Get-AuthenticationPolicy

This cmdlet is available in on-premises Exchange and in the cloud-based service. Some parameters and settings may be exclusive to one environment or the other.

Use the Get-AuthenticationPolicy cmdlet to view authentication policies in your organization. For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Get-AuthenticationPolicy
   [[-Identity] <AuthPolicyIdParameter>]
   [-AllowLegacyExchangeTokens]
   [-TenantId <String>]
   [<CommonParameters>]

Description

You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.

Examples

Example 1

Get-AuthenticationPolicy | Format-Table -Auto Name

This example returns a summary list of all authentication policies.

Example 2

Get-AuthenticationPolicy -Identity "Engineering Group"

This example returns detailed information for the authentication policy named Engineering Group.

Example 3

Get-AuthenticationPolicy -AllowLegacyExchangeTokens

In Exchange Online, this example specifies whether legacy Exchange tokens for Outlook add-ins are allowed in the organization.

Parameters

-AllowLegacyExchangeTokens

This parameter is available only in the cloud-based service.

The AllowLegacyExchangeTokens switch specifies whether legacy Exchange tokens are allowed for Outlook add-ins in your organization. You don't need to specify a value with this switch.

Legacy Exchange tokens include Exchange user identity and callback tokens.

Important:

  • Currently, the AllowLegacyExchangeTokens switch only specifies whether legacy Exchange tokens are allowed in your organization. For now, disregard the empty Allowed and Blocked arrays returned by the switch.
  • Legacy Exchange tokens will eventually be blocked by default in all cloud-based organizations. For more information, see Nested app authentication and Outlook legacy tokens deprecation FAQ.
Type:SwitchParameter
Position:Named
Default value:True
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection

-Identity

The Identity parameter specifies the authentication policy you want to view. You can use any value that uniquely identifies the policy. For example:

  • Name
  • Distinguished name (DN)
  • GUID
Type:AuthPolicyIdParameter
Position:0
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2019, Exchange Online, Exchange Online Protection

-TenantId

This parameter is available only in the cloud-based service.

{{ Fill TenantId Description }}

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online, Exchange Online Protection