New-AzureADMSConditionalAccessPolicy
Membuat kebijakan akses bersyar baru di Azure Active Directory.
Sintaks
New-AzureADMSConditionalAccessPolicy
[-Id <String>]
[-DisplayName <String>]
[-State <String>]
[-Conditions <ConditionalAccessConditionSet>]
[-GrantControls <ConditionalAccessGrantControls>]
[-SessionControls <ConditionalAccessSessionControls>]
[<CommonParameters>]
Deskripsi
Cmdlet ini memungkinkan admin untuk membuat kebijakan akses bersyarkat baru di Azure Active Directory. Kebijakan akses bersyariah adalah aturan kustom yang menentukan skenario akses.
Contoh
Contoh 1: Membuat kebijakan akses bersyarat baru di Azure ACTIVE Directory yang mengharuskan MFA mengakses Exchange Online
PS C:\> $conditions = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet
PS C:\> $conditions.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition
PS C:\> $conditions.Applications.IncludeApplications = "00000002-0000-0ff1-ce00-000000000000"
PS C:\> $conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition
PS C:\> $conditions.Users.IncludeUsers = "all"
PS C:\> $controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls
PS C:\> $controls._Operator = "OR"
PS C:\> $controls.BuiltInControls = "mfa"
PS C:\> New-AzureADMSConditionalAccessPolicy -DisplayName "MFA policy" -State "Enabled" -Conditions $conditions -GrantControls $controls
Id : 6b5e999b-0ba8-4186-a106-e0296c1c4358
DisplayName : MFA policy
CreatedDateTime : 2019-09-26T23:12:16.0792706Z
ModifiedDateTime : 2019-09-27T00:12:12.5986473Z
State : Enabled
Perintah ini membuat kebijakan akses bersyarat baru di Azure Active Directory yang mengharuskan MFA mengakses Exchange Online.
Contoh 2: Membuat kebijakan akses bersyarkat baru di Azure ACTIVE Directory yang memblokir akses ke Exchange Online dari wilayah yang tidak tepercaya
PS C:\> $conditions = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet
PS C:\> $conditions.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition
PS C:\> $conditions.Applications.IncludeApplications = "00000002-0000-0ff1-ce00-000000000000"
PS C:\> $conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition
PS C:\> $conditions.Users.IncludeUsers = "all"
PS C:\> $conditions.Locations = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessLocationCondition
PS C:\> $conditions.Locations.IncludeLocations = "198ad66e-87b3-4157-85a3-8a7b51794ee9"
PS C:\> $controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls
PS C:\> $controls._Operator = "OR"
PS C:\> $controls.BuiltInControls = "block"
PS C:\> New-AzureADMSConditionalAccessPolicy -DisplayName "MFA policy" -State "Enabled" -Conditions $conditions -GrantControls $controls
Id : 6b5e999b-0ba8-4186-a106-e0296c1c4358
DisplayName : MFA policy
CreatedDateTime : 2019-09-26T23:12:16.0792706Z
ModifiedDateTime : 2019-09-27T00:12:12.5986473Z
State : Enabled
Contoh 3: Membuat kebijakan akses bersyarkat baru di Azure ACTIVE Directory yang memblokir akses ke Exchange Online dari perangkat yang tidak patuh
PS C:\> $conditions = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet
PS C:\> $conditions.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition
PS C:\> $conditions.Applications.IncludeApplications = "00000002-0000-0ff1-ce00-000000000000"
PS C:\> $conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition
PS C:\> $conditions.Users.IncludeUsers = "all"
PS C:\> $conditions.Devices = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessDevicesCondition
PS C:\> $conditions.Devices.DeviceFilter = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessFilter
PS C:\> $conditions.Devices.DeviceFilter.Mode = "exclude"
PS C:\> $conditions.Devices.DeviceFilter.Rule = "device.isCompliant -eq True"
PS C:\> $controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls
PS C:\> $controls._Operator = "OR"
PS C:\> $controls.BuiltInControls = "block"
PS C:\> New-AzureADMSConditionalAccessPolicy -DisplayName "Block Non-compliant device policy" -State "Enabled" -Conditions $conditions -GrantControls $controls
Id : c5560f6b-2931-4b40-8e94-8b9e11a507c1
DisplayName : Block Non-compliant device policy
CreatedDateTime : 2022-04-20T15:15:41.9500079Z
ModifiedDateTime :
State : enabled
Perintah ini membuat kebijakan akses bersyarkat baru di Azure Active Directory yang memblokir akses ke Exchange Online dari wilayah yang tidak tepercaya. Ini menunjukkan penggunaan filter untuk kondisi perangkat .
Parameter
-Conditions
Menentukan kondisi untuk kebijakan akses bersyar di Azure Active Directory.
Jenis: | ConditionalAccessConditionSet |
Position: | Named |
nilai default: | None |
Diperlukan: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DisplayName
Menentukan nama tampilan kebijakan akses bersyar di Azure Active Directory.
Jenis: | String |
Position: | Named |
nilai default: | None |
Diperlukan: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-GrantControls
Menentukan kontrol untuk kebijakan akses bersyar di Azure Active Directory.
Jenis: | ConditionalAccessGrantControls |
Position: | Named |
nilai default: | None |
Diperlukan: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Id
{{ Fill Id Description }}
Jenis: | String |
Position: | Named |
nilai default: | None |
Diperlukan: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SessionControls
{{ Fill SessionControls Description }}
Jenis: | ConditionalAccessSessionControls |
Position: | Named |
nilai default: | None |
Diperlukan: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-State
Menentukan status kebijakan akses bersyar yang diaktifkan atau dinonaktifkan di Azure Active Directory.
Jenis: | String |
Position: | Named |
nilai default: | None |
Diperlukan: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Saran dan Komentar
https://aka.ms/ContentUserFeedback.
Segera hadir: Sepanjang tahun 2024 kami akan menghentikan penggunaan GitHub Issues sebagai mekanisme umpan balik untuk konten dan menggantinya dengan sistem umpan balik baru. Untuk mengetahui informasi selengkapnya, lihat:Kirim dan lihat umpan balik untuk