microsoftgraph · peombwa · Aug 22, 2022 · Jun 13, 2022 · Jul 29, 2022 · Jul 29, 2022
@@ -1,18 +1,27 @@
-### Example 1: {{ Add title here }}
+### Example 1: Get a list of all named locations
+
 ```powershell
-PS C:\> {{ Add code here }}
+Connect-MgGraph -Scopes 'Policy.Read.All'
+Get-MgIdentityConditionalAccessNamedLocation
 
-{{ Add output here }}
+Id                                   CreatedDateTime       DisplayName                 ModifiedDateTime
+--                                   ---------------       -----------                 ----------------
+1b43b630-dbef-4cb7-afe5-fa4e113ea6b2 4/21/2022 10:28:22 AM KOs                         6/13/2022 8:23:06 AM
+1f0fd623-bf8f-4003-9627-32a68c3cdcc1 6/13/2022 8:27:35 AM  Updated named location      6/13/2022 8:54:24 AM
+0824dbaf-6277-4db0-8112-b29fd356f2c4 6/13/2022 8:41:38 AM  Untrusted IP named location 6/13/2022 8:41:38 AM
 ```
 
-{{ Add description here }}
+This example lists all existing named location rules.
+
+### Example 2: Get a named location by Id
 
-### Example 2: {{ Add title here }}
 ```powershell
-PS C:\> {{ Add code here }}
+Connect-MgGraph -Scopes 'Policy.Read.All'
+Get-MgIdentityConditionalAccessNamedLocation -NamedLocationId '1f0fd623-bf8f-4003-9627-32a68c3cdcc1'
 
-{{ Add output here }}
+Id                                   CreatedDateTime      DisplayName            ModifiedDateTime
+--                                   ---------------      -----------            ----------------
+1f0fd623-bf8f-4003-9627-32a68c3cdcc1 6/13/2022 8:27:35 AM Updated named location 6/13/2022 8:54:24 AM
 ```
 
-{{ Add description here }}
-
+This example gets the named location rule by Id.
@@ -1,18 +1,51 @@
-### Example 1: {{ Add title here }}
+### Example 1: Get a list of all conditional access policies in Azure AD.
+
 ```powershell
-PS C:\> {{ Add code here }}
+Connect-MgGraph -Scopes 'Policy.Read.All'
+Get-MgIdentityConditionalAccessPolicy |Format-List
+
+Conditions           : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet
+CreatedDateTime      : 1/13/2022 6:35:35 AM
+Description          :
+DisplayName          : Exchange Online Requires Compliant Device
+GrantControls        : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls
+Id                   : 5e7615b8-dbe4-4cc1-810c-26adb77a3518
+ModifiedDateTime     : 7/29/2022 9:08:10 AM
+SessionControls      : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls
+State                : enabled
+AdditionalProperties : {}
 
-{{ Add output here }}
+Conditions           : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet
+CreatedDateTime      : 1/13/2022 6:35:39 AM
+Description          :
+DisplayName          : Office 365 App Control
+GrantControls        : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls
+Id                   : 8783f4ea-215e-49f9-a4f6-cc21f6de45f6
+ModifiedDateTime     : 7/29/2022 9:08:39 AM
+SessionControls      : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls
+State                : enabled
+AdditionalProperties : {}
 ```
 
-{{ Add description here }}
+This example retrieves all the conditional access policies in Azure AD.
+
+### Example 2: Get a conditional access policy by Id
 
-### Example 2: {{ Add title here }}
 ```powershell
-PS C:\> {{ Add code here }}
+Connect-MgGraph -Scopes 'Policy.Read.All'
+Get-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId '5e7615b8-dbe4-4cc1-810c-26adb77a3518' | 
+  Format-List
 
-{{ Add output here }}
+Conditions           : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessConditionSet
+CreatedDateTime      : 1/13/2022 6:35:35 AM
+Description          :
+DisplayName          : Exchange Online Requires Compliant Device
+GrantControls        : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessGrantControls
+Id                   : 5e7615b8-dbe4-4cc1-810c-26adb77a3518
+ModifiedDateTime     : 7/29/2022 9:08:10 AM
+SessionControls      : Microsoft.Graph.PowerShell.Models.MicrosoftGraphConditionalAccessSessionControls
+State                : enabled
+AdditionalProperties : {[@odata.context, https://graph.microsoft.com/v1.0/$metadata#identity/conditionalAccess/policies/$entity]}
 ```
 
-{{ Add description here }}
-
+This command retrieves the conditional access by Id.
@@ -1,18 +1,53 @@
-### Example 1: {{ Add title here }}
+### Example 1: Create a country named location
+
 ```powershell
-PS C:\> {{ Add code here }}
+Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess'
+
+$params = @{
+"@odata.type" = "#microsoft.graph.countryNamedLocation"
+DisplayName = "Named location with unknown countries and regions"
+CountriesAndRegions = @(
+    "US"
+    "XK"
+)
+IncludeUnknownCountriesAndRegions = $true
+}
 
-{{ Add output here }}
+New-MgIdentityConditionalAccessNamedLocation -BodyParameter $params
+
+Id                                   CreatedDateTime      DisplayName                                       ModifiedDateTime
+--                                   ---------------      -----------                                       ----------------
+1f0fd623-bf8f-4003-9627-32a68c3cdcc1 6/13/2022 8:27:35 AM Named location with unknown countries and regions 6/13/2022 8:27:35 AM
 ```
 
-{{ Add description here }}
+This example creates a country named location.
+
+### Example 2: Create an ip named location
 
-### Example 2: {{ Add title here }}
 ```powershell
-PS C:\> {{ Add code here }}
+Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess'
 
-{{ Add output here }}
-```
+$params = @{
+"@odata.type" = "#microsoft.graph.ipNamedLocation"
+DisplayName = "Untrusted IP named location"
+IsTrusted = $false
+IpRanges = @(
+    @{
+        "@odata.type" = "#microsoft.graph.iPv4CidrRange"
+        CidrAddress = "12.34.221.11/22"
+    }
+    @{
+        "@odata.type" = "#microsoft.graph.iPv6CidrRange"
+        CidrAddress = "2001:0:9d38:90d6:0:0:0:0/63"
+    }
+)
+}
+
+New-MgIdentityConditionalAccessNamedLocation -BodyParameter $params
 
-{{ Add description here }}
+Id                                   CreatedDateTime      DisplayName                 ModifiedDateTime
+--                                   ---------------      -----------                 ----------------
+0824dbaf-6277-4db0-8112-b29fd356f2c4 6/13/2022 8:41:38 AM Untrusted IP named location 6/13/2022 8:41:38 AM
+```
 
+This example creates an Ip named location.
@@ -1,18 +1,95 @@
-### Example 1: {{ Add title here }}
+### Example 1: Require MFA to access Exchange Online outside of trusted locations
+
 ```powershell
-PS C:\> {{ Add code here }}
+Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess'
+
+
+$params = @{
+  DisplayName = "Access to EXO requires MFA"
+  State = "enabled"
+  Conditions = @{
+    ClientAppTypes = @(
+      "mobileAppsAndDesktopClients"
+      "browser"
+    )
+    Applications = @{
+      IncludeApplications = @(
+        "b457cbac-03cb-4b15-9eef-79f24f8d3247"
+      )
+    }
+    Users = @{
+      IncludeGroups = @(
+        "f39e2655-3fae-43ad-94e2-c2b593cfc473"
+       )
+    }
+    Locations = @{
+      IncludeLocations = @(
+        "All"
+      )
+      ExcludeLocations = @(
+        "AllTrusted"
+      )
+    }
+   }
+   GrantControls = @{
+     Operator = "OR"
+     BuiltInControls = @(
+       "mfa"
+     )
+   }
+}
 
-{{ Add output here }}
+New-MgIdentityConditionalAccessPolicy -BodyParameter $params
+
+Id                                   CreatedDateTime      Description DisplayName                ModifiedDateTime State
+--                                   ---------------      ----------- -----------                ---------------- -----
+1c9afd06-3f59-464e-a6d9-193d99764a01 7/29/2022 9:46:18 AM             Access to EXO requires MFA                  enabled
 ```
 
-{{ Add description here }}
+This example shows a request to require multi-factor authentication for access to Exchange Online from modern authentication clients outside of trusted locations for a particular group.
+
+### Example 2: Block access to Exchange Online from non-trusted regions
 
-### Example 2: {{ Add title here }}
 ```powershell
-PS C:\> {{ Add code here }}
+Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess'
 
-{{ Add output here }}
-```
+$params = @{
+  DisplayName = "Block access to EXO non-trusted regions."
+  State = "enabled"
+  Conditions = @{
+    ClientAppTypes = @(
+      "all"
+    )
+    Applications = @{
+      IncludeApplications = @(
+        "b457cbac-03cb-4b15-9eef-79f24f8d3247"
+      )
+    }
+    Users = @{
+      IncludeGroups = @(
+        "f39e2655-3fae-43ad-94e2-c2b593cfc473"
+      )
+    }
+    Locations = @{
+      IncludeLocations = @(
+        "0824dbaf-6277-4db0-8112-b29fd356f2c4"
+      )
+    }
+  }
+  GrantControls = @{
+    Operator = "OR"
+    BuiltInControls = @(
+      "block"
+    )
+    }
+  }
+
+New-MgIdentityConditionalAccessPolicy -BodyParameter $params
 
-{{ Add description here }}
+Id                                   CreatedDateTime       Description DisplayName                              ModifiedDateTime State
+--                                   ---------------       ----------- -----------                              ---------------- -----
+61c7530f-5c1d-44b2-a972-4ae658b7a9ac 7/29/2022 10:03:30 AM             Block access to EXO non-trusted regions.                  enabled
+
+```
 
+This example shows a request to block access to Exchange Online from non-trusted/unknown regions. This example assumes that the named location `0824dbaf-6277-4db0-8112-b29fd356f2c4` corresponds to a list of non-trusted/unknown regions.
@@ -1,18 +1,9 @@
-### Example 1: {{ Add title here }}
-```powershell
-PS C:\> {{ Add code here }}
-
-{{ Add output here }}
-```
+### Example 1: Remove a named location
 
-{{ Add description here }}
-
-### Example 2: {{ Add title here }}
 ```powershell
-PS C:\> {{ Add code here }}
+Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess'
 
-{{ Add output here }}
+Remove-MgIdentityConditionalAccessNamedLocation -NamedLocationId $namedLocationId
 ```
 
-{{ Add description here }}
-
+This example removed the named location specified by `$namedLocationId`.
@@ -1,18 +1,9 @@
-### Example 1: {{ Add title here }}
-```powershell
-PS C:\> {{ Add code here }}
-
-{{ Add output here }}
-```
+### Example 1: Remove a conditional access policy
 
-{{ Add description here }}
-
-### Example 2: {{ Add title here }}
 ```powershell
-PS C:\> {{ Add code here }}
+Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess'
 
-{{ Add output here }}
+Remove-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId $conditionalAccessPolicyId
 ```
 
-{{ Add description here }}
-
+This example deletes the conditional access policy specified by `$conditionalAccessPolicyId`.
@@ -1,18 +1,21 @@
-### Example 1: {{ Add title here }}
-```powershell
-PS C:\> {{ Add code here }}
-
-{{ Add output here }}
-```
+### Example 1: Update a country named location by adding to the list of countries
 
-{{ Add description here }}
-
-### Example 2: {{ Add title here }}
 ```powershell
-PS C:\> {{ Add code here }}
+Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess'
 
-{{ Add output here }}
-```
+$params = @{
+"@odata.type" = "#microsoft.graph.countryNamedLocation"
+DisplayName = "Named location with unknown countries and regions"
+CountriesAndRegions = @(
+    "US"
+    "XK"
+    "ID"
+    "CA"
+)
+IncludeUnknownCountriesAndRegions = $true
+}
 
-{{ Add description here }}
+Update-MgIdentityConditionalAccessNamedLocation -NamedLocationId '1f0fd623-bf8f-4003-9627-32a68c3cdcc1' -BodyParameter $params
+```
 
+This example updates the details of an existing named location. Supply the values of the relevant fields that should be updated. In this example, `ID` and `CA` are added in the list of countries.
@@ -1,18 +1,19 @@
-### Example 1: {{ Add title here }}
-```powershell
-PS C:\> {{ Add code here }}
-
-{{ Add output here }}
-```
+### Example 1: Add sign in risk levels to an existing conditional access policy
 
-{{ Add description here }}
-
-### Example 2: {{ Add title here }}
 ```powershell
-PS C:\> {{ Add code here }}
+Connect-MgGraph -Scopes 'Policy.ReadWrite.ConditionalAccess'
+
+$params = @{
+  Conditions = @{
+    SignInRiskLevels = @(
+      "high"
+      "medium"
+      "low"
+    )
+  }
+}
 
-{{ Add output here }}
+Update-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId '61c7530f-5c1d-44b2-a972-4ae658b7a9ac' -BodyParameter $params
 ```
 
-{{ Add description here }}
-
+This example updates and existing access policy to add the sign in risk levels.