New-EntraBetaPrivateAccessApplicationSegment

Module:

Microsoft.Entra.Beta

Creates an application segment associated to a Private Access application.

Syntax

New-EntraBetaPrivateAccessApplicationSegment
   -ApplicationId <String>
   -DestinationHost <String>
   -DestinationType <String>
   [-Protocol <String>]
   [-Ports <String>]
   [<CommonParameters>]

Description

The New-EntraBetaPrivateAccessApplicationSegment cmdlet creates an application segment associated to a Private Access application.

Examples

Example 1: Create a simple application segment

Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All'
$application = Get-EntraBetaApplication -Filter "displayName eq '<GlobalSecureAccess_Application_DisplayName>'"
$params = @{
    ApplicationId = $application.Id
    DestinationHost = 'ssh.contoso.local'
    Ports = 22
    Protocol = 'TCP'
    DestinationType = 'FQDN'
}
New-EntraBetaPrivateAccessApplicationSegment @params

destinationHost : ssh.contoso.local
destinationType : FQDN
port            : 0
ports           : {22-22}
protocol        : tcp
id              : cccc2222-dd33-4444-55ee-666666ffffff

Example 2: Create an application segment using ranges of IPs and multiple ports

Connect-Entra -Scopes 'NetworkAccessPolicy.ReadWrite.All', 'Application.ReadWrite.All', 'NetworkAccess.ReadWrite.All'
$application = Get-EntraBetaApplication -Filter "displayName eq '<GlobalSecureAccess_Application_DisplayName>'"
$params = @{
    ApplicationId = $application.Id
    DestinationHost = '192.168.1.100..192.168.1.110'
    Ports = '22','3389'
    Protocol = 'TCP','UDP'
    DestinationType = 'ipRange'
}
New-EntraBetaPrivateAccessApplicationSegment @params

destinationHost : 192.168.1.100..192.168.1.110
destinationType : ipRange
port            : 0
ports           : {22-22, 3389-3389}
protocol        : tcp,udp
id              : cccc2222-dd33-4444-55ee-666666ffffff

Example 3: Create application segment using an input file

AppSegments.csv

AppObjectId,DestHost,ports,protocol,type
00001111-aaaa-2222-bbbb-3333cccc4444,10.106.97.0/24,"1-21,23-442,444-65535","TCP,udp",ipRangeCidr
00001111-aaaa-2222-bbbb-3333cccc4444,10.106.96.0/24,"1-21,23-442,444-65535","udp",ipRangeCidr
00001111-aaaa-2222-bbbb-3333cccc4444,10.106.95.0/24,"1-21","udp",ipRangeCidr

CreateAppSegments.ps1

$csvFile = "C:\temp\AppSegments.csv"

# Assuming the CSV file has columns named 'AppObjectId', 'DestHost', 'ports', 'protocol', 'type'
$variables = Import-Csv $csvFile

# Loop through each row of the CSV and execute the command for each set of variables
foreach ($variable in $variables) {
    $appObjectId = $variable.AppObjectId
    $destHost = $variable.DestHost
    $ports = $variable.ports -split ","
    $protocol = $variable.protocol -split ","
    $type = $variable.type

    # Execute the command
    $params = @{
        ApplicationId = $appObjectId
        DestinationHost = $destHost
        Ports = $ports
        Protocol = $protocol
        DestinationType = $type
    }
    New-EntraBetaPrivateAccessApplicationSegment @params
}

Inputs

System.String

System.Nullable`1[[System. Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] System.Nullable`1[[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]

Outputs

System.Object

Related Links

• Get-EntraBetaPrivateAccessApplicationSegment
• Remove-EntraBetaPrivateAccessApplicationSegment
• Get-EntraBetaApplication