Support exporting and importing conditional access policies using PowerShell
Support exporting and importing conditional access policies using PowerShell. This would be handy for backup purposes, but also for re-use of the same policy rules between test and production tenants.
The Microsoft Graph API currently do not have any REST APIs for accessing and creating conditional access policies: https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/resources/intune_graph_overview
We’ve begun work on exposing policies through MS Graph and PowerShell. I can’t give a date yet, but I’m it is in the pipeline.
need this too! let's get this knocked out!
+1 We need this too. Do you have any update on this?
Cédric Blomart commented
Any update on this?
Wil M commented
Yes we definitely need this! it would be very useful to be able to import/export conditional access policies
Peter Selch Dahl | Azure MVP commented
If you need a workaround for now. You can use this script on GitHub.
/Peter Selch Dahl
So... started in Apr and still not delivered? Was that a cruel April Fool's day joke on us???
@Azure AD Team - Is there an approximate time frame for exposing Conditional Access policies and Named Locations in Microsoft Graph?
Hello, What's the latest on this? Is it possible to create policies now via PowerShell or Graph API? Any timelines please?
We are working on this for conditional access policy and named locations now. API support for what if is something we've discussed but not on the near-term roadmap.
Prasanna B J commented
Thanks team for confirmation that you are working on it.
Any timeline when this feature will be made available in PowerShell / MS Graph API?
Any update on this??
Tom Pratt commented
Would like to see the "What-if" tool in the rest API as well. We could script the changes to CA then script all our tests to make sure it is allowing/blocking properly, then add all that to our pipeline for automation.
Stephane BOUGES commented
We would need to be able to export our named locations and conditional access rules from Staging environment (where we are testing/validation these rules) to our Production environment.
Good news that it is in the pipeline...
yes, need powershell for conditional access
Johan Voerman commented
Any news on this item?
Until we can export settings, are we able to track changes to Conditional Access Rules through the Management API? I don't see a reference on https://support.office.com/en-us/article/Search-the-audit-log-in-the-Office-365-Security-Compliance-Center-0d4d0f35-390b-4518-800e-0c7ec95e946c?ui=en-US&rs=en-US&ad=US#useradminactivities&PickTab=Activities.
I optimistically thought MS released as much or more through PowerShell than the GUI consistently in following the infrastructure as code model. Anxiously awaiting this. Some companies need the ability to audit these settings before allowing the settings to be used.
Happy to test and provide feedback on pre-release code.
Lester Waters commented
The graph API should allow any ApplicationIDs to e specified in the INCLUDE and EXCLUDE. Please don't get smart and try to exclude certain apps as you have done in the ARM portal.