Get-CMConditionalAccessPolicy

Gets a conditional access policy.

Syntax

Get-CMConditionalAccessPolicy
   [-TargetedCollection <IResultObject[]>]
   [-ExcludedCollection <IResultObject[]>]
   [-DefaultRuleOverride <Boolean>]
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [<CommonParameters>]
Get-CMConditionalAccessPolicy
   [-TargetedCollectionId <String[]>]
   [-ExcludedCollectionId <String[]>]
   [-DefaultRuleOverride <Boolean>]
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [<CommonParameters>]
Get-CMConditionalAccessPolicy
   [-TargetedCollectionName <String[]>]
   [-ExcludedCollectionName <String[]>]
   [-DefaultRuleOverride <Boolean>]
   [-DisableWildcardHandling]
   [-ForceWildcardHandling]
   [<CommonParameters>]

Description

The Get-CMConditionalAccessPolicy cmdlet gets a conditional access policy.

Examples

Example 1: Get a conditional access policy by name

PS C:\> Get-CMConditionalAccessPolicy -TargetedCollection (Get-CMCollection -Name "All Users")

This command gets the conditional access policy for the targeted collection named All Users.

Example 2: Get a conditional access policy by ID

PS C:\> Get-CMConditionalAccessPolicy -TargetedCollectionID SMS00002

This command gets the conditional access policy for the target collection with the ID of SMS00002.

Optional Parameters

-DefaultRuleOverride

Specifies that the devices that are enrolled in Microsoft Intune and compliant with the compliance policies are allowed to access Exchange. This rule overrides the default Exchange access rule, which means that even if you set the default rule to quarantine or block access, enrolled and compliant devices will still be able to access Exchange.

Type:Boolean
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DisableWildcardHandling

DisableWildcardHandling treats wildcard characters as literal character values. Cannot be combined with ForceWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ExcludedCollection

Specifies an array of user collection objects. To obtain a user collection object, use the Get-CMCollection cmdlet.

Members of these collections do not have to enroll their devices in Microsoft Intune, or be compliant with any deployed compliance policies in order to access Exchange, as long as the default Exchange rules allow access.

Type:IResultObject[]
Aliases:ExecludedCollections
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ExcludedCollectionId

Specifies an array of user collection IDs.

Members of these collections do not have to enroll their devices in Microsoft Intune, or be compliant with any deployed compliance policies in order to access Exchange, as long as the default Exchange rules allow access.

Type:String[]
Aliases:ExecludedCollectionIds
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ExcludedCollectionName

Specifies an array of user collection names.

Members of these collections do not have to enroll their devices in Microsoft Intune, or be compliant with any deployed compliance policies in order to access Exchange, as long as the default Exchange rules allow access.

Type:String[]
Aliases:ExecludedCollectionNames
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ForceWildcardHandling

ForceWildcardHandling processes wildcard characters and may lead to unexpected behavior (not recommended). Cannot be combined with DisableWildcardHandling.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-TargetedCollection

Specifies an array of user collection objects. To obtain a user collection object, use the Get-CMCollection cmdlet.

Members of these collections must enroll their devices in Microsoft Intune and be compliant with any deployed compliance policies in order to access Exchange.

Type:IResultObject[]
Aliases:TargetedCollections
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-TargetedCollectionId

Specifies an array of user collection IDs.

Members of these collections must enroll their devices in Microsoft Intune and be compliant with any deployed compliance policies in order to access Exchange.

Type:String[]
Aliases:TargetedCollectionIds
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-TargetedCollectionName

Specifies an array of user collection names.

Members of these collections must enroll their devices in Microsoft Intune and be compliant with any deployed compliance policies in order to access Exchange.

Type:String[]
Aliases:TargetedCollectionNames
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False