Azure Powershell Script for Group Based Roles PIM ?

# Connect to Azure AD PowerShell Module Connect-AzureAD # Set variables for the Group Name and Role ID $GroupName = "YOUR_GROUP_NAME" $RoleId = "YOUR_ROLE_ID" # Get the Group Object $Group = Get-AzureADGroup -Filter "DisplayName eq '$GroupName'" # Get the Role Object $Role = Get-AzureADDirectoryRole -Filter "DisplayName eq '$RoleId'" # Check if the Role is already assigned to the Group $AssignedRole = Get-AzureADDirectoryRoleMember -ObjectId $Role.ObjectId -All $true | Where-Object {$_.ObjectType -eq 'Group'} | Where-Object {$_.ObjectId -eq $Group.ObjectId} # If the Role is not assigned to the Group, assign it if (!$AssignedRole) { Add-AzureADDirectoryRoleMember -ObjectId $Role.ObjectId -RefObjectId $Group.ObjectId } # Get the PIM Role Assignment Object $PimRole = Get-AzRoleAssignment -ObjectId $Group.ObjectId -IncludeClassicAdministrators -Scope '/' # If the PIM Role Assignment Object does not exist, create it if (!$PimRole) { New-AzRoleAssignment -SignInName $Group.DisplayName -RoleDefinitionName 'Privileged Role Administrator' -Scope '/' } # Disconnect from Azure AD PowerShell Module Disconnect-AzureAD