CsApplicationAccessPolicy

Question

Hi All,

I am using an Exchange 2016 hybrid environment. I have created a CsApplicationAccessPolicy and assigned it globally in Teams online using the following syntax:

Grant-CsApplicationAccessPolicy -PolicyName "MyPolicy1" -Global

I want to remove it from being applied globally and assign it to a mail-enabled security group. This mail-enabled security group is created on-premises and synced to AzureAD. Let’s say the group name is mesg1@contoso.com. Could you please guide me with the syntax to achieve this?

Answer 1

Hello, @Glenn Maxwell,

Welcome to the Microsoft Q&A platform!

If you want to unassign the global application access policy and assign it to a specific mail-enabled security group that's synced from on-premises to AzureAD, you can achieve this with PowerShell.

First, use the Grant-CsApplicationAccessPolicy cmdlet with the -PolicyName $null parameter to remove the global policy assignment:

Grant-CsApplicationAccessPolicy -PolicyName $Null -Global

Then, to assign the access policy to the mail-enabled security group (MESG), you will use the Grant-CsApplicationAccessPolicy cmdlet again, but this time specifying the group:

Grant-CsApplicationAccessPolicy -PolicyName "MyPolicy1" -Group "mesg1@contoso.com"

This will unassign the policy from being applied globally and then assign it to the specified mail-enabled security group. Please ensure you have the necessary administrative privileges to execute these commands, and that you have connected to the relevant Microsoft Teams or Skype for Business Online PowerShell module to interact with the Cs cmdlets.

Should you need more help on this, you can feel free to post back. 

---

If the answer is helpful, please click on ACCEPT ANSWER as it could help other members of the Microsoft Q&A community who have similar questions and are looking for solutions.

Thank you for your support and understanding.

Best Wishes,

Alex Zhang