Set Conditional Access Policy "Filter for devices" via Powershell

TLQA 21 Reputation points

Hello all,

a Microsoft Moderator send me to this forum.

hopefully someone can help me with this topic.

I currently try to set "filter for devices" via Powershell for our conditional access policy but I cant figure out how to do it.

The goal is to set the syntax in the "fliter for devices" via powershell to example: "evice.deviceId -eq "some serial number" -or device.deviceId -eq "some serial number"

First I tried to read the set values to find out how I could set them but It seems there is no class for "filter for devices".

((Get-AzureADMSConditionalAccessPolicy -PolicyId somepolicyID).Conditions)


Applications     : class ConditionalAccessApplicationCondition {  
                     IncludeApplications: System.Collections.Generic.List`1[System.String]  
                     ExcludeApplications: System.Collections.Generic.List`1[System.String]  
                     IncludeUserActions: System.Collections.Generic.List`1[System.String]  
Users            : class ConditionalAccessUserCondition {  
                     IncludeUsers: System.Collections.Generic.List`1[System.String]  
                     ExcludeUsers: System.Collections.Generic.List`1[System.String]  
                     IncludeGroups: System.Collections.Generic.List`1[System.String]  
                     ExcludeGroups: System.Collections.Generic.List`1[System.String]  
                     IncludeRoles: System.Collections.Generic.List`1[System.String]  
                     ExcludeRoles: System.Collections.Generic.List`1[System.String]  
Platforms        : class ConditionalAccessPlatformCondition {  
                     IncludePlatforms: System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.ConditionalAccessDevicePlatforms]  
                     ExcludePlatforms: System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.ConditionalAccessDevicePlatforms]  
Locations        :   
SignInRiskLevels : {}  
ClientAppTypes   : {All}  


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,421 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 95,081 Reputation points MVP

    The AAD PowerShell module uses outdated APIs, switch to the Microsoft Graph SDK for PowerShell or better yet, run direct Graph API requests instead. Here's the relevant documentation:

    And the deviceFilter resource type:

    0 comments No comments