Страница:
EXOClientAccessRule
Страницы
AADApplication
AADConditionalAccessPolicy
AADGroup
AADGroupLifecyclePolicy
AADGroupsNamingPolicy
AADGroupsSettings
AADMSGroup
AADMSGroupLifecyclePolicy
AADNamedLocationPolicy
AADPolicy
AADRoleDefinition
AADServicePrincipal
AADTenantDetails
AADTokenLifetimePolicy
Assessing
Automating
Breaking Changes Policy
Contribute to Microsoft365dsc.com
Develop a New Resource
EXOAcceptedDomain
EXOActiveSyncDeviceAccessRule
EXOAddressBookPolicy
EXOAddressList
EXOAntiPhishPolicy
EXOAntiPhishRule
EXOApplicationAccessPolicy
EXOAtpPolicyForO365
EXOAvailabilityAddressSpace
EXOAvailabilityConfig
EXOCASMailboxPlan
EXOClientAccessRule
EXODkimSigningConfig
EXOEmailAddressPolicy
EXOGlobalAddressList
EXOHostedConnectionFilterPolicy
EXOHostedContentFilterPolicy
EXOHostedContentFilterRule
EXOHostedOutboundSpamFilterPolicy
EXOHostedOutboundSpamFilterRule
EXOInboundConnector
EXOIntraOrganizationConnector
EXOJournalRule
EXOMailTips
EXOMailboxSettings
EXOMalwareFilterPolicy
EXOMalwareFilterRule
EXOManagementRole
EXOMobileDeviceMailboxPolicy
EXOOfflineAddressBook
EXOOnPremisesOrganization
EXOOrganizationConfig
EXOOrganizationRelationship
EXOOutboundConnector
EXOOwaMailboxPolicy
EXOPartnerApplication
EXOPolicyTipConfig
EXORemoteDomain
EXORoleAssignmentPolicy
EXOSafeAttachmentPolicy
EXOSafeAttachmentRule
EXOSafeLinksPolicy
EXOSafeLinksRule
EXOSharedMailbox
EXOSharingPolicy
EXOTransportRule
Exporting
Getting Started
Home
How to Create a M365DSC Blueprint
IntuneAppConfigurationPolicy
IntuneAppProtectionPolicyiOS
IntuneDeviceCategory
IntuneDeviceCompliancePolicyAndroid
IntuneDeviceCompliancePolicyAndroidWorkProfile
IntuneDeviceCompliancePolicyMacOS
IntuneDeviceCompliancePolicyWindows10
IntuneDeviceCompliancePolicyiOs
IntuneDeviceConfigurationPolicyAndroidWorkProfile
IntuneDeviceConfigurationPolicyWindows
IntuneDeviceConfigurationPolicyWindows10
IntuneDeviceConfigurationPolicyiOS
IntuneDeviceEnrollmentLimitRestriction
IntuneDeviceEnrollmentPlatformRestriction
Known Issues
Monitoring
O365AdminAuditLogConfig
O365Group
O365OrgCustomizationSetting
O365User
ODSP Permissions
ODSettings
PPPowerAppsEnvironment
PPTenantSettings
Permissions
PlannerBucket
PlannerPlan
PlannerTask
Reporting
Resources List
SCAuditConfigurationPolicy
SCCaseHoldPolicy
SCCaseHoldRule
SCComplianceCase
SCComplianceSearch
SCComplianceSearchAction
SCComplianceTag
SCDLPCompliancePolicy
SCDLPComplianceRule
SCDeviceConditionalAccessPolicy
SCDeviceConfigurationPolicy
SCFilePlanPropertyAuthority
SCFilePlanPropertyCategory
SCFilePlanPropertyCitation
SCFilePlanPropertyDepartment
SCFilePlanPropertyReferenceId
SCFilePlanPropertySubCategory
SCLabelPolicy
SCRetentionCompliancePolicy
SCRetentionComplianceRule
SCRetentionEventType
SCSensitivityLabel
SCSupervisoryReviewPolicy
SCSupervisoryReviewRule
SPOAccessControlSettings
SPOApp
SPOBrowserIdleSignout
SPOHomeSite
SPOHubSite
SPOOrgAssetsLibrary
SPOPropertyBag
SPOSearchManagedProperty
SPOSearchResultSource
SPOSharingSettings
SPOSite
SPOSiteAuditSettings
SPOSiteDesign
SPOSiteDesignRights
SPOSiteGroup
SPOSiteScript
SPOStorageEntity
SPOTenantCDNPolicy
SPOTenantCdnEnabled
SPOTenantSettings
SPOTheme
SPOUserProfileProperty
Setting up your Environment to Contribute to the Project
TeamsCallingPolicy
TeamsChannel
TeamsChannelTab
TeamsChannelsPolicy
TeamsClientConfiguration
TeamsEmergencyCallRoutingPolicy
TeamsEmergencyCallingPolicy
TeamsGuestCallingConfiguration
TeamsGuestMeetingConfiguration
TeamsGuestMessagingConfiguration
TeamsMeetingBroadcastConfiguration
TeamsMeetingBroadcastPolicy
TeamsMeetingConfiguration
TeamsMeetingPolicy
TeamsMessagingPolicy
TeamsPstnUsage
TeamsTeam
TeamsTenantDialPlan
TeamsUpgradeConfiguration
TeamsUpgradePolicy
TeamsUser
TeamsVoiceRoute
TeamsVoiceRoutingPolicy
Troubleshooting
What is Microsoft365DSC
8
EXOClientAccessRule
Nik Charlebois редактировал(а) эту страницу 2021-10-06 06:17:59 -04:00
Содержание
# EXOClientAccessRule
Parameters
| Parameter | Attribute | DataType | Description | Allowed Values |
|---|---|---|---|---|
