diff --git a/powershell/public/Get-MtRoleMember.ps1 b/powershell/public/Get-MtRoleMember.ps1 index f6eb5f9b..11df23b8 100644 --- a/powershell/public/Get-MtRoleMember.ps1 +++ b/powershell/public/Get-MtRoleMember.ps1 @@ -79,7 +79,7 @@ function Get-MtRoleMember { if ($Active) { $types += @{active = "roleManagement/directory/roleAssignments" } } - if ($Eligible -and "RoleEligibilitySchedule.ReadWrite.Directory" -in $scopes) { + if ($Eligible -and ("RoleEligibilitySchedule.ReadWrite.Directory" -in $scopes -or "RoleManagement.ReadWrite.Directory" -in $scopes)) { $types += @{eligible = "roleManagement/directory/roleEligibilityScheduleRequests" } } elseif ($Eligible) { Write-Warning "Skipping eligible roles as required Graph permission 'RoleEligibilitySchedule.ReadWrite.Directory' was not present." diff --git a/powershell/public/cis/Test-MtCisGlobalAdminCount.ps1 b/powershell/public/cis/Test-MtCisGlobalAdminCount.ps1 index fcc79255..a3d1bcaf 100644 --- a/powershell/public/cis/Test-MtCisGlobalAdminCount.ps1 +++ b/powershell/public/cis/Test-MtCisGlobalAdminCount.ps1 @@ -25,7 +25,7 @@ function Test-MtCisGlobalAdminCount { } $scopes = (Get-MgContext).Scopes - $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes + $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes -and "RoleManagement.ReadWrite.Directory" -notin $scopes if ($permissionMissing) { Add-MtTestResultDetail -SkippedBecause Custom -SkippedCustomReason "Missing Scope RoleEligibilitySchedule.ReadWrite.Directory" return $null diff --git a/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 b/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 index 1533e4bd..d185fb16 100644 --- a/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaCloudGlobalAdmin.ps1 @@ -24,7 +24,7 @@ function Test-MtCisaCloudGlobalAdmin { } $scopes = (Get-MgContext).Scopes - $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes + $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes -and "RoleManagement.ReadWrite.Directory" -notin $scopes if($permissionMissing){ Add-MtTestResultDetail -SkippedBecause Custom -SkippedCustomReason "Missing Scope RoleEligibilitySchedule.ReadWrite.Directory" return $null diff --git a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 index cf409f74..556a2ea7 100644 --- a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminCount.ps1 @@ -24,7 +24,7 @@ function Test-MtCisaGlobalAdminCount { } $scopes = (Get-MgContext).Scopes - $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes + $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes -and "RoleManagement.ReadWrite.Directory" -notin $scopes if($permissionMissing){ Add-MtTestResultDetail -SkippedBecause Custom -SkippedCustomReason "Missing Scope RoleEligibilitySchedule.ReadWrite.Directory" return $null diff --git a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 index 3b3c630b..4e195b59 100644 --- a/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 +++ b/powershell/public/cisa/entra/Test-MtCisaGlobalAdminRatio.ps1 @@ -24,7 +24,7 @@ function Test-MtCisaGlobalAdminRatio { } $scopes = (Get-MgContext).Scopes - $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes + $permissionMissing = "RoleEligibilitySchedule.ReadWrite.Directory" -notin $scopes -and "RoleManagement.ReadWrite.Directory" -notin $scopes if($permissionMissing){ Add-MtTestResultDetail -SkippedBecause Custom -SkippedCustomReason "Missing Scope RoleEligibilitySchedule.ReadWrite.Directory" return $null