Update-MgBetaPolicyDefaultAppManagementPolicy

Module:

Microsoft.Graph.Beta.Identity.SignIns Module

Update the properties of a tenantAppManagementPolicy object.

Update-MgBetaPolicyDefaultAppManagementPolicy
 [-ResponseHeadersVariable <string>]
 [-AdditionalProperties <hashtable>]
 [-ApplicationRestrictions <IMicrosoftGraphAppManagementApplicationConfiguration>]
 [-DeletedDateTime <datetime>]
 [-Description <string>]
 [-DisplayName <string>]
 [-Id <string>]
 [-IsEnabled]
 [-ServicePrincipalRestrictions <hashtable>]
 [-Break]
 [-Headers <IDictionary>]
 [-HttpPipelineAppend <SendAsyncStep[]>]
 [-HttpPipelinePrepend <SendAsyncStep[]>]
 [-Proxy <uri>]
 [-ProxyCredential <pscredential>]
 [-ProxyUseDefaultCredentials]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

Update-MgBetaPolicyDefaultAppManagementPolicy

 -BodyParameter <IMicrosoftGraphTenantAppManagementPolicy>
 [-ResponseHeadersVariable <string>]
 [-Break]
 [-Headers <IDictionary>]
 [-HttpPipelineAppend <SendAsyncStep[]>]
 [-HttpPipelinePrepend <SendAsyncStep[]>]
 [-Proxy <uri>]
 [-ProxyCredential <pscredential>]
 [-ProxyUseDefaultCredentials]
 [-WhatIf]
 [-Confirm]
 [<CommonParameters>]

Update the properties of a tenantAppManagementPolicy object.

Permissions

Import-Module Microsoft.Graph.Beta.Identity.SignIns

$params = @{
	isEnabled = $true
	applicationRestrictions = @{
		passwordCredentials = @(
			@{
				restrictionType = "passwordAddition"
				maxLifetime = $null
				restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2021-01-01T10:37:00Z")
			}
			@{
				restrictionType = "passwordLifetime"
				maxLifetime = "P90D"
				restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2017-01-01T10:37:00Z")
			}
			@{
				restrictionType = "symmetricKeyAddition"
				maxLifetime = $null
				restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2021-01-01T10:37:00Z")
			}
			@{
				restrictionType = "customPasswordAddition"
				maxLifetime = $null
				restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2015-01-01T10:37:00Z")
			}
			@{
				restrictionType = "symmetricKeyLifetime"
				maxLifetime = "P30D"
				restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2015-01-01T10:37:00Z")
			}
		)
		keyCredentials = @(
			@{
				restrictionType = "asymmetricKeyLifetime"
				maxLifetime = "P30D"
				restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2015-01-01T10:37:00Z")
			}
			@{
				restrictionType = "trustedCertificateAuthority"
				restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2019-10-19T10:37:00Z")
				certificateBasedApplicationConfigurationIds = @(
				"eec5ba11-2fc0-4113-83a2-ed986ed13743"
			"bb8e164b-f9ed-4b98-bc45-65eddc14f4c1"
		)
		maxLifetime = $null
	}
)
identifierUris = @{
	nonDefaultUriAddition = @{
		restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2024-01-01T10:37:00Z")
		excludeAppsReceivingV2Tokens = $true
		excludeSaml = $true
		excludeActors = @{
			customSecurityAttributes = @(
				@{
					"@odata.type" = "microsoft.graph.customSecurityAttributeStringValueExemption"
					id = "PolicyExemptions_AppManagementExemption"
					operator = "equals"
					value = "ExemptFromIdentifierUriAdditionRestriction"
				}
			)
		}
	}
}
}
}

Update-MgBetaPolicyDefaultAppManagementPolicy -BodyParameter $params

This example shows how to use the Update-MgBetaPolicyDefaultAppManagementPolicy Cmdlet.

