Skip to main content

aad policy list

Returns policies from Azure AD

Usage

m365 aad policy list [options]

Options

-t, --type [type]

The type of policies to return. Allowed values activityBasedTimeout, authorization, claimsMapping, homeRealmDiscovery, identitySecurityDefaultsEnforcement, tokenIssuance, tokenLifetime. If omitted, all policies are returned

-h, --help [help]

Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is options.

--query [query]

JMESPath query string. See http://jmespath.org/ for more information and examples.

-o, --output [output]

Output type. json, text, csv, md, none. Default json.

--verbose

Runs command with verbose logging.

--debug

Runs command with debug logging.

Examples

Returns all policies from Azure AD

m365 aad policy list

Returns claim-mapping policies from Azure AD

m365 aad policy list --type "claimsMapping"

Response

[
  {
    "id": "authorizationPolicy",
    "allowInvitesFrom": "everyone",
    "allowedToSignUpEmailBasedSubscriptions": true,
    "allowedToUseSSPR": true,
    "allowEmailVerifiedUsersToJoinOrganization": true,
    "allowUserConsentForRiskyApps": null,
    "blockMsolPowerShell": false,
    "displayName": "Authorization Policy",
    "description": "Used to manage authorization related settings across the company.",
    "guestUserRoleId": "10dae51f-b6af-4016-8d66-8c2a99b929b3",
    "defaultUserRolePermissions": {
      "allowedToCreateApps": true,
      "allowedToCreateSecurityGroups": true,
      "allowedToCreateTenants": true,
      "allowedToReadBitlockerKeysForOwnedDevice": true,
      "allowedToReadOtherUsers": true,
      "permissionGrantPoliciesAssigned": [
        "ManagePermissionGrantsForSelf.microsoft-user-default-legacy"
      ]
    }
  }
]

More information

CTRL + M