Open in app

Sign in

Write

Sign in

Use Power Shell to upload and download Azure AD B2C custom policies

Abhishek Agrawal
2 min readAug 22, 2019

We’ll learn here how can we use Power Shell to upload and download Azure AD B2C Custom Policies.

What are Custom Policies in Azure AD B2C?

Azure AD B2C is an identity as a service platform. Custom polices are the configuration files using which a service or app can define complex user flows for sign up, sign in, password reset etc for the end customers. Please read the official getting started page for more…

What is new here?

Up until recently, the only way to upload and download policies in the Azure AD B2C tenant was using Portal. Azure AD B2C is investing in programmatic access via Microsoft Graph for its assets. As a result, there are multiple ways to upload and download policies now. Power Shell is another tool which is developer friendly and easy to use.

One-time setup — installing the Azure AD Power Shell module

The Azure Ad Power Shell Preview module provides the functionality to interact with custom policies. This module provides other access to other Azure Ad entities as well such as users. The module can be imported as shown below in your Power Shell console

PS C:\> Install-Module -Name AzureADPreview

Login to your tenant

Connect-AzureAd is the cmdlet which establishes a login session with your tenant. Following command is an easy way to login to your tenant. You can try get-help Connect-AzureAD for more options.

PS C:\> Connect-AzureAd -tenantId <yourtenantname.onmicrosoft.com> -accountId <yourusername@contoso.com>Or simply 
PS C:\> Connect-AzureAd

List all custom policies in tenant

Following block shows command and response

PS C:\> Get-AzureADMSTrustFrameworkPolicyId

B2C_1A_TrustFrameworkBase
B2C_1A_TrustFrameworkExtensions
B2C_1A_TrustFrameworkBase1
B2C_1A_B2C_1_pwdreset2
B2C_1A_signup_signin1
B2C_1A_signup_signinleaf
B2C_1A_signup_signin
B2C_1A_signup_signin3
B2C_1A_ResourceOwnerv2
B2C_1A_signup_signin2

Upload a new custom policy

New-AzureADMSTrustFrameworkPolicy -InputFilePath <inputpolicyfilePath> [-OutputFilePath <outputFilePath>]

PS C:\> New-AzureADMSTrustFrameworkPolicy -InputFilePath C:\InputPolicy.xml

Get contents of a single custom policy

Get-AzureADMSTrustFrameworkPolicy -Id <policyId> [-OutputFilePath <FilePath>]

PS C:\> Get-AzureADMSTrustFrameworkPolicy -Id B2C_1A_signup_signin -OutputFilePath C:\RPPolicy.xml

Update an existing custom policy

Set-AzureADMSTrustFrameworkPolicy [-Id <policyId>] -InputFilePath <inputpolicyfilePath> [-OutputFilePath <outputFilePath>]

PS C:\> Set-AzureADMSTrustFrameworkPolicy -Id B2C_1A_signup_signin -InputFilePath C:\B2C_1A_signup_signin.xml

Delete a custom policy

Remove-AzureADMSTrustFrameworkPolicy -Id <policyId>

PS C:\> Remove-AzureADMSTrustFrameworkPolicy -Id B2C_1A_signup_signin

References

Full documentation of these cmdlets can be accessed here. You can also use Get-Help cmdlet in Power Shell to get help.

PS C:\> Get-help Remove-AzureADMSTrustFrameworkPolicy -full
Azure
Azure Ad B2c
Custom Policies

--

--

Abhishek Agrawal

Written by Abhishek Agrawal

6 Followers

Software engineer professionally; figuring out the next big thing personally.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams