diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Get-MgIdentityConditionalAccessNamedLocation.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Get-MgIdentityConditionalAccessNamedLocation.md index 093355d11d5..1aa30f5cea1 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Get-MgIdentityConditionalAccessNamedLocation.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Get-MgIdentityConditionalAccessNamedLocation.md @@ -1,18 +1,27 @@ -### Example 1: {{ Add title here }} +### Example 1: Get a list of all named locations + ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.Read.All' +Get-MgIdentityConditionalAccessNamedLocation -{{ Add output here }} +Id CreatedDateTime DisplayName ModifiedDateTime +-- --------------- ----------- ---------------- +1b43b630-dbef-4cb7-afe5-fa4e113ea6b2 4/21/2022 10:28:22 AM KOs 6/13/2022 8:23:06 AM +1f0fd623-bf8f-4003-9627-32a68c3cdcc1 6/13/2022 8:27:35 AM Updated named location 6/13/2022 8:54:24 AM +0824dbaf-6277-4db0-8112-b29fd356f2c4 6/13/2022 8:41:38 AM Untrusted IP named location 6/13/2022 8:41:38 AM ``` -{{ Add description here }} +This example lists all existing named location rules. + +### Example 2: Get a named location by Id -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.Read.All' +Get-MgIdentityConditionalAccessNamedLocation -NamedLocationId '1f0fd623-bf8f-4003-9627-32a68c3cdcc1' -{{ Add output here }} +Id CreatedDateTime DisplayName ModifiedDateTime +-- --------------- ----------- ---------------- +1f0fd623-bf8f-4003-9627-32a68c3cdcc1 6/13/2022 8:27:35 AM Updated named location 6/13/2022 8:54:24 AM ``` -{{ Add description here }} - +This example gets the named location rule by Id. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Get-MgIdentityConditionalAccessPolicy.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Get-MgIdentityConditionalAccessPolicy.md index 093355d11d5..1ff43591b81 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Get-MgIdentityConditionalAccessPolicy.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Get-MgIdentityConditionalAccessPolicy.md @@ -1,18 +1,51 @@ -### Example 1: {{ Add title here }} +### Example 1: Get a list of all conditional access policies in Azure AD. + ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.Read.All' +Get-MgIdentityConditionalAccessPolicy |Format-List + +Conditions : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet +CreatedDateTime : 1/13/2022 6:35:35 AM +Description : +DisplayName : Exchange Online Requires Compliant Device +GrantControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls +Id : 5e7615b8-dbe4-4cc1-810c-26adb77a3518 +ModifiedDateTime : 7/29/2022 9:08:10 AM +SessionControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls +State : enabled +AdditionalProperties : {} -{{ Add output here }} +Conditions : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet +CreatedDateTime : 1/13/2022 6:35:39 AM +Description : +DisplayName : Office 365 App Control +GrantControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls +Id : 8783f4ea-215e-49f9-a4f6-cc21f6de45f6 +ModifiedDateTime : 7/29/2022 9:08:39 AM +SessionControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls +State : enabled +AdditionalProperties : {} ``` -{{ Add description here }} +This example retrieves all the conditional access policies in Azure AD. + +### Example 2: Get a conditional access policy by Id -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.Read.All' +Get-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId '5e7615b8-dbe4-4cc1-810c-26adb77a3518' | + Format-List -{{ Add output here }} +Conditions : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet +CreatedDateTime : 1/13/2022 6:35:35 AM +Description : +DisplayName : Exchange Online Requires Compliant Device +GrantControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls +Id : 5e7615b8-dbe4-4cc1-810c-26adb77a3518 +ModifiedDateTime : 7/29/2022 9:08:10 AM +SessionControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls +State : enabled +AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metadata#identity/conditionalAccess/policies/$entity]} ``` -{{ Add description here }} - +This command retrieves the conditional access by Id. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/New-MgIdentityConditionalAccessNamedLocation.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/New-MgIdentityConditionalAccessNamedLocation.md index 093355d11d5..09bf176578d 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/New-MgIdentityConditionalAccessNamedLocation.