这是我在这里发表的第一篇文章,我真的希望有人能和我一起解决这个问题。 正如您可能在帖子标题中看到的那样,我正在尝试创建一个 PowerShell 脚本,该脚本将部署条件访问策略来阻止旧身份验证,但我无法弄清楚。 有人可以查看我的 caode 并告诉我为什么它不起作用吗?它的错误在于
$conditions.ClientAppTypes = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessClientApp
$conditions.ClientAppTypes = @(“ExchangeActiveSync”, “Other”)
主要代码:
$conditions = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet
$conditions.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition
$conditions.Applications.IncludeApplications = "All"
$conditions.Applications.ExcludeApplications = @(
""
""#applications
)
$conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition
$conditions.Users.IncludeUsers = "All"
$conditions.Users.ExcludeUsers = @(
"" #Admin user ID
"GuestsOrExternalUsers"
)
$conditions.Users.ExcludeGroups = "" #Admin group ID
$conditions.Users.ExcludeRoles = @(
# ""
# ""
# )
$conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessClientApp
$conditions.ClientAppTypes = @(“ExchangeActiveSync”, “Other”)
$controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls
$controls._Operator = "OR"
$controls.BuiltInControls = "block"
New-AzureADMSConditionalAccessPolicy -DisplayName "Block Legacy Authentication" -State "Disabled" -Conditions $conditions -GrantControls $controls
要创建阻止旧式身份验证条件策略,您可以使用以下 PowerShell 脚本:
Connect-MgGraph -Scopes "Policy.Read.All",
"Policy.ReadWrite.ConditionalAccess",
"Application.Read.All"
$conditions = @{
Applications = @{
includeApplications = 'All'
};
Users = @{
includeUsers = 'All'
};
ClientAppTypes = @(
'ExchangeActiveSync',
'Other'
);
}
$grantcontrols = @{
BuiltInControls = @('Block');
Operator = 'OR'
}
$name = "Block Legacy Authentication All Apps"
$state = "Disabled"
New-MgIdentityConditionalAccessPolicy `
-DisplayName $name
-State $state
-Conditions $conditions
-GrantControls $grantcontrols
条件访问策略创建成功:
要启用该策略,请将行修改为
$state = "Enabled"
。