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

{{ Fill in the Description }}

{{ Fill in the Description }}

{{ Fill in the Description }}

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

APPLICATIONRESTRICTIONS <IMicrosoftGraphAppManagementApplicationConfiguration>: appManagementApplicationConfiguration [(Any) <Object>]: This indicates any property can be added to this object. [KeyCredentials <IMicrosoftGraphKeyCredentialConfiguration[]>]: [CertificateBasedApplicationConfigurationIds <String[]>]: Collection of GUIDs that represent certificateBasedApplicationConfiguration that is allowed as root and intermediate certificate authorities. [ExcludeActors <IMicrosoftGraphAppManagementPolicyActorExemptions>]: appManagementPolicyActorExemptions [(Any) <Object>]: This indicates any property can be added to this object. [CustomSecurityAttributes <IMicrosoftGraphCustomSecurityAttributeExemption[]>]: [Id <String>]: The unique identifier for an entity. Read-only. [Operator <String>]: customSecurityAttributeComparisonOperator [MaxLifetime <TimeSpan?>]: String value that indicates the maximum lifetime for key expiration, defined as an ISO 8601 duration. For example, P4DT12H30M5S represents four days, 12 hours, 30 minutes, and five seconds. This property is required when restrictionType is set to keyLifetime. [RestrictForAppsCreatedAfterDateTime <DateTime?>]: Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied. [RestrictionType <String>]: appKeyCredentialRestrictionType [State <String>]: appManagementRestrictionState [PasswordCredentials <IMicrosoftGraphPasswordCredentialConfiguration[]>]: [ExcludeActors <IMicrosoftGraphAppManagementPolicyActorExemptions>]: appManagementPolicyActorExemptions [MaxLifetime <TimeSpan?>]: String value that indicates the maximum lifetime for password expiration, defined as an ISO 8601 duration. For example, P4DT12H30M5S represents four days, 12 hours, 30 minutes, and five seconds. This property is required when restrictionType is set to passwordLifetime. [RestrictForAppsCreatedAfterDateTime <DateTime?>]: Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied. [RestrictionType <String>]: appCredentialRestrictionType [State <String>]: appManagementRestrictionState [Audiences <IMicrosoftGraphAudiencesConfiguration>]: audiencesConfiguration [(Any) <Object>]: This indicates any property can be added to this object. [AzureAdMultipleOrgs <IMicrosoftGraphAzureAdMultipleOrgsAudienceRestriction>]: azureAdMultipleOrgsAudienceRestriction [(Any) <Object>]: This indicates any property can be added to this object. [ExcludeActors <IMicrosoftGraphAppManagementPolicyActorExemptions>]: appManagementPolicyActorExemptions [RestrictForAppsCreatedAfterDateTime <DateTime?>]: Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied. [State <String>]: appManagementRestrictionState [PersonalMicrosoftAccount <IMicrosoftGraphAudienceRestriction>]: audienceRestriction [(Any) <Object>]: This indicates any property can be added to this object. [ExcludeActors <IMicrosoftGraphAppManagementPolicyActorExemptions>]: appManagementPolicyActorExemptions [RestrictForAppsCreatedAfterDateTime <DateTime?>]: Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied. [State <String>]: appManagementRestrictionState [IdentifierUris <IMicrosoftGraphIdentifierUriConfiguration>]: identifierUriConfiguration [(Any) <Object>]: This indicates any property can be added to this object. [NonDefaultUriAddition <IMicrosoftGraphIdentifierUriRestriction>]: identifierUriRestriction [(Any) <Object>]: This indicates any property can be added to this object. [ExcludeActors <IMicrosoftGraphAppManagementPolicyActorExemptions>]: appManagementPolicyActorExemptions [ExcludeAppsReceivingV2Tokens <Boolean?>]: If true, the restriction isn't enforced for applications that are configured to receive V2 tokens in Microsoft Entra ID; else, the restriction isn't enforced for those applications. [ExcludeSaml <Boolean?>]: If true, the restriction isn't enforced for SAML applications in Microsoft Entra ID; else, the restriction is enforced for those applications. [RestrictForAppsCreatedAfterDateTime <DateTime?>]: Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied. [State <String>]: appManagementRestrictionState [UriAdditionWithoutUniqueTenantIdentifier <IMicrosoftGraphIdentifierUriRestriction>]: identifierUriRestriction

