Skip to content

Updating policy sets

Jump to bottom
Alexander Filipin edited this page May 13, 2020 · 5 revisions

Updating policy sets requires the current policy's ID in the JSON file.

If you want to use the solution to continue updating policies after the initial deployment, you need to include your Policy IDs in your JSON files. You can get the IDs using e.g. the Graph Explorer and the following call:

https://graph.microsoft.com/beta/identity/conditionalAccess/policies

You can also interactively run the the 'connect' region in the Deploy-Policies.ps1 and utilize the Get-GraphConditionalAccessPolicy function for this.

It is planned to automate this manual work later, if you not only include the ID in your existing JSON files, but replace them completely with the JSONs provided by Graph, this is possible, but you will lose the well known replacements logic.

The ID would be added above the displayName value in the JSON, e.g.

"id": "098301a3-9dcf-4d6a-b7af-c9f3358b76cd",

"displayName": "100 - <RING> - Admin protection - All apps: Require MFA For M365 admins",
Clone this wiki locally