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/New-MgIdentityConditionalAccessNamedLocation.md @@ -1,18 +1,53 @@ -### Example 1: {{ Add title here }} +### Example 1: Create a country named location + ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' + +$params = @{ +"@odata.type" = "#microsoft.graph.countryNamedLocation" +DisplayName = "Named location with unknown countries and regions" +CountriesAndRegions = @( + "US" + "XK" +) +IncludeUnknownCountriesAndRegions = $true +} -{{ Add output here }} +New-MgIdentityConditionalAccessNamedLocation -BodyParameter $params + +Id CreatedDateTime DisplayName ModifiedDateTime +-- --------------- ----------- ---------------- +1f0fd623-bf8f-4003-9627-32a68c3cdcc1 6/13/2022 8:27:35 AM Named location with unknown countries and regions 6/13/2022 8:27:35 AM ``` -{{ Add description here }} +This example creates a country named location. + +### Example 2: Create an ip named location -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' -{{ Add output here }} -``` +$params = @{ +"@odata.type" = "#microsoft.graph.ipNamedLocation" +DisplayName = "Untrusted IP named location" +IsTrusted = $false +IpRanges = @( + @{ + "@odata.type" = "#microsoft.graph.iPv4CidrRange" + CidrAddress = "12.34.221.11/22" + } + @{ + "@odata.type" = "#microsoft.graph.iPv6CidrRange" + CidrAddress = "2001:0:9d38:90d6:0:0:0:0/63" + } +) +} + +New-MgIdentityConditionalAccessNamedLocation -BodyParameter $params -{{ Add description here }} +Id CreatedDateTime DisplayName ModifiedDateTime +-- --------------- ----------- ---------------- +0824dbaf-6277-4db0-8112-b29fd356f2c4 6/13/2022 8:41:38 AM Untrusted IP named location 6/13/2022 8:41:38 AM +``` +This example creates an Ip named location. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/New-MgIdentityConditionalAccessPolicy.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/New-MgIdentityConditionalAccessPolicy.md index 093355d11d5..411321c83ed 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/New-MgIdentityConditionalAccessPolicy.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/New-MgIdentityConditionalAccessPolicy.md @@ -1,18 +1,95 @@ -### Example 1: {{ Add title here }} +### Example 1: Require MFA to access Exchange Online outside of trusted locations + ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' + + +$params = @{ + DisplayName = "Access to EXO requires MFA" + State = "enabled" + Conditions = @{ + ClientAppTypes = @( + "mobileAppsAndDesktopClients" + "browser" + ) + Applications = @{ + IncludeApplications = @( + "b457cbac-03cb-4b15-9eef-79f24f8d3247" + ) + } + Users = @{ + IncludeGroups = @( + "f39e2655-3fae-43ad-94e2-c2b593cfc473" + ) + } + Locations = @{ + IncludeLocations = @( + "All" + ) + ExcludeLocations = @( + "AllTrusted" + ) + } + } + GrantControls = @{ + Operator = "OR" + BuiltInControls = @( + "mfa" + ) + } +} -{{ Add output here }} +New-MgIdentityConditionalAccessPolicy -BodyParameter $params + +Id CreatedDateTime Description DisplayName ModifiedDateTime State +-- --------------- ----------- ----------- ---------------- ----- +1c9afd06-3f59-464e-a6d9-193d99764a01 7/29/2022 9:46:18 AM Access to EXO requires MFA enabled ``` -{{ Add description here }} +This example shows a request to require multi-factor authentication for access to Exchange Online from modern authentication clients outside of trusted locations for a particular group. + +### Example 2: Block access to Exchange Online from non-trusted regions -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' -{{ Add output here }} -``` +$params = @{ + DisplayName = "Block access to EXO non-trusted regions." + State = "enabled" + Conditions = @{ + ClientAppTypes = @( + "all" + ) + Applications = @{ + IncludeApplications = @( + "b457cbac-03cb-4b15-9eef-79f24f8d3247" + ) + } + Users = @{ + IncludeGroups = @( + "f39e2655-3fae-43ad-94e2-c2b593cfc473" + ) + } + Locations = @{ + IncludeLocations = @( + "0824dbaf-6277-4db0-8112-b29fd356f2c4" + ) + } + } + GrantControls = @{ + Operator = "OR" + BuiltInControls = @( + "block" + ) + } + } + +New-MgIdentityConditionalAccessPolicy -BodyParameter $params -{{ Add description here }} +Id CreatedDateTime Description DisplayName ModifiedDateTime State +-- --------------- ----------- ----------- ---------------- ----- +61c7530f-5c1d-44b2-a972-4ae658b7a9ac 7/29/2022 10:03:30 AM Block access to EXO non-trusted regions. enabled + +``` +This example shows a request to block access to Exchange Online from non-trusted/unknown regions. This example assumes that the named location `0824dbaf-6277-4db0-8112-b29fd356f2c4` corresponds to a list of non-trusted/unknown regions. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Remove-MgIdentityConditionalAccessNamedLocation.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Remove-MgIdentityConditionalAccessNamedLocation.md index 093355d11d5..e63e26b51c1 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Remove-MgIdentityConditionalAccessNamedLocation.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Remove-MgIdentityConditionalAccessNamedLocation.md @@ -1,18 +1,9 @@ -### Example 1: {{ Add title here }} -```powershell -PS C:\> {{ Add code here }} - -{{ Add output here }} -``` +### Example 1: Remove a named location -{{ Add description here }} - -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' -{{ Add output here }} +Remove-MgIdentityConditionalAccessNamedLocation -NamedLocationId $namedLocationId ``` -{{ Add description here }} - +This example removed the named location specified by `$namedLocationId`. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Remove-MgIdentityConditionalAccessPolicy.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Remove-MgIdentityConditionalAccessPolicy.md index 093355d11d5..8be548f0b53 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Remove-MgIdentityConditionalAccessPolicy.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Remove-MgIdentityConditionalAccessPolicy.md @@ -1,18 +1,9 @@ -### Example 1: {{ Add title here }} -```powershell -PS C:\> {{ Add code here }} - -{{ Add output here }} -``` +### Example 1: Remove a conditional access policy -{{ Add description here }} - -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' -{{ Add output here }} +Remove-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId $conditionalAccessPolicyId ``` -{{ Add description here }} - +This example deletes the conditional access policy specified by `$conditionalAccessPolicyId`. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Update-MgIdentityConditionalAccessNamedLocation.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Update-MgIdentityConditionalAccessNamedLocation.md index 093355d11d5..6a094d8bd38 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Update-MgIdentityConditionalAccessNamedLocation.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Update-MgIdentityConditionalAccessNamedLocation.md @@ -1,18 +1,21 @@ -### Example 1: {{ Add title here }} -```powershell -PS C:\> {{ Add code here }} - -{{ Add output here }} -``` +### Example 1: Update a country named location by adding to the list of countries -{{ Add description here }} - -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' -{{ Add output here }} -``` +$params = @{ +"@odata.type" = "#microsoft.graph.countryNamedLocation" +DisplayName = "Named location with unknown countries and regions" +CountriesAndRegions = @( + "US" + "XK" + "ID" + "CA" +) +IncludeUnknownCountriesAndRegions = $true +} -{{ Add description here }} +Update-MgIdentityConditionalAccessNamedLocation -NamedLocationId '1f0fd623-bf8f-4003-9627-32a68c3cdcc1' -BodyParameter $params +``` +This example updates the details of an existing named location. Supply the values of the relevant fields that should be updated. In this example, `ID` and `CA` are added in the list of countries. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Update-MgIdentityConditionalAccessPolicy.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Update-MgIdentityConditionalAccessPolicy.md index 093355d11d5..e455d753506 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Update-MgIdentityConditionalAccessPolicy.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0-beta/Update-MgIdentityConditionalAccessPolicy.md @@ -1,18 +1,19 @@ -### Example 1: {{ Add title here }} -```powershell -PS C:\> {{ Add code here }} - -{{ Add output here }} -``` +### Example 1: Add sign in risk levels to an existing conditional access policy -{{ Add description here }} - -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' + +$params = @{ + Conditions = @{ + SignInRiskLevels = @( + "high" + "medium" + "low" + ) + } +} -{{ Add output here }} +Update-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId '61c7530f-5c1d-44b2-a972-4ae658b7a9ac' -BodyParameter $params ``` -{{ Add description here }} - +This example updates and existing access policy to add the sign in risk levels. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Get-MgIdentityConditionalAccessNamedLocation.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Get-MgIdentityConditionalAccessNamedLocation.md index 093355d11d5..1aa30f5cea1 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Get-MgIdentityConditionalAccessNamedLocation.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Get-MgIdentityConditionalAccessNamedLocation.md @@ -1,18 +1,27 @@ -### Example 1: {{ Add title here }} +### Example 1: Get a list of all named locations + ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.Read.All' +Get-MgIdentityConditionalAccessNamedLocation -{{ Add output here }} +Id CreatedDateTime DisplayName ModifiedDateTime +-- --------------- ----------- ---------------- +1b43b630-dbef-4cb7-afe5-fa4e113ea6b2 4/21/2022 10:28:22 AM KOs 6/13/2022 8:23:06 AM +1f0fd623-bf8f-4003-9627-32a68c3cdcc1 6/13/2022 8:27:35 AM Updated named location 6/13/2022 8:54:24 AM +0824dbaf-6277-4db0-8112-b29fd356f2c4 6/13/2022 8:41:38 AM Untrusted IP named location 6/13/2022 8:41:38 AM ``` -{{ Add description here }} +This example lists all existing named location rules. + +### Example 2: Get a named location by Id -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.Read.All' +Get-MgIdentityConditionalAccessNamedLocation -NamedLocationId '1f0fd623-bf8f-4003-9627-32a68c3cdcc1' -{{ Add output here }} +Id CreatedDateTime DisplayName ModifiedDateTime +-- --------------- ----------- ---------------- +1f0fd623-bf8f-4003-9627-32a68c3cdcc1 6/13/2022 8:27:35 AM Updated named location 6/13/2022 8:54:24 AM ``` -{{ Add description here }} - +This example gets the named location rule by Id. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Get-MgIdentityConditionalAccessPolicy.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Get-MgIdentityConditionalAccessPolicy.md index 093355d11d5..49788a3bb7f 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Get-MgIdentityConditionalAccessPolicy.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Get-MgIdentityConditionalAccessPolicy.md @@ -1,18 +1,52 @@ -### Example 1: {{ Add title here }} +### Example 1: Get a list of all conditional access policies in Azure AD. + ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.Read.All' +Get-MgIdentityConditionalAccessPolicy |Format-List + +Conditions : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet +CreatedDateTime : 1/13/2022 6:35:35 AM +Description : +DisplayName : Exchange Online Requires Compliant Device +GrantControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls +Id : 5e7615b8-dbe4-4cc1-810c-26adb77a3518 +ModifiedDateTime : 7/29/2022 9:08:10 AM +SessionControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls +State : enabled +AdditionalProperties : {} -{{ Add output here }} +Conditions : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet +CreatedDateTime : 1/13/2022 6:35:39 AM +Description : +DisplayName : Office 365 App Control +GrantControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls +Id : 8783f4ea-215e-49f9-a4f6-cc21f6de45f6 +ModifiedDateTime : 7/29/2022 9:08:39 AM +SessionControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls +State : enabled +AdditionalProperties : {} ``` -{{ Add description here }} +This example retrieves all the conditional access policies in Azure AD. + +### Example 2: Get a conditional access policy by Id -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.Read.All' -{{ Add output here }} -``` +Get-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId '5e7615b8-dbe4-4cc1-810c-26adb77a3518' | + Format-List -{{ Add description here }} +Conditions : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet +CreatedDateTime : 1/13/2022 6:35:35 AM +Description : +DisplayName : Exchange Online Requires Compliant Device +GrantControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls +Id : 5e7615b8-dbe4-4cc1-810c-26adb77a3518 +ModifiedDateTime : 7/29/2022 9:08:10 AM +SessionControls : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls +State : enabled +AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metadata#identity/conditionalAccess/policies/$entity]} +``` +This command retrieves the conditional access by Id. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/New-MgIdentityConditionalAccessNamedLocation.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/New-MgIdentityConditionalAccessNamedLocation.md index 093355d11d5..09bf176578d 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/New-MgIdentityConditionalAccessNamedLocation.