Get-MgIdentityConditionalAccessPolicy
Retrieve the properties and relationships of a conditionalAccessPolicy object.
Note
To view the beta release of this cmdlet, view Get-MgBetaIdentityConditionalAccessPolicy
Syntax
Get-MgIdentityConditionalAccessPolicy
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-Filter <String>]
[-Search <String>]
[-Skip <Int32>]
[-Sort <String[]>]
[-Top <Int32>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-PageSize <Int32>]
[-All]
[-CountVariable <String>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Get-MgIdentityConditionalAccessPolicy
-ConditionalAccessPolicyId <String>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Get-MgIdentityConditionalAccessPolicy
-InputObject <IIdentitySignInsIdentity>
[-ExpandProperty <String[]>]
[-Property <String[]>]
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[<CommonParameters>]
Description
Retrieve the properties and relationships of a conditionalAccessPolicy object.
Permissions
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | Policy.Read.All | Not available. |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | Policy.Read.All | Not available. |
Permissions
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | Policy.Read.All | Not available. |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | Policy.Read.All | Not available. |
Examples
Example 1: Get a list of all conditional access policies in Azure AD.
Connect-MgGraph -Scopes 'Policy.Read.All'
Get-MgIdentityConditionalAccessPolicy |Format-List
Conditions : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet
CreatedDateTime : 1/13/2022 6:35:35 AM
Description :
DisplayName : Exchange Online Requires Compliant Device
GrantControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls
Id : 5e7615b8-dbe4-4cc1-810c-26adb77a3518
ModifiedDateTime : 7/29/2022 9:08:10 AM
SessionControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls
State : enabled
AdditionalProperties : {}
Conditions : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet
CreatedDateTime : 1/13/2022 6:35:39 AM
Description :
DisplayName : Office 365 App Control
GrantControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls
Id : 8783f4ea-215e-49f9-a4f6-cc21f6de45f6
ModifiedDateTime : 7/29/2022 9:08:39 AM
SessionControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls
State : enabled
AdditionalProperties : {}
This example retrieves all the conditional access policies in Azure AD.
Example 2: Get a conditional access policy by Id
Connect-MgGraph -Scopes 'Policy.Read.All'
Get-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId '5e7615b8-dbe4-4cc1-810c-26adb77a3518' |
Format-List
Conditions : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet
CreatedDateTime : 1/13/2022 6:35:35 AM
Description :
DisplayName : Exchange Online Requires Compliant Device
GrantControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls
Id : 5e7615b8-dbe4-4cc1-810c-26adb77a3518
ModifiedDateTime : 7/29/2022 9:08:10 AM
SessionControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls
State : enabled
AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metadata#identity/conditionalAccess/policies/$entity]}
This command retrieves the conditional access by Id.
Parameters
-All
List all pages.
Type: | SwitchParameter |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ConditionalAccessPolicyId
The unique identifier of conditionalAccessPolicy
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-CountVariable
Specifies a count of the total number of items in a collection. By default, this variable will be set in the global scope.
Type: | String |
Aliases: | CV |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ExpandProperty
Expand related entities
Type: | String[] |
Aliases: | Expand |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Filter
Filter items by property values
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
Type: | IDictionary |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Type: | IIdentitySignInsIdentity |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-PageSize
Sets the page size of results.
Type: | Int32 |
Position: | Named |
Default value: | 0 |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
Type: | ActionPreference |
Aliases: | proga |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Property
Select properties to be returned
Type: | String[] |
Aliases: | Select |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
Type: | String |
Aliases: | RHV |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Search
Search items by search phrases
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Skip
Skip the first n items
Type: | Int32 |
Position: | Named |
Default value: | 0 |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Sort
Order items by property values
Type: | String[] |
Aliases: | OrderBy |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Top
Show only the first n items
Type: | Int32 |
Aliases: | Limit |
Position: | Named |
Default value: | 0 |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Microsoft.Graph.PowerShell.Models.IIdentitySignInsIdentity
System.Collections.IDictionary
Outputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphConditionalAccessPolicy
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
INPUTOBJECT <IIdentitySignInsIdentity>
: Identity Parameter
