Get-MgIdentityConditionalAccessPolicy

Module:: Microsoft.Graph.Identity.SignIns Module

Retrieve the properties and relationships of a conditionalAccessPolicy object.

Syntax

List (Default)

Get-MgIdentityConditionalAccessPolicy
    [-ExpandProperty <string[]>]
    [-Property <string[]>]
    [-Filter <string>]
    [-Search <string>]
    [-Skip <int>]
    [-Sort <string[]>]
    [-Top <int>]
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [-PageSize <int>]
    [-All]
    [-CountVariable <string>]
    [<CommonParameters>]

Get

Get-MgIdentityConditionalAccessPolicy
    -ConditionalAccessPolicyId <string>
    [-ExpandProperty <string[]>]
    [-Property <string[]>]
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [<CommonParameters>]

GetViaIdentity

Get-MgIdentityConditionalAccessPolicy
    -InputObject <IIdentitySignInsIdentity>
    [-ExpandProperty <string[]>]
    [-Property <string[]>]
    [-ResponseHeadersVariable <string>]
    [-Break]
    [-Headers <IDictionary>]
    [-HttpPipelineAppend <SendAsyncStep[]>]
    [-HttpPipelinePrepend <SendAsyncStep[]>]
    [-Proxy <uri>]
    [-ProxyCredential <pscredential>]
    [-ProxyUseDefaultCredentials]
    [<CommonParameters>]

Description

Retrieve the properties and relationships of a conditionalAccessPolicy object.

Permissions

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	Policy.Read.All,
Delegated (personal Microsoft account)	Not supported
Application	Policy.Read.All,

Examples

Example 1: Get a list of all conditional access policies in Azure AD.

Connect-MgGraph -Scopes 'Policy.Read.All'
Get-MgIdentityConditionalAccessPolicy |Format-List

Conditions           : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet
CreatedDateTime      : 1/13/2022 6:35:35 AM
Description          :
DisplayName          : Exchange Online Requires Compliant Device
GrantControls        : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls
Id                   : 5e7615b8-dbe4-4cc1-810c-26adb77a3518
ModifiedDateTime     : 7/29/2022 9:08:10 AM
SessionControls      : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls
State                : enabled
AdditionalProperties : {}

Conditions           : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet
CreatedDateTime      : 1/13/2022 6:35:39 AM
Description          :
DisplayName          : Office 365 App Control
GrantControls        : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls
Id                   : 8783f4ea-215e-49f9-a4f6-cc21f6de45f6
ModifiedDateTime     : 7/29/2022 9:08:39 AM
SessionControls      : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls
State                : enabled
AdditionalProperties : {}

This example retrieves all the conditional access policies in Azure AD.

Example 2: Get a conditional access policy by Id

Connect-MgGraph -Scopes 'Policy.Read.All'

Get-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId '5e7615b8-dbe4-4cc1-810c-26adb77a3518' |
  Format-List

Conditions           : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet
CreatedDateTime      : 1/13/2022 6:35:35 AM
Description          :
DisplayName          : Exchange Online Requires Compliant Device
GrantControls        : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls
Id                   : 5e7615b8-dbe4-4cc1-810c-26adb77a3518
ModifiedDateTime     : 7/29/2022 9:08:10 AM
SessionControls      : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls
State                : enabled
AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metadata#identity/conditionalAccess/policies/$entity]}

This command retrieves the conditional access by Id.

Parameters

-All

List all pages.

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

List

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Break

Wait for .NET debugger to attach

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ConditionalAccessPolicyId

The unique identifier of conditionalAccessPolicy

Parameter properties

Type:	System.String
Supports wildcards:	False
DontShow:	False

Parameter sets

Get

Position:	Named
Mandatory:	True
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-CountVariable

Specifies a count of the total number of items in a collection. By default, this variable will be set in the global scope.

Parameter properties

Type:	System.String
Supports wildcards:	False
DontShow:	False
Aliases:	CV

Parameter sets

List

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ExpandProperty

Expand related entities

Parameter properties

Type:	System.String[]
Supports wildcards:	False
DontShow:	False
Aliases:	Expand

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Filter

Filter items by property values

Parameter properties

Type:	System.String
Supports wildcards:	False
DontShow:	False

Parameter sets

List

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Headers

Optional headers that will be added to the request.

Parameter properties

Type:	System.Collections.IDictionary
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-HttpPipelineAppend

SendAsync Pipeline Steps to be appended to the front of the pipeline

Parameter properties

Type:	Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-HttpPipelinePrepend

SendAsync Pipeline Steps to be prepended to the front of the pipeline

Parameter properties

Type:	Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[]
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Parameter properties

Type:	Microsoft.Graph.PowerShell.Models.IIdentitySignInsIdentity
Supports wildcards:	False
DontShow:	False

Parameter sets

GetViaIdentity

Position:	Named
Mandatory:	True
Value from pipeline:	True
Value from pipeline by property name:	False
Value from remaining arguments:	False

-PageSize

Sets the page size of results.

