CaPolice.dll-Help.xml

<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh">
  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10">
    <command:details>
      <command:name>Connect-CaPolice</command:name>
      <command:verb>Connect</command:verb>
      <command:noun>CaPolice</command:noun>
      <maml:description>
        <maml:para>Connects to CaPolice to Graph.</maml:para>
      </maml:description>
    </command:details>
    <maml:description>
      <maml:para>This cmdlet connects to CaPolice to Graph using the specified authentication method.</maml:para>
    </maml:description>
    <command:syntax>
      <command:syntaxItem>
        <maml:name>Connect-CaPolice</maml:name>
        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
          <maml:name>Github</maml:name>
          <maml:description>
            <maml:para>
            Try connect to Graph using GitHub Actions workload identity.
            </maml:para>
          </maml:description>
          <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none">
          <maml:name>TenantId</maml:name>
          <maml:description>
            <maml:para>
            Specify the Tenant ID for the authentication, is load from the environment variable AZURE_TENANT_ID if not specified.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none">
          <maml:name>ClientId</maml:name>
          <maml:description>
            <maml:para>
            Specify the client ID for the authentication, is load from the environment variable AZURE_CLIENT_ID if not specified.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="20" aliases="none">
          <maml:name>Test</maml:name>
          <maml:description>
            <maml:para>
            Test the connection by retrieving a token from Graph and output it to the console.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
      </command:syntaxItem>
      <command:syntaxItem>
        <maml:name>Connect-CaPolice</maml:name>
        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
          <maml:name>UseDefaultCredentials</maml:name>
          <maml:description>
            <maml:para>
            Try connect to Graph using DefaultAzureCredential.
            </maml:para>
          </maml:description>
          <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none">
          <maml:name>TenantId</maml:name>
          <maml:description>
            <maml:para>
            Specify the Tenant ID for the authentication, is load from the environment variable AZURE_TENANT_ID if not specified.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none">
          <maml:name>ClientId</maml:name>
          <maml:description>
            <maml:para>
            Specify the client ID for the authentication, is load from the environment variable AZURE_CLIENT_ID if not specified.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="20" aliases="none">
          <maml:name>Test</maml:name>
          <maml:description>
            <maml:para>
            Test the connection by retrieving a token from Graph and output it to the console.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
      </command:syntaxItem>
      <command:syntaxItem>
        <maml:name>Connect-CaPolice</maml:name>
        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
          <maml:name>UseManagedIdentity</maml:name>
          <maml:description>
            <maml:para>
            Try connect to Graph using Managed Identity.
            </maml:para>
          </maml:description>
          <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="20" aliases="none">
          <maml:name>Test</maml:name>
          <maml:description>
            <maml:para>
            Test the connection by retrieving a token from Graph and output it to the console.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
      </command:syntaxItem>
    </command:syntax>
    <command:parameters>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="2" aliases="none">
        <maml:name>ClientId</maml:name>
        <maml:description>
          <maml:para>
            Specify the client ID for the authentication, is load from the environment variable AZURE_CLIENT_ID if not specified.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
        <dev:type>
          <maml:name>String</maml:name>
        </dev:type>
        <dev:defaultValue>None</dev:defaultValue>
      </command:parameter>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none">
        <maml:name>TenantId</maml:name>
        <maml:description>
          <maml:para>
            Specify the Tenant ID for the authentication, is load from the environment variable AZURE_TENANT_ID if not specified.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
        <dev:type>
          <maml:name>String</maml:name>
        </dev:type>
        <dev:defaultValue>None</dev:defaultValue>
      </command:parameter>
      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
        <maml:name>Github</maml:name>
        <maml:description>
          <maml:para>
            Try connect to Graph using GitHub Actions workload identity.
            </maml:para>
        </maml:description>
        <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue>
        <dev:type>
          <maml:name>SwitchParameter</maml:name>
        </dev:type>
        <dev:defaultValue>False</dev:defaultValue>
      </command:parameter>
      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
        <maml:name>UseManagedIdentity</maml:name>
        <maml:description>
          <maml:para>
            Try connect to Graph using Managed Identity.
            </maml:para>
        </maml:description>
        <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue>
        <dev:type>
          <maml:name>SwitchParameter</maml:name>
        </dev:type>
        <dev:defaultValue>False</dev:defaultValue>
      </command:parameter>
      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
        <maml:name>UseDefaultCredentials</maml:name>
        <maml:description>
          <maml:para>
            Try connect to Graph using DefaultAzureCredential.
