This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 8%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKR%3C/text%3E%3C/svg%3E)
Hello Team,
Trying to add conditional access policy for MFA. We are able to add all properties except user actions. Please refer the below screenshot-
Need guidance on below highlighted settings using powershell.
Below is the powershell code which we are using-
CODE
$passwd = ConvertTo-SecureString 'XXXXXXXXX' -AsPlainText -Force
$pscredential = New-Object System.Management.Automation.PSCredential('XXXXX', $passwd)
$login = Connect-AzAccount -Credential $pscredential -TenantId 'XXXXXXX'
Connect-AzureAD -Credential $pscredential
$conditions = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet
$conditions.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition
$conditions.Applications.IncludeApplications = "All"
$conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition
$conditions.Users.IncludeUsers = "all"
$conditions.Users.ExcludeUsers = "452aa556-ea30-4d97-8200-aa354d7b89af"
$controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls
$controls._Operator = "OR"
$controls.BuiltInControls = "mfa"
New-AzureADMSConditionalAccessPolicy -DisplayName "IGDODC MFA for Device Enrollment1" -State "Enabled" -Conditions $conditions -GrantControls $controls -Debug -Verbose
When we are trying to deploy the above code, cloud apps or actions are set to all clouds. But we need cloud apps or actions to user action.
Please let us know if we have any property to enable user actions.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
I am looking into this issue and will try this in my lab first. I will revert back post my testing on this.
As per your previous post you can use below property to set user actions,
$conditions.Applications.IncludeUserActions = "urn:user:registerdevice"
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
By using this below property, we are able to set user actions
$conditions.Applications.IncludeUserActions = "urn:user:registerdevice"