Skip to main content
Version: 2.0.1 (preview)

Test-MtEntitlementManagementValidResourceRoles

SYNOPSISโ€‹

Validates catalog resources have no stale app roles or deleted service principals

SYNTAXโ€‹

Test-MtEntitlementManagementValidResourceRoles [-ProgressAction <ActionPreference>] [<CommonParameters>]

DESCRIPTIONโ€‹

MT.1106 - Catalog resources must have valid roles (no stale / removed app roles or SPNs)

This test identifies Entra ID Governance access package catalog resources that reference deleted service principals, stale app roles, or inaccessible SharePoint sites.

When Enterprise Applications are deleted or reconfigured (app roles removed), or when SharePoint sites are deleted/moved, catalogs often retain references that cause provisioning failures when users request access.

The test validates:

  • Application resources point to existing service principals
  • App roles assigned in access packages still exist in service principals
  • SharePoint sites are accessible via Graph API
  • "Default Access" roles are excluded (system defaults)

Issues detected:

  • Deleted service principals (404 errors)
  • Stale app roles removed from service principal but still in access packages
  • Deleted or inaccessible SharePoint sites
  • Invalid SharePoint URLs

Note: Group validation is delegated to MT.1107 for comprehensive coverage.

Learn more: https://maester.dev/docs/tests/MT.1106

EXAMPLESโ€‹

EXAMPLE 1โ€‹

Test-MtEntitlementManagementValidResourceRoles

Returns $true if all catalog resources have valid roles and service principals

PARAMETERSโ€‹

-ProgressActionโ€‹

{{ Fill ProgressAction Description }}

Type: ActionPreference
Parameter Sets: (All)
Aliases: proga

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParametersโ€‹

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTSโ€‹

OUTPUTSโ€‹

System.Booleanโ€‹

NOTESโ€‹

https://maester.dev/docs/commands/Test-MtEntitlementManagementValidResourceRoles