| Identity | Key | String | The Identity parameter specifies the client access rule that you want to modify. | |
| Action | Required | String | The Action parameter specifies the action for the client access rule. Valid values for this parameter are AllowAccess and DenyAccess. | AllowAccess, DenyAccess |
| AnyOfAuthenticationTypes | Write | StringArray[] | The AnyOfAuthenticationTypes parameter specifies a condition for the client access rule that is based on the client's authentication type. Valid values for this parameter are AdfsAuthentication, BasicAuthentication, CertificateBasedAuthentication, NonBasicAuthentication, OAuthAuthentication. | AdfsAuthentication, BasicAuthentication, CertificateBasedAuthentication, NonBasicAuthentication, OAuthAuthentication |
| AnyOfClientIPAddressesOrRanges | Write | StringArray[] | The AnyOfClientIPAddressesOrRanges parameter specifies a condition for the client access rule that is based on the client's IP address. Valid values for this parameter are: A single IP address, an IP address range, a CIDR IP. | |
| AnyOfProtocols | Write | StringArray[] | The AnyOfProtocols parameter specifies a condition for the client access rule that is based on the client's protocol. Valid values for this parameter are ExchangeActiveSync,ExchangeAdminCenter,ExchangeWebServices,IMAP4,OfflineAddressBook,OutlookAnywhere,OutlookWebApp,POP3,PowerShellWebServices,RemotePowerShell,REST,UniversalOutlook. | ExchangeActiveSync, ExchangeAdminCenter, ExchangeWebServices, IMAP4, OfflineAddressBook, OutlookAnywhere, OutlookWebApp, POP3, PowerShellWebServices, RemotePowerShell, REST, UniversalOutlook |
| Enabled | Write | Boolean | The Enabled parameter specifies whether the client access rule is enabled or disabled. Default is $true. | |
| ExceptAnyOfAuthenticationTypes | Write | StringArray[] | The ExceptAnyOfAuthenticationTypes parameter specifies an exception for the client access rule that is based on the client's authentication type. Valid values for this parameter are AdfsAuthentication, BasicAuthentication, CertificateBasedAuthentication, NonBasicAuthentication, OAuthAuthentication. | AdfsAuthentication, BasicAuthentication, CertificateBasedAuthentication, NonBasicAuthentication, OAuthAuthentication |
| ExceptAnyOfClientIPAddressesOrRanges | Write | StringArray[] | The ExceptAnyOfClientIPAddressesOrRanges parameter specifies an exception for the client access rule that is based on the client's IP address. Valid values for this parameter are: A single IP address, an IP address range, a CIDR IP. | |
| ExceptAnyOfProtocols | Write | StringArray[] | The ExceptAnyOfProtocols parameter specifies an exception for the client access rule that is based on the client's protocol. Valid values for this parameter are ExchangeActiveSync,ExchangeAdminCenter,ExchangeWebServices,IMAP4,OfflineAddressBook,OutlookAnywhere,OutlookWebApp,POP3,PowerShellWebServices,RemotePowerShell,REST,UniversalOutlook. | ExchangeActiveSync, ExchangeAdminCenter, ExchangeWebServices, IMAP4, OfflineAddressBook, OutlookAnywhere, OutlookWebApp, POP3, PowerShellWebServices, RemotePowerShell, REST, UniversalOutlook |
| ExceptUsernameMatchesAnyOfPatterns | Write | StringArray[] | The ExceptUsernameMatchesAnyOfPatterns parameter specifies an exception for the client access rule that is based on the user's account name. | |
| Priority | Write | UInt32 | The Priority parameter specifies a priority value for the client access rule. A lower integer value indicates a higher priority, and a higher priority rule is evaluated before a lower priority rule. The default value is 1. | |
| RuleScope | Write | String | The RuleScope parameter specifies the scope of the client access rule. Valid values are All and Users | All, Users |
| UserRecipientFilter | Write | String | The UserRecipientFilter parameter specifies a condition for the client access rule that uses OPath filter syntax to identify the user. | |
