The following PowerShell script allows you to add multiple Azure AD Named location IP address ranges using Microsoft Graph API PowerShell Module.
You need to download the Microsoft Graph PowerShell SDK.
You can read more about Microsoft Graph SDK and how to use it in a previous post Understanding Microsoft Graph SDK PowerShell
The Script connects to Microsoft Azure using the Policy.Read.All, and Policy.ReadWrite.ConditionalAccess
You can find the required scope by running
C:\> (Find-MgGraphCommand -Command New-MgIdentityConditionalAccessNamedLocation)[0].Permissions.name
Policy.Read.All
Policy.ReadWrite.ConditionalAccessThe script creates a Hashtable that contain the following parameters
- OData.Type: Is the type of a JSON object or name/value pair
- DisplayName: The name of the Azure AD Named Location
- IsTrusted : Set this location as trusted or not.
- IPRanges: The IPRanges is a PowerShell array of hashtables holding “CidrAddresses” as a Key and the IP address as a value
Add a Single Location with Multiple IP addresses.
Import-Module Microsoft.Graph.Identity.SignIns
Connect-MgGraph -Scopes ('Policy.Read.All', 'Policy.ReadWrite.ConditionalAccess')
$Location=@('1.1.1.1/24','2.2.2.2/24','3.3.3.3/24')
$params = @{
"@odata.type" = "#microsoft.graph.ipNamedLocation"
DisplayName = "New Test Location"
IsTrusted = $false
IpRanges=@()
}
Foreach ($S in $Location){
$IpRanges=@{}
$IpRanges.add("@odata.type" , "#microsoft.graph.iPv4CidrRange")
$IpRanges.add("CidrAddress" , $S)
$params.IpRanges+=$IpRanges
}
New-MgIdentityConditionalAccessNamedLocation -BodyParameter $paramsYou can replace the $Location with your CSV content by using Import-CSV
Add Multiple Azure AD named locations with Multiple IP Addresses from CSV
You can use the following script to import DisplayName, IPRange, and set if the IPRange is Trusted or not from a CSV file.
The CSV file format should be as the following.
DisplayName,IPRange,MarkAsTrusted
Location2,4.4.4.4/24,1
Location1,1.1.1.1/24-2.2.2.2/24-3.3.3.3/24,0DispalyName: String and is the name of the Location
IPRange: This can be a single or multiple IP Range separated by a dash – 1.1.1.1/24-2.2.2.2/24-3.3.3.3/24
MarkAsTrusted: hold 0 or 1, 0= not trusted, 1=Trusted location
Feel free and download the script and the CSV from my Github
Import-Module Microsoft.Graph.Identity.SignIns
Connect-MgGraph -Scopes ('Policy.Read.All', 'Policy.ReadWrite.ConditionalAccess') -ForceRefresh
$CSV=Import-Csv D:\TrustedLocation.csv
foreach ($singleLocation in $csv){
$params = @{
"@odata.type" = "#microsoft.graph.ipNamedLocation"
DisplayName = $singleLocation.DisplayName
}
switch ($singleLocation.MarkAsTrusted) {
0 { $params.Add("IsTrusted",$false) }
1 { $params.Add("IsTrusted",$true) }
}
$params.Add("IpRanges",@())
Foreach ($S in ($singleLocation.IPRange).Split("-")){
$IpRanges=@{}
$IpRanges.add("@odata.type" , "#microsoft.graph.iPv4CidrRange")
$IpRanges.add("CidrAddress" , $S)
$params.IpRanges+=$IpRanges
}
New-MgIdentityConditionalAccessNamedLocation -BodyParameter $params
}Let me know if you have a question.
To verify and get a list of all named locations, use the following cmdlet.
Get-MgIdentityConditionalAccessNamedLocation
Este Script ha sido de gran ayuda. Funciono perfectamente. Gracias por tu oportuna respuesta en el chat.