Start-CafPimGroup
Assigns the user to a PIM group.
Syntax
Start-CafPimGroup
[-DurationHours <int>]
[-GroupName <string>]
[-Justification <string>]
[-Tenant <string>]
[-NoMsalFallback]
[-ShowMsalErrors]
Description
Assigns the user to a PIM group. The user must be eligible for the group. Either you run this cmdlet under a .azcontext which defines tenantId and adminEntraGroupName or you provide those values using the parameters.
Example
Start-CafPimGroup
-Justification "Do privileged activities"
-GroupName "AdminGroup"
-Tenant "contoso.com"
Parameter
-DurationHours
The duration in hours for the assignment.
| Property | Value |
|---|---|
| Type: | int |
| Default value: | 8 |
| Required: | False |
-GroupName
The name of the security group used for PIM.
| Property | Value |
|---|---|
| Type: | string |
| Default value: | None |
| Required: | False |
-Justification
The reason why you want to activate the assignment.
| Property | Value |
|---|---|
| Type: | string |
| Default value: | "Eligible assignment activated through CAF" |
| Required: | False |
-Tenant
The tenant id or domain name.
| Property | Value |
|---|---|
| Type: | string |
| Default value: | None |
| Required: | False |
-NoMsalFallback
If set, the command will not retry using MSAL.PS to force MFA authentication.
| Property | Value |
|---|---|
| Type: | SwitchParameter |
| Default value: | False |
| Required: | False |
-ShowMsalErrors
If set, raw MSAL errors are shown in the output.
| Property | Value |
|---|---|
| Type: | SwitchParameter |
| Default value: | False |
| Required: | False |
See also
Stop-CafPimGroup— deactivates the group assignment activated by this command