CaPolice.dll-Help.xml

<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh">
  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10">
    <command:details>
      <command:name>Connect-CaPolice</command:name>
      <command:verb>Connect</command:verb>
      <command:noun>CaPolice</command:noun>
      <maml:description>
        <maml:para>Connects to CaPolice to Graph.</maml:para>
      </maml:description>
    </command:details>
    <maml:description>
      <maml:para>This cmdlet connects to CaPolice to Graph using the specified authentication method.</maml:para>
    </maml:description>
    <command:syntax>
      <command:syntaxItem>
        <maml:name>Connect-CaPolice</maml:name>
        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
          <maml:name>Github</maml:name>
          <maml:description>
            <maml:para>
            Try connect to Graph using GitHub Actions workload identity.
            </maml:para>
          </maml:description>
          <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none">
          <maml:name>TenantId</maml:name>
          <maml:description>
            <maml:para>
            Specify the Tenant ID for the authentication, is load from the environment variable AZURE_TENANT_ID if not specified.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none">
          <maml:name>ClientId</maml:name>
          <maml:description>
            <maml:para>
            Specify the client ID for the authentication, is load from the environment variable AZURE_CLIENT_ID if not specified.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="20" aliases="none">
          <maml:name>Test</maml:name>
          <maml:description>
            <maml:para>
            Test the connection by retrieving a token from Graph and output it to the console.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
      </command:syntaxItem>
      <command:syntaxItem>
        <maml:name>Connect-CaPolice</maml:name>
        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
          <maml:name>UseDefaultCredentials</maml:name>
          <maml:description>
            <maml:para>
            Try connect to Graph using DefaultAzureCredential.
            </maml:para>
          </maml:description>
          <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none">
          <maml:name>TenantId</maml:name>
          <maml:description>
            <maml:para>
            Specify the Tenant ID for the authentication, is load from the environment variable AZURE_TENANT_ID if not specified.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none">
          <maml:name>ClientId</maml:name>
          <maml:description>
            <maml:para>
            Specify the client ID for the authentication, is load from the environment variable AZURE_CLIENT_ID if not specified.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="20" aliases="none">
          <maml:name>Test</maml:name>
          <maml:description>
            <maml:para>
            Test the connection by retrieving a token from Graph and output it to the console.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
      </command:syntaxItem>
      <command:syntaxItem>
        <maml:name>Connect-CaPolice</maml:name>
        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
          <maml:name>UseManagedIdentity</maml:name>
          <maml:description>
            <maml:para>
            Try connect to Graph using Managed Identity.
            </maml:para>
          </maml:description>
          <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="20" aliases="none">
          <maml:name>Test</maml:name>
          <maml:description>
            <maml:para>
            Test the connection by retrieving a token from Graph and output it to the console.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
      </command:syntaxItem>
    </command:syntax>
    <command:parameters>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none">
        <maml:name>ClientId</maml:name>
        <maml:description>
          <maml:para>
            Specify the client ID for the authentication, is load from the environment variable AZURE_CLIENT_ID if not specified.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
        <dev:type>
          <maml:name>String</maml:name>
        </dev:type>
        <dev:defaultValue>None</dev:defaultValue>
      </command:parameter>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none">
        <maml:name>TenantId</maml:name>
        <maml:description>
          <maml:para>
            Specify the Tenant ID for the authentication, is load from the environment variable AZURE_TENANT_ID if not specified.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
        <dev:type>
          <maml:name>String</maml:name>
        </dev:type>
        <dev:defaultValue>None</dev:defaultValue>
      </command:parameter>
      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
        <maml:name>Github</maml:name>
        <maml:description>
          <maml:para>
            Try connect to Graph using GitHub Actions workload identity.
            </maml:para>
        </maml:description>
        <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue>
        <dev:type>
          <maml:name>SwitchParameter</maml:name>
        </dev:type>
        <dev:defaultValue>False</dev:defaultValue>
      </command:parameter>
      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
        <maml:name>UseManagedIdentity</maml:name>
        <maml:description>
          <maml:para>
            Try connect to Graph using Managed Identity.
