Nota
L'accesso a questa pagina richiede l'autorizzazione. È possibile provare ad accedere o modificare le directory.
L'accesso a questa pagina richiede l'autorizzazione. È possibile provare a modificare le directory.
Questo script di PowerShell illustra come aggiungere a livello di codice una regola di bypass personalizzata ai criteri di inoltro di Microsoft Entra Internet Access. Lo script trova il criterio di inoltro "Bypass personalizzato" e aggiunge una regola di esempio per ignorare i domini specificati.
L'esempio richiede il modulo Microsoft Graph Beta PowerShell 2.10 o versione successiva.
Considerazioni importanti
- Eseguire lo script di PowerShell come amministratore da una sessione di PowerShell con privilegi elevati.
- Assicurarsi di installare il modulo Microsoft.Graph.Beta:
Install-Module Microsoft.Graph.Beta -AllowClobber -Force - L'account usato per
Connect-MgGraphdeve avere le autorizzazioni seguenti:- Politica.Lettura.Tutto
- NetworkAccess.ReadWrite.All
Script di esempio
# bypassscript.ps1 adds sample endpoints to the custom bypass policy in the internet access forwarding profile
#
# Version 1.0
#
# This script requires following
# - PowerShell 5.1 (x64) or beyond
# - Module: Microsoft.Graph.Beta
#
# Before you begin:
# - Make sure you are running PowerShell as an Administrator
# - Make sure you run: Install-Module Microsoft.Graph.Beta -AllowClobber -Force
# - Make sure the account used for Connect-MgGraph has the following permissions:
# - Policy.Read.All
# - NetworkAccess.ReadWrite.All
#
if (-not (Get-Module -ListAvailable -Name Microsoft.Graph.Beta.Identity.SignIns)) {
Write-Host "Module Microsoft.Graph.Beta.Identity.SignIns is not installed. Please install it using: Install-Module Microsoft.Graph.Beta -AllowClobber"
exit
}
Import-Module Microsoft.Graph.Beta.Identity.SignIns
Connect-MgGraph -Scopes "Policy.Read.All,NetworkAccess.ReadWrite.All"
# Find out custom bypass forwarding policy id
$custombypass = $null
$forwardingpolicies = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/networkaccess/forwardingpolicies"
foreach ($policy in $forwardingpolicies.value) {
if ($policy.name -eq "Custom Bypass"){
$custombypass = $policy.id
}
}
if ($custombypass -eq $null) {
Write-Host "Could not find the IA custom bypass forwarding policy. Exiting."
exit
}
# First, Bypass the Intune endpoints
$samplerule = [PSCustomObject]@{
name = "Sample FQDN bypass rule"
action = "bypass"
destinations = @()
ruleType = "fqdn"
ports = @("80", "443")
protocol = "tcp"
'@odata.type' = "#microsoft.graph.networkaccess.internetAccessForwardingRule"
}
$sampledomains = @(
"bing.com",
"*.bing.com"
)
foreach ($sampledomain in $sampledomains) {
$fqdn = [PSCustomObject]@{
'@odata.type' = "#microsoft.graph.networkaccess.fqdn"
value = $sampledomain
}
$samplerule.destinations += $fqdn
}
$body = $samplerule | ConvertTo-Json
Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/networkaccess/forwardingPolicies('$($custombypass)')/policyRules" -Body $body -ContentType "application/json"
# Next, Bypass the sample IP-based endpoints
$sampleipbypassrule = [PSCustomObject]@{
name = "Sample IP bypass rule"
action = "bypass"
destinations = @()
ruleType = "ipSubnet"
ports = @("80", "443")
protocol = "tcp"
'@odata.type' = "#microsoft.graph.networkaccess.internetAccessForwardingRule"
}
$sampleipbypassdomains = @(
"1.2.3.4/32"
)
foreach ($sampleipbypassdomain in $sampleipbypassdomains) {
$ip = [PSCustomObject]@{
'@odata.type' = "#microsoft.graph.networkaccess.ipSubnet"
value = $sampleipbypassdomain
}
$sampleipbypassrule.destinations += $ip
}
$body = $sampleipbypassrule | ConvertTo-Json
Invoke-MgGraphRequest -Method POST -Uri "https://graph.microsoft.com/beta/networkaccess/forwardingPolicies('$($custombypass)')/policyRules" -Body $body -ContentType "application/json"