Forum Discussion
Create Named Location list using PowerShell
Hello Community,
I am trying to build a PowerShell script that will create a Named Location in Azure AD with multiple IP ranges.
Here: New-AzureADMSNamedLocationPolicy (AzureAD) | Microsoft Docs I see an example with only one IP range, it works nice. But how can I add multiple IP ranges from a csv file, for example?
I've tried several options with Import-CSV and arrays, but haven't succeeded.
Could anybody advise me on how to push a list of IP ranges into the Named Location?
This is what I have so far:
Connect-AzureAD
$ipRanges = New-Object -TypeName System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.IpRange]
$IPAddressesList = Import-CSV C:\IPs.csv
foreach ($IP in $IPAddressesList)
{
$ipRanges.Add($IP)
}
New-AzureADMSNamedLocationPolicy -OdataType "#microsoft.graph.ipNamedLocation" -DisplayName "IP named location policy" -IsTrusted $false -IpRanges $ipRanges
Here's a quick-n-dirty re-working if your original script demonstrating the Get-Content approach.
I've included a screenshot showing the output from $ipRanges but I had to keep the subtle change regarding "`1", otherwise, it throws an error for me under Windows PowerShell.
Connect-AzureAD $ipRanges = New-Object -TypeName System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.IpRange] Get-Content -Path C:\IPs.csv | ForEach-Object { $ipRanges.Add($_) } New-AzureADMSNamedLocationPolicy -OdataType "#microsoft.graph.ipNamedLocation" -DisplayName "IP named location policy" -IsTrusted $false -IpRanges $ipRanges$ipRanges output (purely as confirmation it's correctly producing the IpRange data type):
Cheers,
Lain
8 Replies
Use the following Graph command
Import-Module Microsoft.Graph.Identity.SignIns Connect-MgGraph -Scopes ('Policy.Read.All', 'Policy.ReadWrite.ConditionalAccess') $params = @{ "@odata.type" = "#microsoft.graph.ipNamedLocation" DisplayName = "Untrusted IP named location" IsTrusted = $false IpRanges = @( @{ "@odata.type" = "#microsoft.graph.iPv4CidrRange" CidrAddress = "12.34.221.11/22" } @{ "@odata.type" = "#microsoft.graph.iPv6CidrRange" CidrAddress = "2001:0:9d38:90d6:0:0:0:0/63" } ) } New-MgIdentityConditionalAccessNamedLocation -BodyParameter $paramsHello farismalaeb ,
Thank you for your reply.
But what if I need to add multiple IP ranges?
For example, 12.12.12.12/24, 15.15.15.15/25, 16.16.16.16/16 ?
This is my goal.
The Graph will add multiple IP
Here is a small update.
Replace the $Location with your CSV
Import-Module Microsoft.Graph.Identity.SignIns Connect-MgGraph -Scopes ('Policy.Read.All', 'Policy.ReadWrite.ConditionalAccess') $Location=@('1.1.1.1/24','2.2.2.2/24','3.3.3.3/24') $params = @{ "@odata.type" = "#microsoft.graph.ipNamedLocation" DisplayName = "New Test Location" IsTrusted = $false IpRanges=@() } Foreach ($S in $Location){ $IpRanges=@{} $IpRanges.add("@odata.type" , "#microsoft.graph.iPv4CidrRange") $IpRanges.add("CidrAddress" , $S) $params.IpRanges+=$IpRanges } New-MgIdentityConditionalAccessNamedLocation -BodyParameter $params