Parameter properties

Type:	System.Int32
Default value:	0
Supports wildcards:	False
DontShow:	False

Parameter sets

List

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Property

Select properties to be returned

Parameter properties

Type:	System.String[]
Supports wildcards:	False
DontShow:	False
Aliases:	Select

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Proxy

The URI for the proxy server to use

Parameter properties

Type:	System.Uri
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ProxyCredential

Credentials for a proxy server to use for the remote call

Parameter properties

Type:	System.Management.Automation.PSCredential
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ProxyUseDefaultCredentials

Use the default credentials for the proxy

Parameter properties

Type:	System.Management.Automation.SwitchParameter
Default value:	False
Supports wildcards:	False
DontShow:	False

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-ResponseHeadersVariable

Optional Response Headers Variable.

Parameter properties

Type:	System.String
Supports wildcards:	False
DontShow:	False
Aliases:	RHV

Parameter sets

(All)

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Search

Search items by search phrases

Parameter properties

Type:	System.String
Supports wildcards:	False
DontShow:	False

Parameter sets

List

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Skip

Skip the first n items

Parameter properties

Type:	System.Int32
Default value:	0
Supports wildcards:	False
DontShow:	False

Parameter sets

List

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Sort

Order items by property values

Parameter properties

Type:	System.String[]
Supports wildcards:	False
DontShow:	False
Aliases:	OrderBy

Parameter sets

List

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

-Top

Show only the first n items

Parameter properties

Type:	System.Int32
Default value:	0
Supports wildcards:	False
DontShow:	False
Aliases:	Limit

Parameter sets

List

Position:	Named
Mandatory:	False
Value from pipeline:	False
Value from pipeline by property name:	False
Value from remaining arguments:	False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