BODYPARAMETER <IMicrosoftGraphTenantAppManagementPolicy>: tenantAppManagementPolicy [(Any) <Object>]: This indicates any property can be added to this object. [Description <String>]: Description for this policy. Required. [DisplayName <String>]: Display name for this policy. Required. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted. [Id <String>]: The unique identifier for an entity. Read-only. [ApplicationRestrictions <IMicrosoftGraphAppManagementApplicationConfiguration>]: appManagementApplicationConfiguration [(Any) <Object>]: This indicates any property can be added to this object. [KeyCredentials <IMicrosoftGraphKeyCredentialConfiguration[]>]: [CertificateBasedApplicationConfigurationIds <String[]>]: Collection of GUIDs that represent certificateBasedApplicationConfiguration that is allowed as root and intermediate certificate authorities. [ExcludeActors <IMicrosoftGraphAppManagementPolicyActorExemptions>]: appManagementPolicyActorExemptions [(Any) <Object>]: This indicates any property can be added to this object. [CustomSecurityAttributes <IMicrosoftGraphCustomSecurityAttributeExemption[]>]: [Id <String>]: The unique identifier for an entity. Read-only. [Operator <String>]: customSecurityAttributeComparisonOperator [MaxLifetime <TimeSpan?>]: String value that indicates the maximum lifetime for key expiration, defined as an ISO 8601 duration. For example, P4DT12H30M5S represents four days, 12 hours, 30 minutes, and five seconds. This property is required when restrictionType is set to keyLifetime. [RestrictForAppsCreatedAfterDateTime <DateTime?>]: Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied. [RestrictionType <String>]: appKeyCredentialRestrictionType [State <String>]: appManagementRestrictionState [PasswordCredentials <IMicrosoftGraphPasswordCredentialConfiguration[]>]: [ExcludeActors <IMicrosoftGraphAppManagementPolicyActorExemptions>]: appManagementPolicyActorExemptions [MaxLifetime <TimeSpan?>]: String value that indicates the maximum lifetime for password expiration, defined as an ISO 8601 duration. For example, P4DT12H30M5S represents four days, 12 hours, 30 minutes, and five seconds. This property is required when restrictionType is set to passwordLifetime. [RestrictForAppsCreatedAfterDateTime <DateTime?>]: Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied. [RestrictionType <String>]: appCredentialRestrictionType [State <String>]: appManagementRestrictionState [Audiences <IMicrosoftGraphAudiencesConfiguration>]: audiencesConfiguration [(Any) <Object>]: This indicates any property can be added to this object. [AzureAdMultipleOrgs <IMicrosoftGraphAzureAdMultipleOrgsAudienceRestriction>]: azureAdMultipleOrgsAudienceRestriction [(Any) <Object>]: This indicates any property can be added to this object. [ExcludeActors <IMicrosoftGraphAppManagementPolicyActorExemptions>]: appManagementPolicyActorExemptions [RestrictForAppsCreatedAfterDateTime <DateTime?>]: Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied. [State <String>]: appManagementRestrictionState [PersonalMicrosoftAccount <IMicrosoftGraphAudienceRestriction>]: audienceRestriction [(Any) <Object>]: This indicates any property can be added to this object. [ExcludeActors <IMicrosoftGraphAppManagementPolicyActorExemptions>]: appManagementPolicyActorExemptions [RestrictForAppsCreatedAfterDateTime <DateTime?>]: Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied. [State <String>]: appManagementRestrictionState [IdentifierUris <IMicrosoftGraphIdentifierUriConfiguration>]: identifierUriConfiguration [(Any) <Object>]: This indicates any property can be added to this object. [NonDefaultUriAddition <IMicrosoftGraphIdentifierUriRestriction>]: identifierUriRestriction [(Any) <Object>]: This indicates any property can be added to this object. [ExcludeActors <IMicrosoftGraphAppManagementPolicyActorExemptions>]: appManagementPolicyActorExemptions [ExcludeAppsReceivingV2Tokens <Boolean?>]: If true, the restriction isn't enforced for applications that are configured to receive V2 tokens in Microsoft Entra ID; else, the restriction isn't enforced for those applications. [ExcludeSaml <Boolean?>]: If true, the restriction isn't enforced for SAML applications in Microsoft Entra ID; else, the restriction is enforced for those applications. [RestrictForAppsCreatedAfterDateTime <DateTime?>]: Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied. [State <String>]: appManagementRestrictionState [UriAdditionWithoutUniqueTenantIdentifier <IMicrosoftGraphIdentifierUriRestriction>]: identifierUriRestriction [IsEnabled <Boolean?>]: Denotes whether the policy is enabled. Default value is false. [ServicePrincipalRestrictions <IMicrosoftGraphAppManagementServicePrincipalConfiguration>]: appManagementServicePrincipalConfiguration [(Any) <Object>]: This indicates any property can be added to this object. [KeyCredentials <IMicrosoftGraphKeyCredentialConfiguration[]>]: [PasswordCredentials <IMicrosoftGraphPasswordCredentialConfiguration[]>]: