Get-EntraConditionalAccessPolicy
Gets a Microsoft Entra ID conditional access policy.
Syntax
GetQuery (Default)
Get-EntraConditionalAccessPolicy
[-Property <String[]>]
[<CommonParameters>]
GetById
Get-EntraConditionalAccessPolicy
-PolicyId <String>
[-Property <String[]>]
[<CommonParameters>]
Description
This cmdlet allows an admin to get the Microsoft Entra ID conditional access policy. Conditional access policies are custom rules that define an access scenario.
In delegated scenarios involving work or school accounts, the signed-in user must have a Microsoft Entra role or a custom role with the required permissions to act on behalf of another user. The following least privileged roles support this operation:
- Global Secure Access Administrator (read standard properties)
- Security Reader (read standard properties)
- Security Administrator (read standard properties)
- Global Reader
- Conditional Access Administrator
In delegated scenarios involving work or school accounts, the signed-in user must have a Microsoft Entra role or a custom role with the required permissions to act on behalf of another user. The following least privileged roles support this operation:
- Global Secure Access Administrator (read standard properties)
- Security Reader (read standard properties)
- Security Administrator (read standard properties)
- Global Reader
- Conditional Access Administrator
Examples
Example 1: Retrieves a list of all conditional access policies in Microsoft Entra ID
Connect-Entra -Scopes 'Policy.Read.All'
Get-EntraConditionalAccessPolicy
Id CreatedDateTime Description DisplayName ModifiedDateTime State TemplateId
-- --------------- ----------- ----------- ---------------- ----- ----------
eeeeeeee-4444-5555-6666-ffffffffffff 2/27/2024 6:23:21 AM ConditionalAccessPolicy 2/29/2024 2:41:17 PM disabled
ffffffff-5555-6666-7777-aaaaaaaaaaaa 2/27/2024 6:26:00 AM ConditionalAccessPolicy 2/29/2024 2:41:34 PM disabled
aaaaaaaa-6666-7777-8888-bbbbbbbbbbbb 2/27/2024 6:30:48 AM ConditionalAccessPolicy 2/29/2024 2:43:53 PM disabled
This example retrieves a list of all conditional access policies in Microsoft Entra ID.
Example 2: Retrieves a conditional access policy in Microsoft Entra ID with given ID
Connect-Entra -Scopes 'Policy.Read.All'
$policy = Get-EntraConditionalAccessPolicy | Where-Object { $_.DisplayName -eq 'Multifactor authentication for Contoso partners and vendors' }
Get-EntraConditionalAccessPolicy -PolicyId $policy.Id
Id CreatedDateTime Description DisplayName ModifiedDateTime State TemplateId
-- --------------- ----------- ----------- ---------------- ----- ----------
eeeeeeee-4444-5555-6666-ffffffffffff 2/27/2024 6:23:21 AM Multifactor authentication 2/29/2024 2:41:17 PM disabled
This example retrieves a specified conditional access policy in Microsoft Entra ID.
-PolicyIdparameter specifies the Id of a conditional access policy.
Parameters
-PolicyId
Specifies the ID of a conditional access policy in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
GetById
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Property
Specifies properties to be returned.
Parameter properties
| Type: | System.String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Select |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.