Hello Team,
Trying to add conditional access policy for MFA. We are able to add all properties except user actions. Please refer the below screenshot-
Need guidance on below highlighted settings using powershell.
Below is the powershell code which we are using-
CODE
$passwd = ConvertTo-SecureString 'XXXXXXXXX' -AsPlainText -Force
$pscredential = New-Object System.Management.Automation.PSCredential('XXXXX', $passwd)
$login = Connect-AzAccount -Credential $pscredential -TenantId 'XXXXXXX'
Connect-AzureAD -Credential $pscredential
$conditions = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet
$conditions.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition
$conditions.Applications.IncludeApplications = "All"
$conditions.Applications.IncludeUserActions = "useraction"
$conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition
$conditions.Users.IncludeUsers = "all"
$conditions.Users.ExcludeUsers = "452aa556-ea30-4d97-8200-aa354d7b89af"
$conditions.ClientAppTypes = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessClientApp
$conditions.ClientAppTypes = @(‘other’)
$controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls
$controls._Operator = "OR"
$controls.BuiltInControls = "mfa"
Message: Security Defaults is enabled in the tenant. You must disable Security defaults before enabling a Conditional Access policy.
New-AzureADMSConditionalAccessPolicy -DisplayName "IGDODC MFA for Device Enrollment1" -State "Enabled" -Conditions $conditions -GrantControls $controls -Debug -Verbose
When we are trying to deploy the above code, cloud apps or actions are set to all clouds. But we need cloud apps or actions to user action.
Please let us know if we have any property to enable user actions.