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/New-MgIdentityConditionalAccessNamedLocation.md @@ -1,18 +1,53 @@ -### Example 1: {{ Add title here }} +### Example 1: Create a country named location + ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' + +$params = @{ +"@odata.type" = "#microsoft.graph.countryNamedLocation" +DisplayName = "Named location with unknown countries and regions" +CountriesAndRegions = @( + "US" + "XK" +) +IncludeUnknownCountriesAndRegions = $true +} -{{ Add output here }} +New-MgIdentityConditionalAccessNamedLocation -BodyParameter $params + +Id CreatedDateTime DisplayName ModifiedDateTime +-- --------------- ----------- ---------------- +1f0fd623-bf8f-4003-9627-32a68c3cdcc1 6/13/2022 8:27:35 AM Named location with unknown countries and regions 6/13/2022 8:27:35 AM ``` -{{ Add description here }} +This example creates a country named location. + +### Example 2: Create an ip named location -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' -{{ Add output here }} -``` +$params = @{ +"@odata.type" = "#microsoft.graph.ipNamedLocation" +DisplayName = "Untrusted IP named location" +IsTrusted = $false +IpRanges = @( + @{ + "@odata.type" = "#microsoft.graph.iPv4CidrRange" + CidrAddress = "12.34.221.11/22" + } + @{ + "@odata.type" = "#microsoft.graph.iPv6CidrRange" + CidrAddress = "2001:0:9d38:90d6:0:0:0:0/63" + } +) +} + +New-MgIdentityConditionalAccessNamedLocation -BodyParameter $params -{{ Add description here }} +Id CreatedDateTime DisplayName ModifiedDateTime +-- --------------- ----------- ---------------- +0824dbaf-6277-4db0-8112-b29fd356f2c4 6/13/2022 8:41:38 AM Untrusted IP named location 6/13/2022 8:41:38 AM +``` +This example creates an Ip named location. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/New-MgIdentityConditionalAccessPolicy.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/New-MgIdentityConditionalAccessPolicy.md index 093355d11d5..411321c83ed 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/New-MgIdentityConditionalAccessPolicy.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/New-MgIdentityConditionalAccessPolicy.md @@ -1,18 +1,95 @@ -### Example 1: {{ Add title here }} +### Example 1: Require MFA to access Exchange Online outside of trusted locations + ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' + + +$params = @{ + DisplayName = "Access to EXO requires MFA" + State = "enabled" + Conditions = @{ + ClientAppTypes = @( + "mobileAppsAndDesktopClients" + "browser" + ) + Applications = @{ + IncludeApplications = @( + "b457cbac-03cb-4b15-9eef-79f24f8d3247" + ) + } + Users = @{ + IncludeGroups = @( + "f39e2655-3fae-43ad-94e2-c2b593cfc473" + ) + } + Locations = @{ + IncludeLocations = @( + "All" + ) + ExcludeLocations = @( + "AllTrusted" + ) + } + } + GrantControls = @{ + Operator = "OR" + BuiltInControls = @( + "mfa" + ) + } +} -{{ Add output here }} +New-MgIdentityConditionalAccessPolicy -BodyParameter $params + +Id CreatedDateTime Description DisplayName ModifiedDateTime State +-- --------------- ----------- ----------- ---------------- ----- +1c9afd06-3f59-464e-a6d9-193d99764a01 7/29/2022 9:46:18 AM Access to EXO requires MFA enabled ``` -{{ Add description here }} +This example shows a request to require multi-factor authentication for access to Exchange Online from modern authentication clients outside of trusted locations for a particular group. + +### Example 2: Block access to Exchange Online from non-trusted regions -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' -{{ Add output here }} -``` +$params = @{ + DisplayName = "Block access to EXO non-trusted regions." + State = "enabled" + Conditions = @{ + ClientAppTypes = @( + "all" + ) + Applications = @{ + IncludeApplications = @( + "b457cbac-03cb-4b15-9eef-79f24f8d3247" + ) + } + Users = @{ + IncludeGroups = @( + "f39e2655-3fae-43ad-94e2-c2b593cfc473" + ) + } + Locations = @{ + IncludeLocations = @( + "0824dbaf-6277-4db0-8112-b29fd356f2c4" + ) + } + } + GrantControls = @{ + Operator = "OR" + BuiltInControls = @( + "block" + ) + } + } + +New-MgIdentityConditionalAccessPolicy -BodyParameter $params -{{ Add description here }} +Id CreatedDateTime Description DisplayName ModifiedDateTime State +-- --------------- ----------- ----------- ---------------- ----- +61c7530f-5c1d-44b2-a972-4ae658b7a9ac 7/29/2022 10:03:30 AM Block access to EXO non-trusted regions. enabled + +``` +This example shows a request to block access to Exchange Online from non-trusted/unknown regions. This example assumes that the named location `0824dbaf-6277-4db0-8112-b29fd356f2c4` corresponds to a list of non-trusted/unknown regions. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Remove-MgIdentityConditionalAccessNamedLocation.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Remove-MgIdentityConditionalAccessNamedLocation.md index 093355d11d5..59201fed05e 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Remove-MgIdentityConditionalAccessNamedLocation.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Remove-MgIdentityConditionalAccessNamedLocation.md @@ -1,18 +1,9 @@ -### Example 1: {{ Add title here }} -```powershell -PS C:\> {{ Add code here }} - -{{ Add output here }} -``` +### Example 1: Remove a named location -{{ Add description here }} - -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' -{{ Add output here }} +Remove-MgIdentityConditionalAccessNamedLocation -NamedLocationId $namedLocationId ``` -{{ Add description here }} - +This example removes the named location specified by `$namedLocationId`. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Remove-MgIdentityConditionalAccessPolicy.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Remove-MgIdentityConditionalAccessPolicy.md index 093355d11d5..8be548f0b53 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Remove-MgIdentityConditionalAccessPolicy.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Remove-MgIdentityConditionalAccessPolicy.md @@ -1,18 +1,9 @@ -### Example 1: {{ Add title here }} -```powershell -PS C:\> {{ Add code here }} - -{{ Add output here }} -``` +### Example 1: Remove a conditional access policy -{{ Add description here }} - -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' -{{ Add output here }} +Remove-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId $conditionalAccessPolicyId ``` -{{ Add description here }} - +This example deletes the conditional access policy specified by `$conditionalAccessPolicyId`. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Update-MgIdentityConditionalAccessNamedLocation.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Update-MgIdentityConditionalAccessNamedLocation.md index 093355d11d5..6a094d8bd38 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Update-MgIdentityConditionalAccessNamedLocation.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Update-MgIdentityConditionalAccessNamedLocation.md @@ -1,18 +1,21 @@ -### Example 1: {{ Add title here }} -```powershell -PS C:\> {{ Add code here }} - -{{ Add output here }} -``` +### Example 1: Update a country named location by adding to the list of countries -{{ Add description here }} - -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' -{{ Add output here }} -``` +$params = @{ +"@odata.type" = "#microsoft.graph.countryNamedLocation" +DisplayName = "Named location with unknown countries and regions" +CountriesAndRegions = @( + "US" + "XK" + "ID" + "CA" +) +IncludeUnknownCountriesAndRegions = $true +} -{{ Add description here }} +Update-MgIdentityConditionalAccessNamedLocation -NamedLocationId '1f0fd623-bf8f-4003-9627-32a68c3cdcc1' -BodyParameter $params +``` +This example updates the details of an existing named location. Supply the values of the relevant fields that should be updated. In this example, `ID` and `CA` are added in the list of countries. diff --git a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Update-MgIdentityConditionalAccessPolicy.md b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Update-MgIdentityConditionalAccessPolicy.md index 093355d11d5..e455d753506 100644 --- a/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Update-MgIdentityConditionalAccessPolicy.md +++ b/src/Identity.SignIns/Identity.SignIns/examples/v1.0/Update-MgIdentityConditionalAccessPolicy.md @@ -1,18 +1,19 @@ -### Example 1: {{ Add title here }} -```powershell -PS C:\> {{ Add code here }} - -{{ Add output here }} -``` +### Example 1: Add sign in risk levels to an existing conditional access policy -{{ Add description here }} - -### Example 2: {{ Add title here }} ```powershell -PS C:\> {{ Add code here }} +Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess' + +$params = @{ + Conditions = @{ + SignInRiskLevels = @( + "high" + "medium" + "low" + ) + } +} -{{ Add output here }} +Update-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId '61c7530f-5c1d-44b2-a972-4ae658b7a9ac' -BodyParameter $params ``` -{{ Add description here }} - +This example updates and existing access policy to add the sign in risk levels.