New-EntraFeatureRolloutPolicy

Reference

Module:: Microsoft.Entra

Allows an admin to create the policy for cloud authentication roll-out in Microsoft Entra ID.

Syntax

New-EntraFeatureRolloutPolicy
   -Feature <FeatureEnum>
   -IsEnabled <Boolean>
   [-Description <String>]
   [-IsAppliedToOrganization <Boolean>]
   [-AppliesTo <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.MsDirectoryObject]>]
   -DisplayName <String>
   [<CommonParameters>]

Description

The New-EntraFeatureRolloutPolicy cmdlet allows an admin to create the policy for cloud authentication roll-out (users moving from federation to cloud auth) in Microsoft Entra ID.

The policy admin can identify whether the users authenticate using password hashes in Microsoft Entra ID (Password hash-sync) or Microsoft Entra ID on-premises directly (Pass-through authentication).

Examples

Example 1: Creates the policy for cloud authentication roll-out in Microsoft Entra ID

Connect-Entra -Scopes 'Directory.ReadWrite.All'
New-EntraFeatureRolloutPolicy -Feature 'PassthroughAuthentication' -DisplayName 'Passthrough Authentication Rollout Policy' -IsEnabled $false

Id                                   Description          DisplayName          Feature                   IsAppliedToOrganization IsEnabled
--                                   -----------          -----------          -------                   ----------------------- ---------
00aa00aa-bb11-cc22-dd33-44ee44ee44ee FeatureRolloutPolicy FeatureRolloutPolicy passthroughAuthentication False                   False

This example creates the policy for cloud authentication roll-out in Microsoft Entra ID.

-Feature specifies a feature assigned to the cloud authentication roll-out policy. Currently, you can assign PassthroughAuthentication | SeamlessSso | PasswordHashSync | EmailAsAlternateId.
-DisplayName specifies the display name of the cloud authentication roll-out policy.
-IsEnabled specifies the status of cloud authentication roll-out policy.

Example 2: Creates the policy for cloud authentication roll-out in Microsoft Entra ID

Connect-Entra -Scopes 'Directory.ReadWrite.All'
New-EntraFeatureRolloutPolicy -Feature 'PassthroughAuthentication' -DisplayName 'FeatureRolloutPolicy' -IsEnabled $false -IsAppliedToOrganization $false

Id                                   Description          DisplayName          Feature                   IsAppliedToOrganization IsEnabled
--                                   -----------          -----------          -------                   ----------------------- ---------
00aa00aa-bb11-cc22-dd33-44ee44ee44ee FeatureRolloutPolicy FeatureRolloutPolicy passthroughAuthentication False                   False

This command creates the policy for cloud authentication roll-out in Microsoft Entra ID.

-Feature specifies a feature assigned to the cloud authentication roll-out policy. Currently, you can assign PassthroughAuthentication | SeamlessSso | PasswordHashSync | EmailAsAlternateId.
-DisplayName specifies the display name of the cloud authentication roll-out policy.
-IsEnabled specifies the status of cloud authentication roll-out policy.
-IsAppliedToOrganization specifies if the cloud authentication roll-out policy applied to the entire organization.

Parameters

-AppliesTo

Specifies a list of Microsoft Entra ID objects that is assigned to the feature.

Type:	System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.MsDirectoryObject]
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Description

Specifies the description of the cloud authentication roll-out policy.

Type:	System.String
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-DisplayName

Specifies the display name of the cloud authentication roll-out policy.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-Feature

Specifies a feature assigned to the cloud authentication roll-out policy.

Possible values are:

passthroughAuthentication
seamlessSso
passwordHashSync
emailAsAlternateId
unknownFutureValue
certificateBasedAuthentication
multiFactorAuthentication

Type:	FeatureEnum
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-IsAppliedToOrganization

Specifies if the cloud authentication roll-out policy applied to the entire organization.

Type:	System.Boolean
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-IsEnabled

Specifies the status of cloud authentication roll-out policy.

Type:	System.Boolean
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

Outputs

Microsoft.Online.Administration.MsFeatureRolloutPolicy

Notes

See more details - /graph/api/resources/featurerolloutpolicy

Share via

New-EntraFeatureRolloutPolicy

Syntax

Description

Examples

Example 1: Creates the policy for cloud authentication roll-out in Microsoft Entra ID

Example 2: Creates the policy for cloud authentication roll-out in Microsoft Entra ID

Parameters

-AppliesTo

-Description

-DisplayName

-Feature

-IsAppliedToOrganization

-IsEnabled

Outputs

Notes

Feedback

Additional resources

Share via

New-EntraFeatureRolloutPolicy

Syntax

Description

Examples

Example 1: Creates the policy for cloud authentication roll-out in Microsoft Entra ID

Example 2: Creates the policy for cloud authentication roll-out in Microsoft Entra ID

Parameters

-AppliesTo

-Description

-DisplayName

-Feature

-IsAppliedToOrganization

-IsEnabled

Outputs

Notes

Related Links

Feedback

Additional resources