New-EntraPolicy

Reference

Module:: Microsoft.Graph.Entra

Creates a policy.

Syntax

New-EntraPolicy
   -Definition <System.Collections.Generic.List`1[System.String]>
   -DisplayName <String>
   -Type <String>
   [-IsOrganizationDefault <Boolean>]
   [<CommonParameters>]

Description

The New-EntraPolicy cmdlet creates a policy in Microsoft Entra ID. Specify DisplayName, Definition and Type parameters for create a new policy.

Examples

Example 1: Create a new policy

Connect-Entra -Scopes 'Policy.ReadWrite.ApplicationConfiguration'
$params = @{
    Definition = @('{"HomeRealmDiscoveryPolicy":{"AlternateLoginIDLookup":true, "IncludedUserIds":["UserID"]}}')
    DisplayName = 'NewPolicy'
    Type = 'HomeRealmDiscoveryPolicy'
}
New-EntraPolicy @params

Definition                                                                     DeletedDateTime Description DisplayName Id                                   IsOrganizationD
                                                                                                                                                            efault
----------                                                                     --------------- ----------- ----------- --                                   ---------------
{{"HomeReayPolicy":{"AlternateLoginIDLookup":true, "IncluderIds":["UserID"]}}}                              NewPolicy aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb False

This command creates a new policy in Microsoft Entra ID.

-Definition Parameter specifies an array of JSON that contains all the rules of the policy.
-Type Parameter specifies the type of policy.

Example 2: Create a ClaimsMappingPolicy policy by 'IsOrganizationDefault' parameter

Connect-Entra -Scopes 'Policy.ReadWrite.ApplicationConfiguration'
$params = @{
    Definition = @('{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLClaimType\":\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name\",\"JwtClaimType\":\"upn\"},{\"Source\":\"user\",\"ID\":\"displayName\",\"SAMLClaimType\":\"http://schemas.microsoft.com/identity/claims/displayname\",\"JwtClaimType\":\"name\"}]}}" ], "displayName": "Custom Claims Issuance Policy", "isOrganizationDefault": false }') 
    DisplayName ='ClaimstestPolicy' 
    Type = 'claimsMappingPolicies' 
    IsOrganizationDefault = $false 
}
New-EntraPolicy @params

Definition
----------
{{ "definition": [ "{\"ClaimsMappingPolicy\":{\"Version\":1,\"IncludeBasicClaimSet\":\"true\",\"ClaimsSchema\":[{\"Source\":\"user\",\"ID\":\"userPrincipalName\",\"SAMLCl…

This command creates a ClaimsMappingPolicy using 'IsOrganizationDefault' parameter in Microsoft Entra ID.

-Definition Parameter specifies an array of JSON that contains all the rules of the policy.
-Type - Parameter specifies the type of policy. In this example, ClaimsMappingPolicy represents the type of policy.
-IsOrganizationDefault If true, activates this policy. Only one policy of the same type can be the organization default. Optional, default is false.

Example 3: Create a TokenLifetimePolicy

Connect-Entra -Scopes 'Policy.ReadWrite.ApplicationConfiguration'
$params = @{
    Definition = @('{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"8:00:00"}}')
    DisplayName = 'TokenLifetimePolicy'
    Type = 'TokenLifetimePolicy'
    IsOrganizationDefault = $false
}
New-EntraPolicy @params

Definition                                                              DeletedDateTime Description DisplayName          Id                                   IsOrganizatio
                                                                                                                                                              nDefault
----------                                                              --------------- ----------- -----------          --                                   -------------
{{"TokenLifetimePolicy":{"Version":1,"AccessTokenLifetime":"8:00:00"}}}                             TokenLifetimePolicy aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb False

This command creates a TokenLifetimePolicy in Microsoft Entra ID.

-Definition Parameter specifies an array of JSON that contains all the rules of the policy.
-Type Parameter specifies the type of policy.

Example 4: Create a TokenIssuancePolicy

Connect-Entra -Scopes 'Policy.ReadWrite.ApplicationConfiguration'
$params = @{
    Definition = @('{"TokenIssuancePolicy":{"Version":1,"SigningAlgorithm":"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256","SamlTokenVersion":1.1,"TokenResponseSigningPolicy":"TokenOnly","EmitSAMLNameFormat":"true"}}')
    DisplayName = 'tokenIssuance'
    Type = 'TokenIssuancePolicy'
}
New-EntraPolicy @params

Definition
----------
{{"TokenIssuancePolicy":{"Version":1,"SigningAlgorithm":"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256","SamlTokenVersion":1.1,"TokenResponseSigningPolicy":"TokenOnly…

This command creates a TokenIssuancePolicy in Microsoft Entra ID.

-Definition Parameter specifies an array of JSON that contains all the rules of the policy.
-Type Parameter specifies the type of policy.

Example 5: Create a ActivityBasedTimeoutPolicy

Connect-Entra -Scopes 'Policy.ReadWrite.ApplicationConfiguration'
$params = @{
    Definition = @('{"activityBasedTimeoutPolicies":{"AlternateLoginIDLookup":true, "IncludedUserIds":["UserID"]}}')
    DisplayName = 'ActivityBasedTimeoutPolicyname'
    Type = 'ActivityBasedTimeoutPolicy'
}
New-EntraPolicy @params

Definition                                                                                       DeletedDateTime Description DisplayName                    Id
----------                                                                                       --------------- ----------- -----------                    --
{{"activityBasedTimeoutPolicies":{"AlternateLoginIDLookup":true, "IncludedUserIds":["UserID"]}}}                             ActivityBasedTimeoutPolicyname aaaaaaaa-0000-1111-2222...

This command creates a ActivityBasedTimeoutPolicy in Microsoft Entra ID.

-Definition Parameter specifies an array of JSON that contains all the rules of the policy.
-Type Parameter specifies the type of policy.

Parameters

-Definition

Specifies an array of JSON that contains all the rules of the policy, for example: -Definition @("{"TokenLifetimePolicy":{"Version":1,"MaxInactiveTime":"20:00:00"}}").

Type:	System.Collections.Generic.List`1[System.String]
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-DisplayName

String of the policy name.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-IsOrganizationDefault

True if this policy is the organizational default.

Type:	System.Boolean
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Type

Specifies the type of policy. For token lifetimes, specify "TokenLifetimePolicy."

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

Share via

New-EntraPolicy

Syntax

Description

Examples

Example 1: Create a new policy

Example 2: Create a ClaimsMappingPolicy policy by 'IsOrganizationDefault' parameter

Example 3: Create a TokenLifetimePolicy

Example 4: Create a TokenIssuancePolicy

Example 5: Create a ActivityBasedTimeoutPolicy

Parameters

-Definition

-DisplayName

-IsOrganizationDefault

-Type

Feedback

Additional resources

Share via

New-EntraPolicy

Syntax

Description

Examples

Example 1: Create a new policy

Example 2: Create a ClaimsMappingPolicy policy by 'IsOrganizationDefault' parameter

Example 3: Create a TokenLifetimePolicy

Example 4: Create a TokenIssuancePolicy

Example 5: Create a ActivityBasedTimeoutPolicy

Parameters

-Definition

-DisplayName

-IsOrganizationDefault

-Type

Related Links

Feedback

Additional resources