            </maml:para>
        </maml:description>
        <command:parameterValue required="true" variableLength="false">SwitchParameter</command:parameterValue>
        <dev:type>
          <maml:name>SwitchParameter</maml:name>
        </dev:type>
        <dev:defaultValue>False</dev:defaultValue>
      </command:parameter>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="20" aliases="none">
        <maml:name>Test</maml:name>
        <maml:description>
          <maml:para>
            Test the connection by retrieving a token from Graph and output it to the console.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
        <dev:type>
          <maml:name>SwitchParameter</maml:name>
        </dev:type>
        <dev:defaultValue>False</dev:defaultValue>
      </command:parameter>
    </command:parameters>
    <command:returnValues>
      <command:returnValue>
        <dev:type>
          <maml:name>System.String</maml:name>
        </dev:type>
        <maml:description>
          <maml:para>System.String</maml:para>
        </maml:description>
      </command:returnValue>
    </command:returnValues>
    <command:examples>
      <command:example>
        <maml:title>---------------------- GitHub Actions workload identity ----------------------</maml:title>
        <dev:code>PS C:\&gt; Connect-CaPolice -Github</dev:code>
        <dev:remarks>
          <maml:para>Connect to Graph using GitHub Actions workload identity.
</maml:para>
        </dev:remarks>
      </command:example>
    </command:examples>
  </command:command>
  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10">
    <command:details>
      <command:name>Export-CaPolicePolicy</command:name>
      <command:verb>Export</command:verb>
      <command:noun>CaPolicePolicy</command:noun>
      <maml:description>
        <maml:para>Exports all conditional access policies from the connected tenant to JSON files.</maml:para>
      </maml:description>
    </command:details>
    <maml:description>
      <maml:para>This cmdlet retrieves all conditional access policies from Microsoft Graph and writes each policy to a file in the specified output directory. The file name is controlled by FileNameFormat, which supports {id}, {displayName}, {tag} and {version} as placeholders and may include path separators to create subdirectories. When a display name follows the convention "TAG: Title-vX.Y", {tag} resolves to the prefix before the colon and {version} resolves to the version suffix; both fall back to sensible defaults when absent. Run Connect-CaPolice before using this cmdlet.</maml:para>
    </maml:description>
    <command:syntax>
      <command:syntaxItem>
        <maml:name>Export-CaPolicePolicy</maml:name>
        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="none">
          <maml:name>OutputPath</maml:name>
          <maml:description>
            <maml:para>
            The path to the directory where the JSON files will be written. The directory is created if it does not exist.
            </maml:para>
          </maml:description>
          <command:parameterValue required="true" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
          <maml:name>Force</maml:name>
          <maml:description>
            <maml:para>
            Overwrite existing JSON files in the output directory. Without this switch, existing files are skipped.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
          <maml:name>FileNameFormat</maml:name>
          <maml:description>
            <maml:para>
            Format string for the output file name. Supports {id}, {displayName}, {tag} and {version} as placeholders.
            {tag} is extracted from display names following the "TAG: Title" convention; falls back to {id} when absent.
            {version} is extracted from display names ending in "-vX.Y"; falls back to "latest" when absent.
            Path separators are allowed to create subdirectories under OutputPath, for example {tag}/{id}-{version}.json.
            Defaults to {id}.json.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
      </command:syntaxItem>
    </command:syntax>
    <command:parameters>
      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="none">
        <maml:name>OutputPath</maml:name>
        <maml:description>
          <maml:para>
            The path to the directory where the JSON files will be written. The directory is created if it does not exist.
            </maml:para>
        </maml:description>
        <command:parameterValue required="true" variableLength="false">String</command:parameterValue>
        <dev:type>
          <maml:name>String</maml:name>
        </dev:type>
        <dev:defaultValue>None</dev:defaultValue>
      </command:parameter>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
        <maml:name>Force</maml:name>
        <maml:description>
          <maml:para>
            Overwrite existing JSON files in the output directory. Without this switch, existing files are skipped.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
        <dev:type>
          <maml:name>SwitchParameter</maml:name>
        </dev:type>
        <dev:defaultValue>False</dev:defaultValue>
      </command:parameter>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="1" aliases="none">
        <maml:name>FileNameFormat</maml:name>
        <maml:description>
          <maml:para>
            Format string for the output file name. Supports {id}, {displayName}, {tag} and {version} as placeholders.
            {tag} is extracted from display names following the "TAG: Title" convention; falls back to {id} when absent.
            {version} is extracted from display names ending in "-vX.Y"; falls back to "latest" when absent.
            Path separators are allowed to create subdirectories under OutputPath, for example {tag}/{id}-{version}.json.
            Defaults to {id}.json.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
        <dev:type>
          <maml:name>String</maml:name>
        </dev:type>
        <dev:defaultValue>None</dev:defaultValue>
      </command:parameter>
    </command:parameters>
    <command:returnValues>
      <command:returnValue>
        <dev:type>
          <maml:name>System.IO.FileInfo</maml:name>
        </dev:type>
        <maml:description>
          <maml:para>System.IO.FileInfo</maml:para>
        </maml:description>
      </command:returnValue>
    </command:returnValues>
    <command:examples>
      <command:example>
        <maml:title>------------------------ Export policies to a folder -------------------------</maml:title>
        <dev:code>PS C:\&gt; Export-CaPolicePolicy -OutputPath ./Policies</dev:code>
        <dev:remarks>
          <maml:para>Export all conditional access policies to the ./Policies directory using the default {id}.json file name.
</maml:para>
        </dev:remarks>
      </command:example>
      <command:example>
        <maml:title>-------------------- Export and overwrite existing files ---------------------</maml:title>
        <dev:code>PS C:\&gt; Export-CaPolicePolicy -OutputPath ./Policies -Force</dev:code>
        <dev:remarks>
          <maml:para>Export all conditional access policies, overwriting any existing JSON files in the output directory.
</maml:para>
        </dev:remarks>
      </command:example>
      <command:example>
        <maml:title>------------------- Export with display name as file name --------------------</maml:title>
        <dev:code>PS C:\&gt; Export-CaPolicePolicy -OutputPath ./Policies -FileNameFormat "{displayName}.json"</dev:code>
        <dev:remarks>
          <maml:para>Export all conditional access policies, using each policy's display name as the file name.
</maml:para>
        </dev:remarks>
      </command:example>
      <command:example>
        <maml:title>------------------- Export into per-policy subdirectories --------------------</maml:title>
        <dev:code>PS C:\&gt; Export-CaPolicePolicy -OutputPath ./Policies -FileNameFormat "{id}/policy.json"</dev:code>
        <dev:remarks>
          <maml:para>Export each policy into its own subdirectory named after its ID.
</maml:para>
        </dev:remarks>
      </command:example>
      <command:example>
        <maml:title>------------- Export with tag subdirectory and version file name -------------</maml:title>
        <dev:code>PS C:\&gt; Export-CaPolicePolicy -OutputPath ./Policies -FileNameFormat "{tag}/{id}-{version}.json"</dev:code>
        <dev:remarks>
          <maml:para>For policies following the "TAG: Title-vX.Y" naming convention, group files by tag and include the version. Policies without a tag fall back to their ID; policies without a version fall back to "latest".
</maml:para>
        </dev:remarks>
      </command:example>
    </command:examples>
  </command:command>
  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10">
    <command:details>
      <command:name>New-CaPoliceSettings</command:name>
      <command:verb>New</command:verb>
      <command:noun>CaPoliceSettings</command:noun>
      <maml:description>
        <maml:para>Creates a new CaPolice settings file.</maml:para>
      </maml:description>
    </command:details>
    <maml:description>
      <maml:para>Creates a new settings JSON file for CaPolice. If -PolicyFolder is specified, all *.json policy files in that folder are read and added as policy entries; the tag, version, name and description are parsed from each policy's displayName field following the "TAG: Title-vX.Y" convention. When -NewTenant is specified, policy IDs are omitted and every imported policy's status is forced to "report".</maml:para>
    </maml:description>
    <command:syntax>
      <command:syntaxItem>
        <maml:name>New-CaPoliceSettings</maml:name>
        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="none">
          <maml:name>SettingsFile</maml:name>
          <maml:description>
            <maml:para>
            Path to the settings file to create. Throws an error if the file already exists.
            </maml:para>
          </maml:description>
          <command:parameterValue required="true" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none">
          <maml:name>TenantId</maml:name>
          <maml:description>
            <maml:para>
            The Entra ID tenant ID that the policies are managed in.
            </maml:para>
          </maml:description>
          <command:parameterValue required="true" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
          <maml:name>BreakglassUsers</maml:name>
          <maml:description>
            <maml:para>
            One or more break-glass user object IDs that are excluded from all conditional access policies.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue>
          <dev:type>
            <maml:name>String[]</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
          <maml:name>BreakglassGroups</maml:name>
          <maml:description>
            <maml:para>
            One or more break-glass group object IDs that are excluded from all conditional access policies.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue>
          <dev:type>
            <maml:name>String[]</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
          <maml:name>PolicyFolder</maml:name>
          <maml:description>
            <maml:para>
            Path to a folder containing JSON policy files exported by Export-CaPolicePolicy. All *.json files in the folder are added as policy entries. The tag extracted from each policy's displayName is used as the settings key.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
          <dev:type>
            <maml:name>String</maml:name>
          </dev:type>
          <dev:defaultValue>None</dev:defaultValue>
        </command:parameter>
        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
          <maml:name>NewTenant</maml:name>
          <maml:description>
            <maml:para>
            When specified, policy IDs are omitted and the status for every imported policy is set to "report". Use this when deploying existing policies to a new tenant.
