Set-EntraConditionalAccessPolicy
Updates a conditional access policy in Microsoft Entra ID by Id.
Syntax
Set-EntraConditionalAccessPolicy
-PolicyId <String>
[-Conditions <ConditionalAccessConditionSet>]
[-GrantControls <ConditionalAccessGrantControls>]
[-DisplayName <String>]
[-Id <String>]
[-State <String>]
[-SessionControls <ConditionalAccessSessionControls>]
[<CommonParameters>] Description
This cmdlet allows an admin to update a conditional access policy in Microsoft Entra ID by Id.
Conditional access policies are custom rules that define an access scenario.
Examples
Example 1: Update a conditional access policy
Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess'
$cond = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet
$control = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls
$session = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessSessionControls
$params = @{
PolicyId = '4dddddd4-5ee5-6ff6-7aa7-8bbbbbbbbbb8'
DisplayName = 'MFA policy updated'
State = 'Enabled'
Conditions = $cond
GrantControls = $control
SessionControls = $session
}
Set-EntraConditionalAccessPolicy @paramsThe example shows how to update a conditional access policy in Microsoft Entra ID.
-PolicyIdparameter specifies the Id of conditional access policy.-DisplayNameparameter specifies the display name of a conditional access policy.-Stateparameter specifies the enabled or disabled state of the conditional access policy.-Conditionsparameter specifies the conditions for the conditional access policy.-GrantControlsparameter specifies the controls for the conditional access policy.-SessionControlsparameter Enables limited experiences within specific cloud applications.
Example 2: Update display name for a conditional access policy
Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess'
$params = @{
PolicyId = '4dddddd4-5ee5-6ff6-7aa7-8bbbbbbbbbb8'
DisplayName = 'MFA policy updated'
}
Set-EntraConditionalAccessPolicy @paramsThis command updates a conditional access policy in Microsoft Entra ID.
-PolicyIdparameter specifies the Id of conditional access policy.-DisplayNameparameter specifies the display name of a conditional access policy.
Example 3: Update the state for a conditional access policy
Connect-Entra -Scopes 'Policy.ReadWrite.ConditionalAccess'
$params = @{
PolicyId = '4dddddd4-5ee5-6ff6-7aa7-8bbbbbbbbbb8'
State = 'Enabled'
}
Set-EntraConditionalAccessPolicy @paramsThis command updates a conditional access policy in Microsoft Entra ID.
-PolicyIdparameter specifies the Id of conditional access policy.-Stateparameter specifies the enabled or disabled state of the conditional access policy.
Parameters
-Conditions
Specifies the conditions for the conditional access policy in Microsoft Entra ID.
| Type: | ConditionalAccessConditionSet |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DisplayName
Specifies the display name of a conditional access policy in Microsoft Entra ID.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-GrantControls
Specifies the controls for the conditional access policy in Microsoft Entra ID.
| Type: | ConditionalAccessGrantControls |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Id
Specifies the policy Id of a conditional access policy in Microsoft Entra ID.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PolicyId
Specifies the policy Id of a conditional access policy in Microsoft Entra ID.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-SessionControls
Enables limited experiences within specific cloud applications.
| Type: | ConditionalAccessSessionControls |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-State
Specifies the enabled or disabled state of the conditional access policy in Microsoft Entra ID.
| Type: | System.String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |