Set-AzureADMSPermissionGrantConditionSet
Update an existing Azure Active Directory permission grant condition set.
Syntax
Set-AzureADMSPermissionGrantConditionSet
-PolicyId <String>
-ConditionSetType <String>
-Id <String>
[-PermissionType <String>]
[-PermissionClassification <String>]
[-ResourceApplication <String>]
[-Permissions <System.Collections.Generic.List`1[System.String]>]
[-ClientApplicationIds <System.Collections.Generic.List`1[System.String]>]
[-ClientApplicationTenantIds <System.Collections.Generic.List`1[System.String]>]
[-ClientApplicationPublisherIds <System.Collections.Generic.List`1[System.String]>]
[-ClientApplicationsFromVerifiedPublisherOnly <Boolean>]
[<CommonParameters>]
Description
Updates an Azure Active Directory permission grant condition set object identified by id.
Examples
Example 1: Update a permission grant condition set to includes permissions that has been classified as low.
1. Get existing permission grant policy by that need to be updated.
$permissionGrantConditionSet =Get-AzureADMSPermissionGrantConditionSet -PolicyId "test1" -ConditionSetType "includes" -Id "0f81cce0-a766-4db6-a7e2-4e5f10f6abf8"
Id : 0f81cce0-a766-4db6-a7e2-4e5f10f6abf8
PermissionType : delegated
PermissionClassification : all
ResourceApplication : ec8d61c9-1cb2-4edb-afb0-bcda85645555
Permissions : {8b590330-0eb2-45d0-baca-a00ecf7e7b87, dac1c8fa-e6e4-47b8-a128-599660b8cd5c,
f6db0cc3-88cd-4c74-a374-3d8c7cc4c50b}
ClientApplicationIds : {00001111-aaaa-2222-bbbb-3333cccc4444, 11112222-bbbb-3333-cccc-4444dddd5555}
ClientApplicationTenantIds : {aaaabbbb-0000-cccc-1111-dddd2222eeee, bbbbcccc-1111-dddd-2222-eeee3333ffff,
ccccdddd-2222-eeee-3333-ffff4444aaaa}
ClientApplicationPublisherIds : {verifiedpublishermpnid}
ClientApplicationsFromVerifiedPublisherOnly : True
2. Update PermissionClassification
Set-AzureADMSPermissionGrantConditionSet -PolicyId "test1" -ConditionSetType "includes" -Id $permissionGrantConditionSet.Id -PermissionClassification low
Id : 0f81cce0-a766-4db6-a7e2-4e5f10f6abf8
PermissionType : delegated
PermissionClassification : low
ResourceApplication : ec8d61c9-1cb2-4edb-afb0-bcda85645555
Permissions : {8b590330-0eb2-45d0-baca-a00ecf7e7b87, dac1c8fa-e6e4-47b8-a128-599660b8cd5c,
f6db0cc3-88cd-4c74-a374-3d8c7cc4c50b}
ClientApplicationIds : {00001111-aaaa-2222-bbbb-3333cccc4444, 11112222-bbbb-3333-cccc-4444dddd5555}
ClientApplicationTenantIds : {aaaabbbb-0000-cccc-1111-dddd2222eeee, bbbbcccc-1111-dddd-2222-eeee3333ffff,
ccccdddd-2222-eeee-3333-ffff4444aaaa}
ClientApplicationPublisherIds : {verifiedpublishermpnid}
ClientApplicationsFromVerifiedPublisherOnly : True
Example 2: Update a permission grant condition set
PS C:\>Set-AzureADMSPermissionGrantConditionSet -PolicyId "policy1" -ConditionSetType "includes" -Id "00001111-aaaa-2222-bbbb-3333cccc4444" -PermissionType "Delegated" -PermissionClassification "Low" -ResourceApplication "00001111-aaaa-2222-bbbb-3333cccc4444" -Permissions @("29bf4ca5-913e-427d-8a68-5890af945109") -ClientApplicationIds @("All") -ClientApplicationTenantIds @("All") -ClientApplicationPublisherIds @("All") -ClientApplicationsFromVerifiedPublisherOnly $true
Parameters
-ClientApplicationIds
The set of client application ids to scope consent operation down to. It could be @("All") or a list of client application Ids.
Type: | List<T>[String] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ClientApplicationPublisherIds
The set of client applications publisher ids to scope consent operation down to. It could be @("All") or a list of client application publisher ids.
Type: | List<T>[String] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ClientApplicationsFromVerifiedPublisherOnly
A value indicates whether to only includes client applications from verified publishers.
Type: | Boolean |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ClientApplicationTenantIds
The set of client application tenant ids to scope consent operation down to. It could be @("All") or a list of client application tenant ids.
Type: | List<T>[String] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ConditionSetType
The value indicates whether the condition sets are included in the policy or excluded.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Id
The unique identifier of an Azure Active Directory permission grant condition set object.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-PermissionClassification
Specific classification (all, low, medium, high) to scope consent operation down to.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Permissions
The identifier of the resource application to scope consent operation down to. It could be @("All") or a list of permission ids.
Type: | List<T>[String] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PermissionType
Specific type of permissions (application, delegated) to scope consent operation down to.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PolicyId
The unique identifier of an Azure Active Directory permission grant policy object.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceApplication
The identifier of the resource application to scope consent operation down to. It could be "Any" or a specific resource application id.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
string
string
string
Notes
See the migration guide for Set-AzureADMSPermissionGrantConditionSet to the Microsoft Graph PowerShell.