Intune

Conditional Access / Bedingter Zugriff

Conditional Access / Bedingter Zugriff

Export Condentional Access Rules

Export der JSON Dateien per Powershell

 

 

# Connect to your source tenant
Connect-AzureAD

# Define the folder where you want to export the rules
$exportPath = "C:\ConditionalAccessExport"

# Create the export folder if it doesn't exist
if (-not (Test-Path -Path $exportPath)) {
    New-Item -Path $exportPath -ItemType Directory
}

# Get all conditional access policies
$conditionalAccessPolicies = Get-AzureADMSConditionalAccessPolicy

# Export each policy as a JSON file
foreach ($policy in $conditionalAccessPolicies) {
    $policyJson = $policy | ConvertTo-Json -Depth 10

    $exportFileName = Join-Path -Path $exportPath -ChildPath "$($policy.DisplayName).json"
    $policyJson | Set-Content -Path $exportFileName
}

# Disconnect from the source tenant
Disconnect-AzureAD
Conditional Access / Bedingter Zugriff

jsons Vorlagen für Block non-joined Devices

Dateien können in MS Intune hochgeladen werden

block.json

{
    "Id": "39e54b08-adf3-4185-b2e5-8e16c8c2fca7",
    "DisplayName": "Block Non-Hybrid Domain Machines",
    "State": "enabled",
    "Conditions": {
        "Applications": {
            "IncludeApplications": ["All"],
            "ExcludeApplications": [],
            "IncludeUserActions": [],
            "IncludeProtectionLevels": null
        },
        "Users": {
            "IncludeUsers": [],
            "ExcludeUsers": [],
            "IncludeGroups": [],
            "ExcludeGroups": [],
            "IncludeRoles": [],
            "ExcludeRoles": []
        },
        "Platforms": {
            "IncludePlatforms": [1, 3], 
            "ExcludePlatforms": []
        },
        "Locations": null,
        "SignInRiskLevels": [],
        "ClientAppTypes": [1, 2]
    },
    "GrantControls": {
        "Operator": "AND", 
        "BuiltInControls": [3], 
        "CustomAuthenticationFactors": [],
        "TermsOfUse": []
    },
    "SessionControls": null
}

block non-joined Devices.json

{
    "Id": "39e54b08-adf3-4185-b2e5-8e16c8c2fca8",
    "DisplayName": "BLOCK non-joined Devices 2",
    "State": "enabled",
    "Conditions": {
        "Applications": {
            "IncludeApplications": ["All"],
            "ExcludeApplications": [],
            "IncludeUserActions": [],
            "IncludeProtectionLevels": null
        },
        "Users": {
            "IncludeUsers": ["513594df-b01c-4086-9e74-f7cf216169ce"],
            "ExcludeUsers": [],
            "IncludeGroups": [],
            "ExcludeGroups": [],
            "IncludeRoles": [],
            "ExcludeRoles": []
        },
        "Platforms": {
            "IncludePlatforms": [2, 4],
            "ExcludePlatforms": []
        },
        "Locations": null,
        "SignInRiskLevels": [],
        "ClientAppTypes": [1, 2]
    },
    "GrantControls": {
        "_Operator": "OR",
        "BuiltInControls": [3],
        "CustomAuthenticationFactors": [],
        "TermsOfUse": []
    },
    "SessionControls": null
}