This is my 1st post here and I'm really hoping that some one will figure this out with me. As you may have seen in the title of the post, I'm trying to create a PowerShell Script that will deploy a conditionla access policy to block legacy authentication but I coumdn't figure it out. Can someone please look into my caode and tell me why it's not working? it bugs at
$conditions.ClientAppTypes = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessClientApp
$conditions.ClientAppTypes = @(“ExchangeActiveSync”, “Other”)
Main code:
$conditions = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessConditionSet
$conditions.Applications = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition
$conditions.Applications.IncludeApplications = "All"
$conditions.Applications.ExcludeApplications = @(
""
""#applications
)
$conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition
$conditions.Users.IncludeUsers = "All"
$conditions.Users.ExcludeUsers = @(
"" #Admin user ID
"GuestsOrExternalUsers"
)
$conditions.Users.ExcludeGroups = "" #Admin group ID
$conditions.Users.ExcludeRoles = @(
# ""
# ""
# )
$conditions.Users = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessClientApp
$conditions.ClientAppTypes = @(“ExchangeActiveSync”, “Other”)
$controls = New-Object -TypeName Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControls
$controls._Operator = "OR"
$controls.BuiltInControls = "block"
New-AzureADMSConditionalAccessPolicy -DisplayName "Block Legacy Authentication" -State "Disabled" -Conditions $conditions -GrantControls $controls
To create block legacy authentication conditional policy, you can make use of below PowerShell script:
Conditional Access policy created successfully:
To enable the policy, modify the line as
$state = "Enabled"
.