Version: 2.0.1 (preview)

Test-MtCaReferencedObjectsExist

SYNOPSIS

Checks if any conditional access policies reference non-existent users, groups, or roles.

SYNTAX

Test-MtCaReferencedObjectsExist [-ProgressAction <ActionPreference>] [<CommonParameters>]

DESCRIPTION

This test checks if all users, groups, and roles referenced in conditional access policies still exist in the tenant. Non-existent or deleted objects in conditional access policies can lead to unexpected behavior and security gaps. When a user, group, or role is deleted but still referenced in a policy, it may cause the policy to not apply as expected.

The test examines:

Include/exclude users in conditional access policies
Include/exclude groups in conditional access policies
Include/exclude roles in conditional access policies (role definition IDs)

Learn more: https://learn.microsoft.com/entra/identity/conditional-access/concept-conditional-access-users-groups

EXAMPLES

EXAMPLE 1

Test-MtCaReferencedObjectsExist

PARAMETERS

-ProgressAction

Type: ActionPreference
Parameter Sets: (All)
Aliases: proga

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Test-MtCaReferencedObjectsExist

SYNOPSIS

SYNTAX

DESCRIPTION

EXAMPLES

EXAMPLE 1

PARAMETERS

-ProgressAction

CommonParameters

INPUTS

OUTPUTS

System.Boolean

NOTES

SYNOPSIS​

SYNTAX​

DESCRIPTION​

EXAMPLES​

EXAMPLE 1​

PARAMETERS​

-ProgressAction​

CommonParameters​

INPUTS​

OUTPUTS​

System.Boolean​

NOTES​

RELATED LINKS​

SYNOPSIS

SYNTAX

DESCRIPTION

EXAMPLES

EXAMPLE 1

PARAMETERS

-ProgressAction

CommonParameters

INPUTS

OUTPUTS

System.Boolean

NOTES

RELATED LINKS