedAccessGroupEligibilityScheduleRequest(
	access_id = PrivilegedAccessGroupRelationships.Member,
	principal_id = "3cce9d87-3986-4f19-8335-7ed075408ca2",
	group_id = "2b5ed229-4072-478d-9504-a047ebd4b07d",
	action = ScheduleRequestActions.AdminAssign,
	schedule_info = RequestSchedule(
		start_date_time = "2023-02-06T19:25:00.000Z",
		expiration = ExpirationPattern(
			type = ExpirationPatternType.AfterDateTime,
			end_date_time = "2023-02-07T19:56:00.000Z",
		),
	),
	justification = "Assign eligible request.",
)

result = await graph_client.identity_governance.privileged_access.group.eligibility_schedule_requests.post(request_body)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for PrivilegedEligibilitySchedule.Remove.AzureADGroup

4

Grant Admin Consent

Application permissions always require admin consent.