            </maml:para>
        </maml:description>
        <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue>
        <dev:type>
          <maml:name>SwitchParameter</maml:name>
        </dev:type>
        <dev:defaultValue>False</dev:defaultValue>
      </command:parameter>
      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
        <maml:name>UseDefaultCredentials</maml:name>
        <maml:description>
          <maml:para>
            Try connect to Graph using DefaultAzureCredential.
            </maml:para>
        </maml:description>
        <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue>
        <dev:type>
          <maml:name>SwitchParameter</maml:name>
        </dev:type>
        <dev:defaultValue>False</dev:defaultValue>
      </command:parameter>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="20" aliases="none">
        <maml:name>Test</maml:name>
        <maml:description>
          <maml:para>
            Test the connection by retrieving a token from Graph and output it to the console.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
        <dev:type>
          <maml:name>SwitchParameter</maml:name>
        </dev:type>
        <dev:defaultValue>False</dev:defaultValue>
      </command:parameter>
    </command:parameters>
    <command:returnValues>
      <command:returnValue>
        <dev:type>
          <maml:name>System.String</maml:name>
        </dev:type>
        <maml:description>
          <maml:para>System.String</maml:para>
        </maml:description>
      </command:returnValue>
    </command:returnValues>
    <command:examples>
      <command:example>
        <maml:title>---------------------- GitHub Actions workload identity ----------------------</maml:title>
        <dev:code>PS C:\&gt; Connect-CaPolice -Github</dev:code>
        <dev:remarks>
          <maml:para>Connect to Graph using GitHub Actions workload identity.
</maml:para>
        </dev:remarks>
      </command:example>
    </command:examples>
  </command:command>
  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10">
    <command:details>
      <command:name>Export-CaPolicePolicy</command:name>
      <command:verb>Export</command:verb>
      <command:noun>CaPolicePolicy</command:noun>
      <maml:description>
        <maml:para>Exports all conditional access policies from the connected tenant to JSON files.</maml:para>
      </maml:description>
    </command:details>
    <maml:description>
      <maml:para>This cmdlet retrieves all conditional access policies from Microsoft Graph and writes each policy to a file in the specified output directory. The file name is controlled by FileNameFormat, which supports {id}, {displayName}, {tag} and {version} as placeholders and may include path separators to create subdirectories. When a display name follows the convention "TAG: Title-vX.Y", {tag} resolves to the prefix before the colon and {version} resolves to the version suffix; both fall back to sensible defaults when absent. Run Connect-CaPolice before using this cmdlet.</maml:para>
    </maml:description>
    <command:syntax>
      <command:syntaxItem>
        <maml:name>Export-CaPolicePolicy</maml:name>
        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="none">
          <maml:name>OutputPath</maml:name>
          <maml:description>
            <maml:para>
            The path to the directory where the JSON files will be written. The directory is created if it does not exist.
            </maml:para>
          </maml:description>
          <command:parameterValue required="true" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
          <maml:name>Force</maml:name>
          <maml:description>
            <maml:para>
            Overwrite existing JSON files in the output directory. Without this switch, existing files are skipped.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
          <maml:name>FileNameFormat</maml:name>
          <maml:description>
            <maml:para>
            Format string for the output file name. Supports {id}, {displayName}, {tag} and {version} as placeholders.
            {tag} is extracted from display names following the "TAG: Title" convention; falls back to {id} when absent.
            {version} is extracted from display names ending in "-vX.Y"; falls back to "latest" when absent.
            Path separators are allowed to create subdirectories under OutputPath, for example {tag}/{id}-{version}.json.
            Defaults to {id}.json.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
      </command:syntaxItem>
    </command:syntax>
    <command:parameters>
      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="none">
        <maml:name>OutputPath</maml:name>
        <maml:description>
          <maml:para>
            The path to the directory where the JSON files will be written. The directory is created if it does not exist.
