Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
Get-EntraConditionalAccessPolicy
Gets a Microsoft Entra ID conditional access policy.
Syntax
GetQuery (Default)
Get-EntraConditionalAccessPolicy
[-Property <String[]>]
[<CommonParameters>]
GetById
Get-EntraConditionalAccessPolicy
-PolicyId <String>
[-Property <String[]>]
[<CommonParameters>]
Description
This cmdlet allows an admin to get the Microsoft Entra ID conditional access policy. Conditional access policies are custom rules that define an access scenario.
In delegated scenarios involving work or school accounts, the signed-in user must have a Microsoft Entra role or a custom role with the required permissions to act on behalf of another user. The following least privileged roles support this operation:
- Global Secure Access Administrator (read standard properties)
- Security Reader (read standard properties)
- Security Administrator (read standard properties)
- Global Reader
- Conditional Access Administrator
In delegated scenarios involving work or school accounts, the signed-in user must have a Microsoft Entra role or a custom role with the required permissions to act on behalf of another user. The following least privileged roles support this operation:
- Global Secure Access Administrator (read standard properties)
- Security Reader (read standard properties)
- Security Administrator (read standard properties)
- Global Reader
- Conditional Access Administrator
Examples
Example 1: Retrieves a list of all conditional access policies in Microsoft Entra ID
Connect-Entra -Scopes 'Policy.Read.All'
Get-EntraConditionalAccessPolicy
Id CreatedDateTime Description DisplayName ModifiedDateTime State TemplateId
-- --------------- ----------- ----------- ---------------- ----- ----------
eeeeeeee-4444-5555-6666-ffffffffffff 2/27/2024 6:23:21 AM ConditionalAccessPolicy 2/29/2024 2:41:17 PM disabled
ffffffff-5555-6666-7777-aaaaaaaaaaaa 2/27/2024 6:26:00 AM ConditionalAccessPolicy 2/29/2024 2:41:34 PM disabled
aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb 2/27/2024 6:30:48 AM ConditionalAccessPolicy 2/29/2024 2:43:53 PM disabled
This example retrieves a list of all conditional access policies in Microsoft Entra ID.
Example 2: Retrieves a conditional access policy in Microsoft Entra ID with given ID
Connect-Entra -Scopes 'Policy.Read.All'
$policy = Get-EntraConditionalAccessPolicy | Where-Object { $_.DisplayName -eq 'Multifactor authentication for Contoso partners and vendors' }
Get-EntraConditionalAccessPolicy -PolicyId $policy.Id
Id CreatedDateTime Description DisplayName ModifiedDateTime State TemplateId
-- --------------- ----------- ----------- ---------------- ----- ----------
eeeeeeee-4444-5555-6666-ffffffffffff 2/27/2024 6:23:21 AM Multifactor authentication 2/29/2024 2:41:17 PM disabled
This example retrieves a specified conditional access policy in Microsoft Entra ID.
-PolicyIdparameter specifies the Id of a conditional access policy.
Parameters
-PolicyId
Specifies the ID of a conditional access policy in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Property
Specifies properties to be returned.
Parameter properties
| Type: | System.String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Select |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Related Links
Feedback
Was this page helpful?