Get-CMConditionalAccessPolicy

Gets a conditional access policy.

Syntax

Get-CMConditionalAccessPolicy
   [-DefaultRuleOverride <Boolean>]
   [-DisableWildcardHandling]
   [-ExcludedCollection <IResultObject[]>]
   [-ForceWildcardHandling]
   [-TargetedCollection <IResultObject[]>]
   [<CommonParameters>]
Get-CMConditionalAccessPolicy [-DefaultRuleOverride ] [-DisableWildcardHandling]
 [-ExcludedCollectionId ] [-ForceWildcardHandling] [-TargetedCollectionId ]
 []
Get-CMConditionalAccessPolicy [-DefaultRuleOverride ] [-DisableWildcardHandling]
 [-ExcludedCollectionName ] [-ForceWildcardHandling] [-TargetedCollectionName ]
 []

Description

The Get-CMConditionalAccessPolicy cmdlet gets a conditional access policy.

Examples

Example 1: Get a conditional access policy by name

PS C:\> Get-CMConditionalAccessPolicy -TargetedCollection (Get-CMCollection -Name "All Users")

This command gets the conditional access policy for the targeted collection named All Users.

Example 2: Get a conditional access policy by ID

PS C:\> Get-CMConditionalAccessPolicy -TargetedCollectionID SMS00002

This command gets the conditional access policy for the target collection with the ID of SMS00002.

Optional Parameters

-DefaultRuleOverride

Specifies that the devices that are enrolled in Microsoft Intune and compliant with the compliance policies are allowed to access Exchange. This rule overrides the default Exchange access rule, which means that even if you set the default rule to quarantine or block access, enrolled and compliant devices will still be able to access Exchange.

Type:Boolean
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DisableWildcardHandling

Indicates that wildcard handling is disabled.

Type:SwitchParameter
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ExcludedCollection

Specifies an array of user collection objects. To obtain a user collection object, use the Get-CMCollection cmdlet.Members of these collections do not have to enroll their devices in Microsoft Intune, or be compliant with any deployed compliance policies in order to access Exchange, as long as the default Exchange rules allow access.

Type:IResultObject[]
Aliases:ExecludedCollections
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ExcludedCollectionId

Specifies an array of user collection IDs.Members of these collections do not have to enroll their devices in Microsoft Intune, or be compliant with any deployed compliance policies in order to access Exchange, as long as the default Exchange rules allow access.

Type:String[]
Aliases:ExecludedCollectionIds
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ExcludedCollectionName

Specifies an array of user collection names.Members of these collections do not have to enroll their devices in Microsoft Intune, or be compliant with any deployed compliance policies in order to access Exchange, as long as the default Exchange rules allow access.

Type:String[]
Aliases:ExecludedCollectionNames
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ForceWildcardHandling

Indicates that wildcard handling is enabled.

Type:SwitchParameter
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-TargetedCollection

Specifies an array of user collection objects. To obtain a user collection object, use the Get-CMCollection cmdlet.Members of these collections must enroll their devices in Microsoft Intune and be compliant with any deployed compliance policies in order to access Exchange.

Type:IResultObject[]
Aliases:TargetedCollections
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-TargetedCollectionId

Specifies an array of user collection IDs.Members of these collections must enroll their devices in Microsoft Intune and be compliant with any deployed compliance policies in order to access Exchange.

Type:String[]
Aliases:TargetedCollectionIds
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-TargetedCollectionName

Specifies an array of user collection names.Members of these collections must enroll their devices in Microsoft Intune and be compliant with any deployed compliance policies in order to access Exchange.

Type:String[]
Aliases:TargetedCollectionNames
Required:False
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False