            </maml:para>
        </maml:description>
        <command:parameterValue required="true" variableLength="false">String</command:parameterValue>
        <dev:type>
          <maml:name>String</maml:name>
        </dev:type>
        <dev:defaultValue>None</dev:defaultValue>
      </command:parameter>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
        <maml:name>Force</maml:name>
        <maml:description>
          <maml:para>
            Overwrite existing JSON files in the output directory. Without this switch, existing files are skipped.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
        <dev:type>
          <maml:name>SwitchParameter</maml:name>
        </dev:type>
        <dev:defaultValue>False</dev:defaultValue>
      </command:parameter>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
        <maml:name>FileNameFormat</maml:name>
        <maml:description>
          <maml:para>
            Format string for the output file name. Supports {id}, {displayName}, {tag} and {version} as placeholders.
            {tag} is extracted from display names following the "TAG: Title" convention; falls back to {id} when absent.
            {version} is extracted from display names ending in "-vX.Y"; falls back to "latest" when absent.
            Path separators are allowed to create subdirectories under OutputPath, for example {tag}/{id}-{version}.json.
            Defaults to {id}.json.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
        <dev:type>
          <maml:name>String</maml:name>
        </dev:type>
        <dev:defaultValue>None</dev:defaultValue>
      </command:parameter>
    </command:parameters>
    <command:returnValues>
      <command:returnValue>
        <dev:type>
          <maml:name>System.IO.FileInfo</maml:name>
        </dev:type>
        <maml:description>
          <maml:para>System.IO.FileInfo</maml:para>
        </maml:description>
      </command:returnValue>
    </command:returnValues>
    <command:examples>
      <command:example>
        <maml:title>------------------------ Export policies to a folder -------------------------</maml:title>
        <dev:code>PS C:\&gt; Export-CaPolicePolicy -OutputPath ./Policies</dev:code>
        <dev:remarks>
          <maml:para>Export all conditional access policies to the ./Policies directory using the default {id}.json file name.
</maml:para>
        </dev:remarks>
      </command:example>
      <command:example>
        <maml:title>-------------------- Export and overwrite existing files ---------------------</maml:title>
        <dev:code>PS C:\&gt; Export-CaPolicePolicy -OutputPath ./Policies -Force</dev:code>
        <dev:remarks>
          <maml:para>Export all conditional access policies, overwriting any existing JSON files in the output directory.
</maml:para>
        </dev:remarks>
      </command:example>
      <command:example>
        <maml:title>------------------- Export with display name as file name --------------------</maml:title>
        <dev:code>PS C:\&gt; Export-CaPolicePolicy -OutputPath ./Policies -FileNameFormat "{displayName}.json"</dev:code>
        <dev:remarks>
          <maml:para>Export all conditional access policies, using each policy's display name as the file name.
</maml:para>
        </dev:remarks>
      </command:example>
      <command:example>
        <maml:title>------------------- Export into per-policy subdirectories --------------------</maml:title>
        <dev:code>PS C:\&gt; Export-CaPolicePolicy -OutputPath ./Policies -FileNameFormat "{id}/policy.json"</dev:code>
        <dev:remarks>
          <maml:para>Export each policy into its own subdirectory named after its ID.
</maml:para>
        </dev:remarks>
      </command:example>
      <command:example>
        <maml:title>------------- Export with tag subdirectory and version file name -------------</maml:title>
        <dev:code>PS C:\&gt; Export-CaPolicePolicy -OutputPath ./Policies -FileNameFormat "{tag}/{id}-{version}.json"</dev:code>
        <dev:remarks>
          <maml:para>For policies following the "TAG: Title-vX.Y" naming convention, group files by tag and include the version. Policies without a tag fall back to their ID; policies without a version fall back to "latest".
</maml:para>
        </dev:remarks>
      </command:example>
    </command:examples>
  </command:command>
</helpItems>