New-AzureADMSConditionalAccessPolicy

參考

模組:: AzureAD

在 Azure Active Directory 中建立新的條件式存取原則。

Syntax

New-AzureADMSConditionalAccessPolicy
   [-Id <String>]
   [-DisplayName <String>]
   [-State <String>]
   [-Conditions <ConditionalAccessConditionSet>]
   [-GrantControls <ConditionalAccessGrantControls>]
   [-SessionControls <ConditionalAccessSessionControls>]
   [<CommonParameters>]

Description

此 Cmdlet 可讓系統管理員在 Azure Active Directory 中建立新的條件式存取原則。條件式存取原則是定義存取案例的自定義規則。

範例

範例 1：在 Azure AD 中建立新的條件式存取原則，要求 MFA 才能存取 Exchange Online

PS C:\> $conditions = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet
PS C:\> $conditions.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition
PS C:\> $conditions.Applications.IncludeApplications = "00000002-0000-0ff1-ce00-000000000000"
PS C:\> $conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition
PS C:\> $conditions.Users.IncludeUsers = "all"
PS C:\> $controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls
PS C:\> $controls._Operator = "OR"
PS C:\> $controls.BuiltInControls = "mfa"
PS C:\> New-AzureADMSConditionalAccessPolicy -DisplayName "MFA policy" -State "Enabled" -Conditions $conditions -GrantControls $controls

Id                      : 6b5e999b-0ba8-4186-a106-e0296c1c4358
DisplayName             : MFA policy
CreatedDateTime         : 2019-09-26T23:12:16.0792706Z
ModifiedDateTime        : 2019-09-27T00:12:12.5986473Z
State                   : Enabled

此命令會在 Azure AD 中建立新的條件式存取原則，要求 MFA 才能存取 Exchange Online。

範例 2：在 Azure AD 中建立新的條件式存取原則，以封鎖從非信任區域存取 Exchange Online

PS C:\> $conditions = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet
PS C:\> $conditions.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition
PS C:\> $conditions.Applications.IncludeApplications = "00000002-0000-0ff1-ce00-000000000000"
PS C:\> $conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition
PS C:\> $conditions.Users.IncludeUsers = "all"
PS C:\> $conditions.Locations = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessLocationCondition
PS C:\> $conditions.Locations.IncludeLocations = "198ad66e-87b3-4157-85a3-8a7b51794ee9"
PS C:\> $controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls
PS C:\> $controls._Operator = "OR"
PS C:\> $controls.BuiltInControls = "block"
PS C:\> New-AzureADMSConditionalAccessPolicy -DisplayName "MFA policy" -State "Enabled" -Conditions $conditions -GrantControls $controls

Id                      : 6b5e999b-0ba8-4186-a106-e0296c1c4358
DisplayName             : MFA policy
CreatedDateTime         : 2019-09-26T23:12:16.0792706Z
ModifiedDateTime        : 2019-09-27T00:12:12.5986473Z
State                   : Enabled

此命令會在 Azure AD 中建立新的條件式存取原則，以封鎖從非信任區域存取 Exchange Online。

參數

-Conditions

指定 Azure Active Directory 中條件式存取原則的條件。

Type:	ConditionalAccessConditionSet
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DisplayName

指定 Azure Active Directory 中條件式存取原則的顯示名稱。

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-GrantControls

指定 Azure Active Directory 中條件式存取原則的控件。

Type:	ConditionalAccessGrantControls
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Id

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-SessionControls

Type:	ConditionalAccessSessionControls
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-State

指定 Azure Active Directory 中條件式存取原則的啟用或停用狀態。

Type:	String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

備註

請參閱 New-AzureADMSConditionalAccessPolicy 至 Microsoft Graph PowerShell 的移轉指南。

New-AzureADMSConditionalAccessPolicy

Syntax

Description

範例

範例 1：在 Azure AD 中建立新的條件式存取原則，要求 MFA 才能存取 Exchange Online

範例 2：在 Azure AD 中建立新的條件式存取原則，以封鎖從非信任區域存取 Exchange Online

參數

-Conditions

-DisplayName

-GrantControls

-Id

-SessionControls

-State

備註

意見反應

意見反應

其他資源

New-AzureADMSConditionalAccessPolicy

Syntax

Description

範例

範例 1：在 Azure AD 中建立新的條件式存取原則，要求 MFA 才能存取 Exchange Online

範例 2：在 Azure AD 中建立新的條件式存取原則，以封鎖從非信任區域存取 Exchange Online

參數

-Conditions

-DisplayName

-GrantControls

-Id

-SessionControls

-State

備註

相關連結

意見反應

意見反應

其他資源