Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Add-EntraInheritablePermissionsToAgentIdentityBlueprint
Adds inheritable permissions (scopes, roles, or both) to the current Agent Identity Blueprint for a specified resource application.
Syntax
Default (Default)
Add-EntraInheritablePermissionsToAgentIdentityBlueprint
[-ResourceAppId <Guid>]
[<CommonParameters>]
Description
The Add-EntraInheritablePermissionsToAgentIdentityBlueprint cmdlet adds inheritable permissions to an Agent Identity Blueprint. It allows you to configure which OAuth2 permission scopes and/or application roles from a resource application (such as Microsoft Graph) can be inherited by agent blueprints.
The cmdlet interactively prompts for the permission type (scopes, roles, or both) and supports adding permissions for multiple resource applications in a single session.
This cmdlet uses the Microsoft Graph v1.0 API endpoint /v1.0/applications/microsoft.graph.agentIdentityBlueprint/{id}/inheritablePermissions.
Examples
Example 1: Add inheritable permissions for Microsoft Graph (default)
Connect-Entra -Scopes 'AgentIdentityBlueprint.UpdateAuthProperties.All'
Add-EntraInheritablePermissionsToAgentIdentityBlueprint
This example adds inheritable permissions for the default Microsoft Graph resource application. The cmdlet prompts interactively for whether to make scopes, roles, or both inheritable.
Example 2: Add inheritable permissions for a custom resource application
Connect-Entra -Scopes 'AgentIdentityBlueprint.UpdateAuthProperties.All'
Add-EntraInheritablePermissionsToAgentIdentityBlueprint -ResourceAppId "aaaabbbb-cccc-dddd-eeee-ffffffffffff"
This example adds inheritable permissions for a custom resource application specified by its GUID.
Parameters
-ResourceAppId
The resource application ID (GUID) for which to add inheritable permissions. Defaults to Microsoft Graph (00000003-0000-0000-c000-000000000000).
Parameter properties
| Type: | System.Guid |
| Default value: | 00000003-0000-0000-c000-000000000000 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
None
Outputs
System.Management.Automation.PSCustomObject
Returns an object with the following properties:
AgentBlueprintId: The ID of the Agent Identity Blueprint. ResourceAppId: The resource application ID. ResourceAppName: The display name of the resource application. InheritableScopes: Whether scopes are inheritable (allAllowed or none). InheritableRoles: Whether roles are inheritable (allAllowed or none). ConfiguredAt: The timestamp when the permissions were configured. ApiResponse: The raw API response.
Related Links
Feedback
Was this page helpful?