Microsoft.Graph.PowerShell.Models.IIdentitySignInsIdentity

System.Collections.IDictionary

Outputs

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphConditionalAccessPolicy

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

INPUTOBJECT <IIdentitySignInsIdentity>: Identity Parameter [ActivityBasedTimeoutPolicyId <String>]: The unique identifier of activityBasedTimeoutPolicy [AppManagementPolicyId <String>]: The unique identifier of appManagementPolicy [AuthenticationCombinationConfigurationId <String>]: The unique identifier of authenticationCombinationConfiguration [AuthenticationConditionApplicationAppId <String>]: The unique identifier of authenticationConditionApplication [AuthenticationContextClassReferenceId <String>]: The unique identifier of authenticationContextClassReference [AuthenticationEventListenerId <String>]: The unique identifier of authenticationEventListener [AuthenticationEventsFlowId <String>]: The unique identifier of authenticationEventsFlow [AuthenticationMethodConfigurationId <String>]: The unique identifier of authenticationMethodConfiguration [AuthenticationMethodId <String>]: The unique identifier of authenticationMethod [AuthenticationMethodModeDetailId <String>]: The unique identifier of authenticationMethodModeDetail [AuthenticationStrengthPolicyId <String>]: The unique identifier of authenticationStrengthPolicy [B2XIdentityUserFlowId <String>]: The unique identifier of b2xIdentityUserFlow [BitlockerRecoveryKeyId <String>]: The unique identifier of bitlockerRecoveryKey [CertificateBasedAuthConfigurationId <String>]: The unique identifier of certificateBasedAuthConfiguration [ClaimsMappingPolicyId <String>]: The unique identifier of claimsMappingPolicy [ConditionalAccessPolicyId <String>]: The unique identifier of conditionalAccessPolicy [ConditionalAccessTemplateId <String>]: The unique identifier of conditionalAccessTemplate [CrossTenantAccessPolicyConfigurationPartnerTenantId <String>]: The unique identifier of crossTenantAccessPolicyConfigurationPartner [CustomAuthenticationExtensionId <String>]: The unique identifier of customAuthenticationExtension [DataPolicyOperationId <String>]: The unique identifier of dataPolicyOperation [DirectoryObjectId <String>]: The unique identifier of directoryObject [EmailAuthenticationMethodId <String>]: The unique identifier of emailAuthenticationMethod [FeatureRolloutPolicyId <String>]: The unique identifier of featureRolloutPolicy [Fido2AuthenticationMethodId <String>]: The unique identifier of fido2AuthenticationMethod [HomeRealmDiscoveryPolicyId <String>]: The unique identifier of homeRealmDiscoveryPolicy [IdentityApiConnectorId <String>]: The unique identifier of identityApiConnector [IdentityProviderBaseId <String>]: The unique identifier of identityProviderBase [IdentityProviderId <String>]: The unique identifier of identityProvider [IdentityUserFlowAttributeAssignmentId <String>]: The unique identifier of identityUserFlowAttributeAssignment [IdentityUserFlowAttributeId <String>]: The unique identifier of identityUserFlowAttribute [LongRunningOperationId <String>]: The unique identifier of longRunningOperation [MicrosoftAuthenticatorAuthenticationMethodId <String>]: The unique identifier of microsoftAuthenticatorAuthenticationMethod [MultiTenantOrganizationMemberId <String>]: The unique identifier of multiTenantOrganizationMember [NamedLocationId <String>]: The unique identifier of namedLocation [OAuth2PermissionGrantId <String>]: The unique identifier of oAuth2PermissionGrant [OrganizationId <String>]: The unique identifier of organization [PasswordAuthenticationMethodId <String>]: The unique identifier of passwordAuthenticationMethod [PermissionGrantConditionSetId <String>]: The unique identifier of permissionGrantConditionSet [PermissionGrantPolicyId <String>]: The unique identifier of permissionGrantPolicy [PhoneAuthenticationMethodId <String>]: The unique identifier of phoneAuthenticationMethod [PlatformCredentialAuthenticationMethodId <String>]: The unique identifier of platformCredentialAuthenticationMethod [RiskDetectionId <String>]: The unique identifier of riskDetection [RiskyServicePrincipalHistoryItemId <String>]: The unique identifier of riskyServicePrincipalHistoryItem [RiskyServicePrincipalId <String>]: The unique identifier of riskyServicePrincipal [RiskyUserHistoryItemId <String>]: The unique identifier of riskyUserHistoryItem [RiskyUserId <String>]: The unique identifier of riskyUser [ServicePrincipalRiskDetectionId <String>]: The unique identifier of servicePrincipalRiskDetection [SoftwareOathAuthenticationMethodId <String>]: The unique identifier of softwareOathAuthenticationMethod [TemporaryAccessPassAuthenticationMethodId <String>]: The unique identifier of temporaryAccessPassAuthenticationMethod [ThreatAssessmentRequestId <String>]: The unique identifier of threatAssessmentRequest [ThreatAssessmentResultId <String>]: The unique identifier of threatAssessmentResult [TokenIssuancePolicyId <String>]: The unique identifier of tokenIssuancePolicy [TokenLifetimePolicyId <String>]: The unique identifier of tokenLifetimePolicy [UnifiedRoleManagementPolicyAssignmentId <String>]: The unique identifier of unifiedRoleManagementPolicyAssignment [UnifiedRoleManagementPolicyId <String>]: The unique identifier of unifiedRoleManagementPolicy [UnifiedRoleManagementPolicyRuleId <String>]: The unique identifier of unifiedRoleManagementPolicyRule [UserFlowLanguageConfigurationId <String>]: The unique identifier of userFlowLanguageConfiguration [UserFlowLanguagePageId <String>]: The unique identifier of userFlowLanguagePage [UserId <String>]: The unique identifier of user [WindowsHelloForBusinessAuthenticationMethodId <String>]: The unique identifier of windowsHelloForBusinessAuthenticationMethod

Share via

Get-MgIdentityConditionalAccessPolicy

Syntax

List (Default)

Get

GetViaIdentity

Description

Examples

Example 1: Get a list of all conditional access policies in Azure AD.

Example 2: Get a conditional access policy by Id

Parameters

-All

Parameter properties

Parameter sets

-Break

Parameter properties

Parameter sets

-ConditionalAccessPolicyId

Parameter properties

Parameter sets

-CountVariable

Parameter properties

Parameter sets

-ExpandProperty

Parameter properties

Parameter sets

-Filter

Parameter properties

Parameter sets

-Headers

Parameter properties

Parameter sets

-HttpPipelineAppend

Parameter properties

Parameter sets

-HttpPipelinePrepend

Parameter properties

Parameter sets

-InputObject

Parameter properties

Parameter sets

-PageSize

Parameter properties

Parameter sets

-Property

Parameter properties

Parameter sets

-Proxy

Parameter properties

Parameter sets

-ProxyCredential

Parameter properties

Parameter sets

-ProxyUseDefaultCredentials

Parameter properties

Parameter sets

-ResponseHeadersVariable

Parameter properties

Parameter sets

-Search

Parameter properties

Parameter sets

-Skip

Parameter properties

Parameter sets

-Sort

Parameter properties

Parameter sets

-Top

Parameter properties

Parameter sets

CommonParameters

Inputs

Microsoft.Graph.PowerShell.Models.IIdentitySignInsIdentity

System.Collections.IDictionary

Outputs

Microsoft.Graph.PowerShell.Models.IMicrosoftGraphConditionalAccessPolicy

Notes

Related Links