[ActivityBasedTimeoutPolicyId <String>]
: The unique identifier of activityBasedTimeoutPolicy[AppManagementPolicyId <String>]
: The unique identifier of appManagementPolicy[AuthenticationCombinationConfigurationId <String>]
: The unique identifier of authenticationCombinationConfiguration[AuthenticationConditionApplicationAppId <String>]
: The unique identifier of authenticationConditionApplication[AuthenticationContextClassReferenceId <String>]
: The unique identifier of authenticationContextClassReference[AuthenticationEventListenerId <String>]
: The unique identifier of authenticationEventListener[AuthenticationEventsFlowId <String>]
: The unique identifier of authenticationEventsFlow[AuthenticationMethodConfigurationId <String>]
: The unique identifier of authenticationMethodConfiguration[AuthenticationMethodId <String>]
: The unique identifier of authenticationMethod[AuthenticationMethodModeDetailId <String>]
: The unique identifier of authenticationMethodModeDetail[AuthenticationStrengthPolicyId <String>]
: The unique identifier of authenticationStrengthPolicy[B2XIdentityUserFlowId <String>]
: The unique identifier of b2xIdentityUserFlow[BitlockerRecoveryKeyId <String>]
: The unique identifier of bitlockerRecoveryKey[CertificateBasedAuthConfigurationId <String>]
: The unique identifier of certificateBasedAuthConfiguration[ClaimsMappingPolicyId <String>]
: The unique identifier of claimsMappingPolicy[ConditionalAccessPolicyId <String>]
: The unique identifier of conditionalAccessPolicy[ConditionalAccessTemplateId <String>]
: The unique identifier of conditionalAccessTemplate[CrossTenantAccessPolicyConfigurationPartnerTenantId <String>]
: The unique identifier of crossTenantAccessPolicyConfigurationPartner[CustomAuthenticationExtensionId <String>]
: The unique identifier of customAuthenticationExtension[DataPolicyOperationId <String>]
: The unique identifier of dataPolicyOperation[DirectoryObjectId <String>]
: The unique identifier of directoryObject[EmailAuthenticationMethodId <String>]
: The unique identifier of emailAuthenticationMethod[FeatureRolloutPolicyId <String>]
: The unique identifier of featureRolloutPolicy[Fido2AuthenticationMethodId <String>]
: The unique identifier of fido2AuthenticationMethod[HomeRealmDiscoveryPolicyId <String>]
: The unique identifier of homeRealmDiscoveryPolicy[IdentityApiConnectorId <String>]
: The unique identifier of identityApiConnector[IdentityProviderBaseId <String>]
: The unique identifier of identityProviderBase[IdentityProviderId <String>]
: The unique identifier of identityProvider[IdentityUserFlowAttributeAssignmentId <String>]
: The unique identifier of identityUserFlowAttributeAssignment[IdentityUserFlowAttributeId <String>]
: The unique identifier of identityUserFlowAttribute[LongRunningOperationId <String>]
: The unique identifier of longRunningOperation[MicrosoftAuthenticatorAuthenticationMethodId <String>]
: The unique identifier of microsoftAuthenticatorAuthenticationMethod[MultiTenantOrganizationMemberId <String>]
: The unique identifier of multiTenantOrganizationMember[NamedLocationId <String>]
: The unique identifier of namedLocation[OAuth2PermissionGrantId <String>]
: The unique identifier of oAuth2PermissionGrant[OrganizationId <String>]
: The unique identifier of organization[PasswordAuthenticationMethodId <String>]
: The unique identifier of passwordAuthenticationMethod[PermissionGrantConditionSetId <String>]
: The unique identifier of permissionGrantConditionSet[PermissionGrantPolicyId <String>]
: The unique identifier of permissionGrantPolicy[PhoneAuthenticationMethodId <String>]
: The unique identifier of phoneAuthenticationMethod[RiskDetectionId <String>]
: The unique identifier of riskDetection[RiskyServicePrincipalHistoryItemId <String>]
: The unique identifier of riskyServicePrincipalHistoryItem[RiskyServicePrincipalId <String>]
: The unique identifier of riskyServicePrincipal[RiskyUserHistoryItemId <String>]
: The unique identifier of riskyUserHistoryItem[RiskyUserId <String>]
: The unique identifier of riskyUser[ServicePrincipalRiskDetectionId <String>]
: The unique identifier of servicePrincipalRiskDetection[SoftwareOathAuthenticationMethodId <String>]
: The unique identifier of softwareOathAuthenticationMethod[TemporaryAccessPassAuthenticationMethodId <String>]
: The unique identifier of temporaryAccessPassAuthenticationMethod[ThreatAssessmentRequestId <String>]
: The unique identifier of threatAssessmentRequest[ThreatAssessmentResultId <String>]
: The unique identifier of threatAssessmentResult[TokenIssuancePolicyId <String>]
: The unique identifier of tokenIssuancePolicy[TokenLifetimePolicyId <String>]
: The unique identifier of tokenLifetimePolicy[UnifiedRoleManagementPolicyAssignmentId <String>]
: The unique identifier of unifiedRoleManagementPolicyAssignment[UnifiedRoleManagementPolicyId <String>]
: The unique identifier of unifiedRoleManagementPolicy[UnifiedRoleManagementPolicyRuleId <String>]
: The unique identifier of unifiedRoleManagementPolicyRule[UserFlowLanguageConfigurationId <String>]
: The unique identifier of userFlowLanguageConfiguration[UserFlowLanguagePageId <String>]
: The unique identifier of userFlowLanguagePage[UserId <String>]
: The unique identifier of user[WindowsHelloForBusinessAuthenticationMethodId <String>]
: The unique identifier of windowsHelloForBusinessAuthenticationMethod