Изменить

Поделиться через

Get-EntraConditionalAccessPolicy

  • Reference
Module:
Microsoft.Entra

Gets a Microsoft Entra ID conditional access policy.

Syntax

Get-EntraConditionalAccessPolicy
   [-Property <String[]>]
   [<CommonParameters>]
Get-EntraConditionalAccessPolicy
   -PolicyId <String>
   [-Property <String[]>]
   [<CommonParameters>]

Description

This cmdlet allows an admin to get the Microsoft Entra ID conditional access policy. Conditional access policies are custom rules that define an access scenario.

In delegated scenarios involving work or school accounts, the signed-in user must have a Microsoft Entra role or a custom role with the required permissions to act on behalf of another user. The following least privileged roles support this operation:

  • Global Secure Access Administrator (read standard properties)
  • Security Reader (read standard properties)
  • Security Administrator (read standard properties)
  • Global Reader
  • Conditional Access Administrator

In delegated scenarios involving work or school accounts, the signed-in user must have a Microsoft Entra role or a custom role with the required permissions to act on behalf of another user. The following least privileged roles support this operation:

  • Global Secure Access Administrator (read standard properties)
  • Security Reader (read standard properties)
  • Security Administrator (read standard properties)
  • Global Reader
  • Conditional Access Administrator

Examples

Example 1: Retrieves a list of all conditional access policies in Microsoft Entra ID

Connect-Entra -Scopes 'Policy.Read.All'
Get-EntraConditionalAccessPolicy

Id                                   CreatedDateTime      Description DisplayName                ModifiedDateTime     State    TemplateId
--                                   ---------------      ----------- -----------                ----------------     -----    ----------
eeeeeeee-4444-5555-6666-ffffffffffff 2/27/2024 6:23:21 AM             ConditionalAccessPolicy    2/29/2024 2:41:17 PM disabled
ffffffff-5555-6666-7777-aaaaaaaaaaaa 2/27/2024 6:26:00 AM             ConditionalAccessPolicy    2/29/2024 2:41:34 PM disabled
aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb 2/27/2024 6:30:48 AM             ConditionalAccessPolicy    2/29/2024 2:43:53 PM disabled

This example retrieves a list of all conditional access policies in Microsoft Entra ID.

Example 2: Retrieves a conditional access policy in Microsoft Entra ID with given ID

Connect-Entra -Scopes 'Policy.Read.All'
$policy = Get-EntraConditionalAccessPolicy | Where-Object { $_.DisplayName -eq 'Multifactor authentication for Contoso partners and vendors' }
Get-EntraConditionalAccessPolicy -PolicyId $policy.Id

Id                                    CreatedDateTime        Description                  DisplayName                  ModifiedDateTime       State     TemplateId
--                                    ---------------        -----------                  -----------                  ----------------       -----     ----------
eeeeeeee-4444-5555-6666-ffffffffffff  2/27/2024 6:23:21 AM   Multifactor authentication   2/29/2024 2:41:17 PM         disabled

This example retrieves a specified conditional access policy in Microsoft Entra ID.

  • -PolicyId parameter specifies the Id of a conditional access policy.

Parameters

-PolicyId

Specifies the ID of a conditional access policy in Microsoft Entra ID.

Type:System.String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Property

Specifies properties to be returned.

Type:System.String[]
Aliases:Select
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False