Conditional Access Policy
Use the Get-DeviceConditionalAccessPolicy cmdlet to view mobile device conditional access policies in the Security & Compliance Center.
For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax (https://docs.microsoft.com/powershell/exchange/exchange-cmdlet-syntax).
Get-DeviceConditionalAccessPolicy [[-Identity] <PolicyIdParameter>] [<CommonParameters>]
These are the cmdlets that are used for mobile device management in the Security & Compliance Center:
DeviceTenantPolicy and DeviceTenantRule cmdlets: A policy that defines whether to block or allow mobile device access to Exchange Online email by unsupported devices that use Exchange ActiveSync only. This setting applies to all users in your organization. Both allow and block scenarios allow reporting for unsupported devices, and you can specify exceptions to the policy based on security groups.
DeviceConditionalAccessPolicy and DeviceConditionalAccessRule cmdlets: Policies that control mobile device access to Microsoft 365 for supported devices. These policies are applied to security groups. Unsupported devices are not allowed to enroll in mobile device management.
DeviceConfigurationPolicy and DeviceConfigurationRule cmdlets: Policies that control mobile device settings for supported devices. These policies are applied to security groups.
Get-DevicePolicy: Returns all mobile device management policies regardless of type (DeviceTenantPolicy, DeviceConditionalAccessPolicy or DeviceConfigurationPolicy).
You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center.
Get-DeviceConditionalAccessPolicy | Format-Table Name,Enabled,Priority
This example shows summary information for all mobile device conditional access policies.
Get-DeviceConditionalAccessPolicy -Identity "Human Resources"
This example shows details about the mobile device conditional access policy named Human Resources.
The Identity parameter specifies the mobile device conditional access policy that you want to view. You can use any value that uniquely identifies the policy. For example:
Distinguished name (DN)
|Accept pipeline input:||True|
|Accept wildcard characters:||False|
|Applies to:||Office 365 Security & Compliance Center|