            </maml:para>
          </maml:description>
          <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
          <dev:type>
            <maml:name>SwitchParameter</maml:name>
          </dev:type>
          <dev:defaultValue>False</dev:defaultValue>
        </command:parameter>
      </command:syntaxItem>
    </command:syntax>
    <command:parameters>
      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="0" aliases="none">
        <maml:name>SettingsFile</maml:name>
        <maml:description>
          <maml:para>
            Path to the settings file to create. Throws an error if the file already exists.
            </maml:para>
        </maml:description>
        <command:parameterValue required="true" variableLength="false">String</command:parameterValue>
        <dev:type>
          <maml:name>String</maml:name>
        </dev:type>
        <dev:defaultValue>None</dev:defaultValue>
      </command:parameter>
      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName)" position="1" aliases="none">
        <maml:name>TenantId</maml:name>
        <maml:description>
          <maml:para>
            The Entra ID tenant ID that the policies are managed in.
            </maml:para>
        </maml:description>
        <command:parameterValue required="true" variableLength="false">String</command:parameterValue>
        <dev:type>
          <maml:name>String</maml:name>
        </dev:type>
        <dev:defaultValue>None</dev:defaultValue>
      </command:parameter>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
        <maml:name>BreakglassUsers</maml:name>
        <maml:description>
          <maml:para>
            One or more break-glass user object IDs that are excluded from all conditional access policies.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue>
        <dev:type>
          <maml:name>String[]</maml:name>
        </dev:type>
        <dev:defaultValue>None</dev:defaultValue>
      </command:parameter>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
        <maml:name>BreakglassGroups</maml:name>
        <maml:description>
          <maml:para>
            One or more break-glass group object IDs that are excluded from all conditional access policies.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="true">String[]</command:parameterValue>
        <dev:type>
          <maml:name>String[]</maml:name>
        </dev:type>
        <dev:defaultValue>None</dev:defaultValue>
      </command:parameter>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
        <maml:name>PolicyFolder</maml:name>
        <maml:description>
          <maml:para>
            Path to a folder containing JSON policy files exported by Export-CaPolicePolicy. All *.json files in the folder are added as policy entries. The tag extracted from each policy's displayName is used as the settings key.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="false">String</command:parameterValue>
        <dev:type>
          <maml:name>String</maml:name>
        </dev:type>
        <dev:defaultValue>None</dev:defaultValue>
      </command:parameter>
      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
        <maml:name>NewTenant</maml:name>
        <maml:description>
          <maml:para>
            When specified, policy IDs are omitted and the status for every imported policy is set to "report". Use this when deploying existing policies to a new tenant.
            </maml:para>
        </maml:description>
        <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
        <dev:type>
          <maml:name>SwitchParameter</maml:name>
        </dev:type>
        <dev:defaultValue>False</dev:defaultValue>
      </command:parameter>
    </command:parameters>
    <command:returnValues>
      <command:returnValue>
        <dev:type>
          <maml:name>System.IO.FileInfo</maml:name>
        </dev:type>
        <maml:description>
          <maml:para>System.IO.FileInfo</maml:para>
        </maml:description>
      </command:returnValue>
    </command:returnValues>
    <command:examples>
      <command:example>
        <maml:title>----------------------- Create a minimal settings file -----------------------</maml:title>
        <dev:code>PS C:\&gt; New-CaPoliceSettings -SettingsFile ./settings.json -TenantId "00000000-0000-0000-0000-000000000000" -BreakglassUsers "user-object-id"</dev:code>
        <dev:remarks>
          <maml:para>Create a new settings file for the given tenant with a single breakglass user.
</maml:para>
        </dev:remarks>
      </command:example>
      <command:example>
        <maml:title>------------------ Import policies from an exported folder -------------------</maml:title>
        <dev:code>PS C:\&gt; New-CaPoliceSettings -SettingsFile ./settings.json -TenantId "00000000-0000-0000-0000-000000000000" -BreakglassUsers "user-object-id" -PolicyFolder ./Policies</dev:code>
        <dev:remarks>
          <maml:para>Create a settings file by importing all policy JSON files from a folder previously populated by Export-CaPolicePolicy.
</maml:para>
        </dev:remarks>
      </command:example>
      <command:example>
        <maml:title>---------------------- Create settings for a new tenant ----------------------</maml:title>
        <dev:code>PS C:\&gt; New-CaPoliceSettings -SettingsFile ./settings.json -TenantId "00000000-0000-0000-0000-000000000000" -BreakglassGroups "group-object-id" -PolicyFolder ./Policies -NewTenant</dev:code>
        <dev:remarks>
          <maml:para>Import policies from a folder, omitting IDs and setting all statuses to "report" for deployment to a new tenant.
</maml:para>
        </dev:remarks>
      </command:example>
    </command:examples>
  </command:command>
</helpItems>