New-AzureADMSPermissionGrantConditionSet

  • 參考
模組:
AzureAD

在指定的原則中建立新的 Azure Active Directory 許可權授與條件。

Syntax

New-AzureADMSPermissionGrantConditionSet
   -PolicyId <String>
   -ConditionSetType <String>
   [-PermissionType <String>]
   [-PermissionClassification <String>]
   [-ResourceApplication <String>]
   [-Permissions <System.Collections.Generic.List`1[System.String]>]
   [-ClientApplicationIds <System.Collections.Generic.List`1[System.String]>]
   [-ClientApplicationTenantIds <System.Collections.Generic.List`1[System.String]>]
   [-ClientApplicationPublisherIds <System.Collections.Generic.List`1[System.String]>]
   [-ClientApplicationsFromVerifiedPublisherOnly <Boolean>]
   [<CommonParameters>]

Description

在現有原則中建立新的 Azure Active Directory 許可權授與條件集物件。

範例

範例 1:在具有所有組建值的現有原則中建立基本許可權授與條件

New-AzureADMSPermissionGrantConditionSet -PolicyId "test1" -ConditionSetType "includes" -PermissionType "delegated"

				Id                                          : cab65448-9ec4-43a5-b575-d1f4d32fefa5
				PermissionType                              : delegated
				PermissionClassification                    : all
				ResourceApplication                         : any
				Permissions                                 : {all}
				ClientApplicationIds                        : {all}
				ClientApplicationTenantIds                  : {all}
				ClientApplicationPublisherIds               : {all}
				ClientApplicationsFromVerifiedPublisherOnly : False

範例 2:在包含資源應用程式特定許可權的現有原則中建立許可權授與條件

New-AzureADMSPermissionGrantConditionSet -PolicyId "test1" -ConditionSetType "includes" -PermissionType "delegated" -Permissions @("8b590330-0eb2-45d0-baca-a00ecf7e7b87", "dac1c8fa-e6e4-47b8-a128-599660b8cd5c", "f6db0cc3-88cd-4c74-a374-3d8c7cc4c50b") -ResourceApplication "ec8d61c9-1cb2-4edb-afb0-bcda85645555"

				Id                                          : 64032dc4-8423-4fd7-930c-a9ed3bb1dbb4
				PermissionType                              : delegated
				PermissionClassification                    : all
				ResourceApplication                         : ec8d61c9-1cb2-4edb-afb0-bcda85645555
				Permissions                                 : {8b590330-0eb2-45d0-baca-a00ecf7e7b87, dac1c8fa-e6e4-47b8-a128-599660b8cd5c, 
															  f6db0cc3-88cd-4c74-a374-3d8c7cc4c50b}
				ClientApplicationIds                        : {all}
				ClientApplicationTenantIds                  : {all}
				ClientApplicationPublisherIds               : {all}
				ClientApplicationsFromVerifiedPublisherOnly : False

範例 3:在排除的現有原則中建立許可權授與條件

New-AzureADMSPermissionGrantConditionSet -PolicyId "test1" -ConditionSetType "excludes" -PermissionType "delegated" -Permissions @("8b590330-0eb2-45d0-baca-a00ecf7e7b87", "dac1c8fa-e6e4-47b8-a128-599660b8cd5c", "f6db0cc3-88cd-4c74-a374-3d8c7cc4c50b") -ResourceApplication "ec8d61c9-1cb2-4edb-afb0-bcda85645555" -PermissionClassification "low" -ClientApplicationsFromVerifiedPublisherOnly $true -ClientApplicationIds @("4a6c40ea-edc1-4202-8620-dd4060ee6583", "17a961bd-e743-4e6f-8097-d7e6612999a7") -ClientApplicationTenantIds @("17a961bd-e743-4e6f-8097-d7e6612999a8", "17a961bd-e743-4e6f-8097-d7e6612999a9", "17a961bd-e743-4e6f-8097-d7e6612999a0") -ClientApplicationPublisherIds @("verifiedpublishermpnid")

			Id                                          : 0f81cce0-a766-4db6-a7e2-4e5f10f6abf8
			PermissionType                              : delegated
			PermissionClassification                    : low
			ResourceApplication                         : ec8d61c9-1cb2-4edb-afb0-bcda85645555
			Permissions                                 : {8b590330-0eb2-45d0-baca-a00ecf7e7b87, dac1c8fa-e6e4-47b8-a128-599660b8cd5c, 
														  f6db0cc3-88cd-4c74-a374-3d8c7cc4c50b}
			ClientApplicationIds                        : {4a6c40ea-edc1-4202-8620-dd4060ee6583, 17a961bd-e743-4e6f-8097-d7e6612999a7}
			ClientApplicationTenantIds                  : {17a961bd-e743-4e6f-8097-d7e6612999a8, 17a961bd-e743-4e6f-8097-d7e6612999a9, 17a961bd-e743-4e6f-8097-d7e6612999a0}
			ClientApplicationPublisherIds               : {verifiedpublishermpnid}
			ClientApplicationsFromVerifiedPublisherOnly : True

參數

-ClientApplicationIds

將同意作業的範圍設定為的用戶端應用程式標識碼集。 它可以是 @ (“All”) 或用戶端應用程式識別符清單。

注意

每個租使用者可新增的硬性限制為100個應用程式標識碼。

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ClientApplicationPublisherIds

用戶端應用程式發行者識別碼集,以將同意作業的範圍縮小至 。 它可以是 @ (“All”) 或用戶端應用程式發行者標識符的清單。

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ClientApplicationsFromVerifiedPublisherOnly

值表示是否只包含來自已驗證發行者的用戶端應用程式。

Type:Boolean
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ClientApplicationTenantIds

用戶端應用程式租使用者識別碼,以將同意作業的範圍縮小至 。 它可以是 @ (「全部」) 或用戶端應用程式租使用者標識符清單。

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ConditionSetType

值會指出條件集是否包含在原則中或排除。

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-PermissionClassification

特定分類 (所有、低、中、高) 範圍同意作業。

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Permissions

將同意作業限定為的資源應用程式標識碼。 它可以是 @ (「全部」) 或許可權標識符清單。

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PermissionType

應用程式 (特定許可權類型,委派) 將同意作業的範圍限定為 。

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PolicyId

Azure Active Directory 許可權授與原則物件的唯一標識符。

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ResourceApplication

將同意作業限定為的資源應用程式標識碼。 它可以是「任何」或特定的資源應用程式標識碼。

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

輸入

string

string

輸出

Microsoft.Open.MSGraph.Model.PermissionGrantConditionSet