Use Power Shell to upload and download Azure AD B2C custom policies
We’ll learn here how can we use Power Shell to upload and download Azure AD B2C Custom Policies.
What are Custom Policies in Azure AD B2C?
Azure AD B2C is an identity as a service platform. Custom polices are the configuration files using which a service or app can define complex user flows for sign up, sign in, password reset etc for the end customers. Please read the official getting started page for more…
What is new here?
Up until recently, the only way to upload and download policies in the Azure AD B2C tenant was using Portal. Azure AD B2C is investing in programmatic access via Microsoft Graph for its assets. As a result, there are multiple ways to upload and download policies now. Power Shell is another tool which is developer friendly and easy to use.
One-time setup — installing the Azure AD Power Shell module
The Azure Ad Power Shell Preview module provides the functionality to interact with custom policies. This module provides other access to other Azure Ad entities as well such as users. The module can be imported as shown below in your Power Shell console
PS C:\> Install-Module -Name AzureADPreview
Login to your tenant
Connect-AzureAd is the cmdlet which establishes a login session with your tenant. Following command is an easy way to login to your tenant. You can try get-help Connect-AzureAD for more options.
PS C:\> Connect-AzureAd -tenantId <yourtenantname.onmicrosoft.com> -accountId <yourusername@contoso.com>Or simply
PS C:\> Connect-AzureAd
List all custom policies in tenant
Following block shows command and response
PS C:\> Get-AzureADMSTrustFrameworkPolicyId
—
B2C_1A_TrustFrameworkBase
B2C_1A_TrustFrameworkExtensions
B2C_1A_TrustFrameworkBase1
B2C_1A_B2C_1_pwdreset2
B2C_1A_signup_signin1
B2C_1A_signup_signinleaf
B2C_1A_signup_signin
B2C_1A_signup_signin3
B2C_1A_ResourceOwnerv2
B2C_1A_signup_signin2
Upload a new custom policy
New-AzureADMSTrustFrameworkPolicy -InputFilePath <inputpolicyfilePath> [-OutputFilePath <outputFilePath>]
PS C:\> New-AzureADMSTrustFrameworkPolicy -InputFilePath C:\InputPolicy.xml
Get contents of a single custom policy
Get-AzureADMSTrustFrameworkPolicy -Id <policyId> [-OutputFilePath <FilePath>]
PS C:\> Get-AzureADMSTrustFrameworkPolicy -Id B2C_1A_signup_signin -OutputFilePath C:\RPPolicy.xml
Update an existing custom policy
Set-AzureADMSTrustFrameworkPolicy [-Id <policyId>] -InputFilePath <inputpolicyfilePath> [-OutputFilePath <outputFilePath>]
PS C:\> Set-AzureADMSTrustFrameworkPolicy -Id B2C_1A_signup_signin -InputFilePath C:\B2C_1A_signup_signin.xml
Delete a custom policy
Remove-AzureADMSTrustFrameworkPolicy -Id <policyId>
PS C:\> Remove-AzureADMSTrustFrameworkPolicy -Id B2C_1A_signup_signin
References
Full documentation of these cmdlets can be accessed here. You can also use Get-Help cmdlet in Power Shell to get help.
PS C:\> Get-help Remove-AzureADMSTrustFrameworkPolicy -full