Get-EntraPermissionGrantConditionSet

Module:

Microsoft.Graph.Entra

Get a Microsoft Entra ID permission grant condition set by ID.

Syntax

Get-EntraPermissionGrantConditionSet
   -ConditionSetType <String>
   -PolicyId <String>
   [-Property <String[]>]
   [<CommonParameters>]

Get-EntraPermissionGrantConditionSet
   -ConditionSetType <String>
   -Id <String>
   -PolicyId <String>
   [-Property <String[]>]
   [<CommonParameters>]

Description

Get a Microsoft Entra ID permission grant condition set object by ID.

Examples

Example 1: Get all permission grant condition sets that are included in the permission grant policy

Connect-Entra -Scopes 'Policy.Read.PermissionGrant'
$permissionGrantPolicyId = 'policy1'
$params = @{
    PolicyId = $permissionGrantPolicyId
    ConditionSetType = 'includes'
}

Get-EntraPermissionGrantConditionSet @params

Id                                   CertifiedClientApplicationsOnly ClientApplicationIds                                                         ClientApplicationPublisherIds          ClientApplicationTenantIds
--                                   ------------------------------- --------------------                                                         -----------------------------          --------------------
aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb False                           {33334444-dddd-5555-eeee-6666ffff7777} {d5aec55f-2d12-4442-8d2f-ccca95d4390e} {aaaabbbb-0000-cccc-1111-dddd2222eeee}

This command gets all permission grant condition sets that are included in the policy.

• -PolicyId parameter specifies the unique identifier of a permission grant policy.
• -ConditionSetType parameter indicates whether the condition sets are included in the policy or excluded.

Example 2: Get all permission grant condition sets that are excluded in the permission grant policy

Connect-Entra -Scopes 'Policy.Read.PermissionGrant'
$permissionGrantPolicyId = 'policy1'
$params = @{
    PolicyId = $permissionGrantPolicyId
    ConditionSetType = 'excludes'
}

Get-EntraPermissionGrantConditionSet @params

Id                                   CertifiedClientApplicationsOnly ClientApplicationIds                                                         ClientApplicationPublisherIds          ClientApplicationTenantIds
--                                   ------------------------------- --------------------                                                         -----------------------------          --------------------
bbbbbbbb-1111-2222-3333-cccccccccccc False                           {33334444-dddd-5555-eeee-6666ffff7777} {d5aec55f-2d12-4442-8d2f-ccca95d4390e} {aaaabbbb-0000-cccc-1111-dddd2222eeee}
cccccccc-2222-3333-4444-dddddddddddd False                           {44445555-eeee-6666-ffff-7777gggg8888} {d5aec55f-2d12-4442-8d2f-ccca95d4390e} {aaaabbbb-0000-cccc-1111-dddd2222eeee}

This command gets all permission grant condition sets that are excluded in the policy.

• -PolicyId parameter specifies the unique identifier of a permission grant policy.
• -ConditionSetType parameter indicates whether the condition sets are included in the policy or excluded.

Example 3: Get a permission grant condition set

Connect-Entra -Scopes 'Policy.Read.PermissionGrant'
$permissionGrantPolicyId = 'policy1'
$params = @{
    PolicyId = $permissionGrantPolicyId
    ConditionSetType = 'includes'
    Id = 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb'
}

Get-EntraPermissionGrantConditionSet @params

Id                                   CertifiedClientApplicationsOnly ClientApplicationIds                                                         ClientApplicationPublisherIds          ClientApplicationTenantIds
--                                   ------------------------------- --------------------                                                         -----------------------------          --------------------
dddddddd-3333-4444-5555-eeeeeeeeeeee False                           {33334444-dddd-5555-eeee-6666ffff7777} {d5aec55f-2d12-4442-8d2f-ccca95d4390e} {aaaabbbb-0000-cccc-1111-dddd2222eeee}

This command gets a permission grant condition set specified by Id.

• -PolicyId parameter specifies the unique identifier of a permission grant policy.
• -ConditionSetType parameter indicates whether the condition sets are included in the policy or excluded.
• -Id parameter specifies the unique identifier of the permission grant condition set object.

Parameters

-ConditionSetType

The value indicates whether the condition sets are included in the policy or excluded.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-Id

The unique identifier of a Microsoft Entra ID permission grant condition set object.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-PolicyId

The unique identifier of a Microsoft Entra ID permission grant policy object.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-Property

Specifies properties to be returned.

Type:	System.String[]
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Outputs

Microsoft.Open.MSGraph.Model.PermissionGrantConditionSet

Related Links

• New-EntraPermissionGrantConditionSet
• Set-EntraPermissionGrantConditionSet
• Remove-EntraPermissionGrantConditionSet