Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
New-MgPolicyAppManagementPolicy
Create an appManagementPolicy object.
Note
To view the beta release of this cmdlet, view New-MgBetaPolicyAppManagementPolicy
Syntax
CreateExpanded (Default)
New-MgPolicyAppManagementPolicy
[-ResponseHeadersVariable <string>]
[-AdditionalProperties <hashtable>]
[-AppliesTo <IMicrosoftGraphDirectoryObject[]>]
[-DeletedDateTime <datetime>]
[-Description <string>]
[-DisplayName <string>]
[-Id <string>]
[-IsEnabled]
[-Restrictions <hashtable>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Create
New-MgPolicyAppManagementPolicy
-BodyParameter <IMicrosoftGraphAppManagementPolicy>
[-ResponseHeadersVariable <string>]
[-Break]
[-Headers <IDictionary>]
[-HttpPipelineAppend <SendAsyncStep[]>]
[-HttpPipelinePrepend <SendAsyncStep[]>]
[-Proxy <uri>]
[-ProxyCredential <pscredential>]
[-ProxyUseDefaultCredentials]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Create an appManagementPolicy object.
Permissions
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | Policy.Read.ApplicationConfiguration, Policy.ReadWrite.ApplicationConfiguration, |
| Delegated (personal Microsoft account) | Not supported |
| Application | Policy.Read.ApplicationConfiguration, Policy.ReadWrite.ApplicationConfiguration, |
Examples
Example 1: Code snippet
Import-Module Microsoft.Graph.Identity.SignIns
$params = @{
displayName = "Credential management policy"
description = "Cred policy sample"
isEnabled = $true
restrictions = @{
passwordCredentials = @(
@{
restrictionType = "passwordAddition"
state = "enabled"
maxLifetime = $null
restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2019-10-19T10:37:00Z")
}
@{
restrictionType = "passwordLifetime"
state = "enabled"
maxLifetime = "P90D"
restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2014-10-19T10:37:00Z")
}
@{
restrictionType = "symmetricKeyAddition"
state = "enabled"
maxLifetime = $null
restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2019-10-19T10:37:00Z")
}
@{
restrictionType = "symmetricKeyLifetime"
state = "enabled"
maxLifetime = "P90D"
restrictForAppsCreatedAfterDateTime = [System.DateTime]::Parse("2014-10-19T10:37:00Z")
}
)
keyCredentials = @(
)
applicationRestrictions = @{
identifierUris = @{
nonDefaultUriAddition = @{
state = "disabled"
excludeAppsReceivingV2Tokens = $true
excludeSaml = $true
}
}
}
}
}
New-MgPolicyAppManagementPolicy -BodyParameter $params
This example shows how to use the New-MgPolicyAppManagementPolicy Cmdlet.
Parameters
-AdditionalProperties
Additional Parameters
Parameter properties
| Type: | System.Collections.Hashtable |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-AppliesTo
Collection of applications and service principals to which the policy is applied. To construct, see NOTES section for APPLIESTO properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphDirectoryObject[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-BodyParameter
appManagementPolicy To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAppManagementPolicy |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Break
Wait for .NET debugger to attach
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
-DeletedDateTime
Date and time when this object was deleted. Always null when the object hasn't been deleted.
Parameter properties
| Type: | System.DateTime |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Description
Description for this policy. Required.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-DisplayName
Display name for this policy. Required.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Headers
Optional headers that will be added to the request.
Parameter properties
| Type: | System.Collections.IDictionary |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-HttpPipelineAppend
SendAsync Pipeline Steps to be appended to the front of the pipeline
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-HttpPipelinePrepend
SendAsync Pipeline Steps to be prepended to the front of the pipeline
Parameter properties
| Type: | Microsoft.Graph.PowerShell.Runtime.SendAsyncStep[] |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Id
The unique identifier for an entity. Read-only.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-IsEnabled
Denotes whether the policy is enabled.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-Proxy
The URI for the proxy server to use
Parameter properties
| Type: | System.Uri |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ProxyCredential
Credentials for a proxy server to use for the remote call
Parameter properties
| Type: | System.Management.Automation.PSCredential |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ProxyUseDefaultCredentials
Use the default credentials for the proxy
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-ResponseHeadersVariable
Optional Response Headers Variable.
Parameter properties
| Type: | System.String |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | RHV |
Parameter sets
-Restrictions
customAppManagementConfiguration
Parameter properties
| Type: | System.Collections.Hashtable |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
-WhatIf
Runs the command in a mode that only reports what would happen without performing the actions.
Parameter properties
| Type: | System.Management.Automation.SwitchParameter |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Inputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAppManagementPolicy
{{ Fill in the Description }}
System.Collections.IDictionary
{{ Fill in the Description }}
Outputs
Microsoft.Graph.PowerShell.Models.IMicrosoftGraphAppManagementPolicy
{{ Fill in the Description }}
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
APPLIESTO <IMicrosoftGraphDirectoryObject[]>: Collection of applications and service principals to which the policy is applied. [Id <String>]: The unique identifier for an entity. Read-only. [DeletedDateTime <DateTime?>]: Date and time when this object was deleted. Always null when the object hasn't been deleted.
BODYPARAMETER <IMicrosoftGraphAppManagementPolicy>: appManagementPolicy
[(Any) <Object>]: This indicates any property can be added to this object.
[Description <String>]: Description for this policy.
Required.
[DisplayName <String>]: Display name for this policy.
Required.
[DeletedDateTime <DateTime?>]: Date and time when this object was deleted.
Always null when the object hasn't been deleted.
[Id <String>]: The unique identifier for an entity.
Read-only.
[AppliesTo <IMicrosoftGraphDirectoryObject[]>]: Collection of applications and service principals to which the policy is applied.
[Id <String>]: The unique identifier for an entity.
Read-only.
[DeletedDateTime <DateTime?>]: Date and time when this object was deleted.
Always null when the object hasn't been deleted.
[IsEnabled <Boolean?>]: Denotes whether the policy is enabled.
[Restrictions <IMicrosoftGraphCustomAppManagementConfiguration>]: customAppManagementConfiguration
[(Any) <Object>]: This indicates any property can be added to this object.
[KeyCredentials <IMicrosoftGraphKeyCredentialConfiguration[]>]: Collection of keyCredential restrictions settings to be applied to an application or service principal.
[MaxLifetime <TimeSpan?>]: String value that indicates the maximum lifetime for key expiration, defined as an ISO 8601 duration.
For example, P4DT12H30M5S represents four days, 12 hours, 30 minutes, and five seconds.
This property is required when restrictionType is set to keyLifetime.
[RestrictForAppsCreatedAfterDateTime <DateTime?>]: Specifies the date from which the policy restriction applies to newly created applications.
For existing applications, the enforcement date can be retroactively applied.
[RestrictionType <String>]: appKeyCredentialRestrictionType
[State <String>]: appManagementRestrictionState
[PasswordCredentials <IMicrosoftGraphPasswordCredentialConfiguration[]>]: Collection of password restrictions settings to be applied to an application or service principal.
[MaxLifetime <TimeSpan?>]: String value that indicates the maximum lifetime for password expiration, defined as an ISO 8601 duration.
For example, P4DT12H30M5S represents four days, 12 hours, 30 minutes, and five seconds.
This property is required when restrictionType is set to passwordLifetime.
[RestrictForAppsCreatedAfterDateTime <DateTime?>]: Specifies the date from which the policy restriction applies to newly created applications.
For existing applications, the enforcement date can be retroactively applied.
[RestrictionType <String>]: appCredentialRestrictionType
[State <String>]: appManagementRestrictionState