New-EntraFeatureRolloutPolicy
Allows an admin to create the policy for cloud authentication roll-out in Microsoft Entra ID.
Syntax
New-EntraFeatureRolloutPolicy
-Feature <FeatureEnum>
-IsEnabled <Boolean>
[-Description <String>]
[-IsAppliedToOrganization <Boolean>]
[-AppliesTo <System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.MsDirectoryObject]>]
-DisplayName <String>
[<CommonParameters>] Description
The New-EntraFeatureRolloutPolicy cmdlet allows an admin to create the policy for cloud authentication roll-out (users moving from federation to cloud auth) in Microsoft Entra ID.
The policy admin can identify whether the users authenticate using password hashes in Microsoft Entra ID (Password hash-sync) or Microsoft Entra ID on-premises directly (Pass-through authentication).
Examples
Example 1: Creates the policy for cloud authentication roll-out in Microsoft Entra ID
Connect-Entra -Scopes 'Directory.ReadWrite.All'
$params = @{
Feature = 'PassthroughAuthentication'
DisplayName = 'FeatureRolloutPolicy'
IsEnabled = $false
}
New-EntraFeatureRolloutPolicy @params
Id Description DisplayName Feature IsAppliedToOrganization IsEnabled
-- ----------- ----------- ------- ----------------------- ---------
00aa00aa-bb11-cc22-dd33-44ee44ee44ee FeatureRolloutPolicy FeatureRolloutPolicy passthroughAuthentication False FalseThis example creates the policy for cloud authentication roll-out in Microsoft Entra ID.
-Featurespecifies a feature assigned to the cloud authentication roll-out policy. Currently, you can assign PassthroughAuthentication | SeamlessSso | PasswordHashSync | EmailAsAlternateId.-DisplayNamespecifies the display name of the cloud authentication roll-out policy.-IsEnabledspecifies the status of cloud authentication roll-out policy.
Example 2: Creates the policy for cloud authentication roll-out in Microsoft Entra ID
Connect-Entra -Scopes 'Directory.ReadWrite.All'
$params = @{
Feature = 'PassthroughAuthentication'
DisplayName = 'FeatureRolloutPolicy'
IsEnabled = $false
IsAppliedToOrganization = $false
}
New-EntraFeatureRolloutPolicy @params
Id Description DisplayName Feature IsAppliedToOrganization IsEnabled
-- ----------- ----------- ------- ----------------------- ---------
00aa00aa-bb11-cc22-dd33-44ee44ee44ee FeatureRolloutPolicy FeatureRolloutPolicy passthroughAuthentication False FalseThis command creates the policy for cloud authentication roll-out in Microsoft Entra ID.
-Featurespecifies a feature assigned to the cloud authentication roll-out policy. Currently, you can assign PassthroughAuthentication | SeamlessSso | PasswordHashSync | EmailAsAlternateId.-DisplayNamespecifies the display name of the cloud authentication roll-out policy.-IsEnabledspecifies the status of cloud authentication roll-out policy.-IsAppliedToOrganizationspecifies if the cloud authentication roll-out policy applied to the entire organization.
Parameters
-AppliesTo
Specifies a list of Microsoft Entra ID objects that is assigned to the feature.
| Type: | System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.MsDirectoryObject] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Description
Specifies the description of the cloud authentication roll-out policy.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisplayName
Specifies the display name of the cloud authentication roll-out policy.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Feature
Specifies a feature assigned to the cloud authentication roll-out policy.
Currently, you can assign PassthroughAuthentication | SeamlessSso | PasswordHashSync | EmailAsAlternateId.
| Type: | FeatureEnum |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IsAppliedToOrganization
Specifies if the cloud authentication roll-out policy applied to the entire organization.
| Type: | System.Boolean |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IsEnabled
Specifies the status of cloud authentication roll-out policy.
| Type: | System.Boolean |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Outputs
Microsoft.Online.Administration.MsFeatureRolloutPolicy