Stop-CafPimRole
Deactivates the user's PIM Role assignment.
Syntax
Stop-CafPimRole
[-RoleId <string>]
[-Tenant <string>]
[-NoMsalFallback]
[-ShowMsalErrors]
Description
Checks if the user is eligible for the role and deactivates the assignment.
Example
Stop-CafPimRole
-Tenant "yourTenantId"
Parameter
-RoleId
The id of the role. Default is "Global Administrator".
| Property | Value |
|---|---|
| Type: | string |
| Default value: | "62e90394-69f5-4237-9190-012177145e10" |
| Required: | False |
-Tenant
The tenant id or domain name.
| Property | Value |
|---|---|
| Type: | string |
| Default value: | None |
| Required: | False |
-NoMsalFallback
If set, the command will not retry using MSAL.PS to force MFA authentication.
| Property | Value |
|---|---|
| Type: | SwitchParameter |
| Default value: | False |
| Required: | False |
-ShowMsalErrors
If set, raw MSAL errors are shown in the output.
| Property | Value |
|---|---|
| Type: | SwitchParameter |
| Default value: | False |
| Required: | False |
See also
Start-CafPimRole— activates the role assignment deactivated by this command