Merge pull request #199127 from FaithOmbongi/20220524-minorFixes

PMEds28 · web-flow · commit 2a6b66059d77 · 2022-05-25T10:06:55.000+01:00
Minor fixes to Microsoft Graph refs in PIM docs
diff --git a/articles/active-directory/roles/TOC.yml b/articles/active-directory/roles/TOC.yml
@@ -58,7 +58,7 @@
       href: groups-pim-eligible.md
     - name: Assign roles with scope using PowerShell
       href: custom-assign-powershell.md
-    - name: Assign roles using Graph API
+    - name: Assign roles using Microsoft Graph
       href: custom-assign-graph.md
   - name: Remove role assignments
     items: 
diff --git a/articles/active-directory/roles/groups-create-eligible.md b/articles/active-directory/roles/groups-create-eligible.md
@@ -102,7 +102,7 @@ Add-AzureADGroupMember -ObjectId $roleAssignablegroup.Id -RefObjectId $member.Ob
 ### Create a role-assignable group in Azure AD
 
 ```http
-POST https://graph.microsoft.com/beta/groups
+POST https://graph.microsoft.com/v1.0/groups
 {
   "description": "This group is assigned to Helpdesk Administrator built-in role of Azure AD.",
   "displayName": "Contoso_Helpdesk_Administrators",
diff --git a/articles/active-directory/roles/manage-roles-portal.md b/articles/active-directory/roles/manage-roles-portal.md
@@ -156,18 +156,13 @@ If PIM is enabled, you have additional capabilities, such as making a user eligi
     $roleAssignmentEligible = Open-AzureADMSPrivilegedRoleAssignmentRequest -ProviderId 'aadRoles' -ResourceId $aadTenant.Id -RoleDefinitionId $roleDefinition.Id -SubjectId $user.objectId -Type 'AdminAdd' -AssignmentState 'Eligible' -schedule $schedule -reason "Review billing info"
     ```
 
-## Microsoft Graph API
+## Microsoft Graph PIM API
 
-Follow these instructions to assign a role using the Microsoft Graph API in [Graph Explorer](https://aka.ms/ge).
+Follow these instructions to assign a role using the Microsoft Graph PIM API.
 
 ### Assign a role
 
-In this example, a security principal with objectID `f8ca5a85-489a-49a0-b555-0a6d81e56f0d` is assigned the Billing Administrator role (role definition ID `b0f54661-2d74-4c50-afa3-1ec803f12efe`) at tenant scope. If you want to see the list of immutable role template IDs of all built-in roles, see [Azure AD built-in roles](permissions-reference.md).
-
-1. Sign in to the [Graph Explorer](https://aka.ms/ge).
-2. Select **POST** as the HTTP method from the dropdown. 
-3. Select the API version to **v1.0**.
-4. Use the [Create unifiedRoleAssignment](/graph/api/rbacapplication-post-roleassignments) API to assign roles. Add following details to the URL and Request Body and select **Run query**.
+In this example, a security principal with objectID `f8ca5a85-489a-49a0-b555-0a6d81e56f0d` is assigned the Billing Administrator role (role definition ID `b0f54661-2d74-4c50-afa3-1ec803f12efe`) at tenant scope. To see the list of immutable role template IDs of all built-in roles, see [Azure AD built-in roles](permissions-reference.md).
 
 ```http
 POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments
@@ -183,69 +178,72 @@ Content-type: application/json
 
 ### Assign a role using PIM
 
-In this example, a security principal with objectID `f8ca5a85-489a-49a0-b555-0a6d81e56f0d` is assigned a time-bound eligible role assignment to Billing Administrator (role definition ID `b0f54661-2d74-4c50-afa3-1ec803f12efe`) for 180 days.
+#### Assign a time-bound eligible role assignment
 
-1. Sign in to the [Graph Explorer](https://aka.ms/ge).
-2. Select **POST** as the HTTP method from the dropdown. 
-3. Select the API version to **beta**.
-4. Use the [Create unifiedRoleEligibilityScheduleRequest](/graph/api/unifiedroleeligibilityschedulerequest-post-unifiedroleeligibilityschedulerequests) API to assign roles using PIM. Add following details to the URL and Request Body and select **Run query**.
+In this example, a security principal with objectID `f8ca5a85-489a-49a0-b555-0a6d81e56f0d` is assigned a time-bound eligible role assignment to Billing Administrator (role definition ID `b0f54661-2d74-4c50-afa3-1ec803f12efe`) for 180 days.
 
 ```http
-POST https://graph.microsoft.com/beta/rolemanagement/directory/roleEligibilityScheduleRequests
+POST https://graph.microsoft.com/v1.0/rolemanagement/directory/roleEligibilityScheduleRequests
 Content-type: application/json
 
 {
-    "action": "AdminAssign",
+    "action": "adminAssign",
     "justification": "for managing admin tasks",
     "directoryScopeId": "/",
     "principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
     "roleDefinitionId": "b0f54661-2d74-4c50-afa3-1ec803f12efe",
     "scheduleInfo": {
         "startDateTime": "2021-07-15T19:15:08.941Z",
         "expiration": {
-            "type": "AfterDuration",
+            "type": "afterDuration",
             "duration": "PT180D"
         }
     }
 }
 ```
 
+#### Assign a permanent eligible role assignment
+
 In the following example, a security principal is assigned a permanent eligible role assignment to Billing Administrator.
 
 ```http
-POST https://graph.microsoft.com/beta/rolemanagement/directory/roleEligibilityScheduleRequests
+POST https://graph.microsoft.com/v1.0/rolemanagement/directory/roleEligibilityScheduleRequests
 Content-type: application/json
 
 {
-    "action": "AdminAssign",
+    "action": "adminAssign",
     "justification": "for managing admin tasks",
     "directoryScopeId": "/",
     "principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
     "roleDefinitionId": "b0f54661-2d74-4c50-afa3-1ec803f12efe",
     "scheduleInfo": {
         "startDateTime": "2021-07-15T19:15:08.941Z",
         "expiration": {
-            "type": "NoExpiration"
+            "type": "noExpiration"
         }
     }
 }
 ```
 
-To activate the role assignment, use the [Create unifiedRoleAssignmentScheduleRequest](/graph/api/unifiedroleassignmentschedulerequest-post-unifiedroleassignmentschedulerequests) API.
+#### Activate a role assignment
+
+To activate the role assignment, use the [Create roleAssignmentScheduleRequests](/graph/api/rbacapplication-post-roleeligibilityschedulerequests) API.
 
 ```http
-POST https://graph.microsoft.com/beta/roleManagement/directory/roleAssignmentScheduleRequests
+POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignmentScheduleRequests
 Content-type: application/json
 
 {
-    "action": "SelfActivate",
+    "action": "selfActivate",
     "justification": "activating role assignment for admin privileges",
     "roleDefinitionId": "b0f54661-2d74-4c50-afa3-1ec803f12efe",
     "directoryScopeId": "/",
     "principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d"
 }
 ```
 
+For more information about managing Azure AD roles through the PIM API in Microsoft Graph, see [Overview of role management through the privileged identity management (PIM) API](/graph/api/resources/privilegedidentitymanagementv3-overview).
+
 ## Next steps
 
 - [List Azure AD role assignments](view-assignments.md)

Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ Add-AzureADGroupMember -ObjectId $roleAssignablegroup.Id -RefObjectId $member.Ob`
`102`	`102`	`### Create a role-assignable group in Azure AD`
`103`	`103`
`104`	`104`	```http
`105`		`-POST https://graph.microsoft.com/beta/groups`
	`105`	`+POST https://graph.microsoft.com/v1.0/groups`
`106`	`106`	`{`
`107`	`107`	`"description": "This group is assigned to Helpdesk Administrator built-in role of Azure AD.",`
`108`	`108`	`"displayName": "Contoso_Helpdesk_Administrators",`