| UsernameMatchesAnyOfPatterns | Write | StringArray[] | The UsernameMatchesAnyOfPatterns parameter specifies a condition for the client access rule that is based on the user's account name. | |
| Ensure | Write | String | Specifies if this Client Access Rule should exist. | Present, Absent |
| Credential | Write | PSCredential | Credentials of the Exchange Global Admin | |
| ApplicationId | Write | String | Id of the Azure Active Directory application to authenticate with. | |
| TenantId | Write | String | Id of the Azure Active Directory tenant used for authentication. | |
| CertificateThumbprint | Write | String | Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication. | |
| CertificatePassword | Write | PSCredential | Username can be made up to anything but password will be used for CertificatePassword | |
| CertificatePath | Write | String | Path to certificate used in service principal usually a PFX file. |
EXOClientAccessRule
Description
This resource configures Client Access sRules. Client Access Rules help you control access to your organization based on the properties of the connection.
Note: Not all authentication types are supported for all protocols.
The supported authentication types per protocol can be found here: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules
Parameters
Ensure
- Required: No (Defaults to 'Present')
- Description: Specifies whether the configured Client Access Rule should be Present or Absent.
Credential
- Required: Yes
- Description: Credentials of the Office 365 Global Admin
Identity
- Required: Yes
- Description: The Identity parameter specifies the Client Access Rule that you want to modify. You can use any value that uniquely identifies the Client Access Rule.
Action
- Required: Yes
- Description: The Action parameter specifies the action for the client access rule. Valid values for this parameter are AllowAccess and DenyAccess.
AnyOfAuthenticationTypes
- Required: No
- Description: The AnyOfAuthenticationTypes parameter specifies a condition for the client access rule that's based on the client's authentication type. Valid values for this parameter are: AdfsAuthentication BasicAuthentication CertificateBasedAuthentication NonBasicAuthentication OAuthAuthentication
AnyOfClientIPAddressesOrRanges
- Required: No
- Description: The AnyOfClientIPAddressesOrRanges parameter specifies a condition for the client access rule that's based on the client's IP address. Valid values for this parameter are: A single IP address: For example, 192.168.1.1 An IP address range: For example, 192.168.0.1-192.168.0.254 Classless Inter-Domain Routing (CIDR) IP: e.g 192.168.3.1/24
AnyOfProtocols
- Required: No
- Description: The AnyOfProtocols parameter specifies a condition for the client access rule that's based on the client's protocol. Valid values for this parameter are: ExchangeActiveSync ExchangeAdminCenter ExchangeWebServices IMAP4 OfflineAddressBook OutlookAnywhere OutlookWebApp POP3 PowerShellWebServices RemotePowerShell REST UniversalOutlook
Enabled
- Required: No
- Description: The Enabled parameter specifies whether the client access rule is enabled or disabled. Valid values for this parameter are $true or $false. Default is $true
ExceptAnyOfAuthenticationTypes
- Required: No
- Description: The ExceptAnyOfAuthenticationTypes parameter specifies an exception for the client access rule that's based on the client's authentication type. Valid values for this parameter are: AdfsAuthentication BasicAuthentication CertificateBasedAuthentication NonBasicAuthentication OAuthAuthentication
ExceptAnyOfClientIPAddressesOrRanges
- Required: No
- Description: The ExceptAnyOfClientIPAddressesOrRanges parameter specifies an exception for the client access rule that's based on the client's IP address. Valid values for this parameter are: A single IP address: For example, 192.168.1.1 An IP address range: For example, 192.168.0.1-192.168.0.254 Classless Inter-Domain Routing (CIDR) IP: e.g. 192.168.3.1/24
ExceptAnyOfProtocols
- Required: No
- Description: The ExceptAnyOfProtocols parameter specifies an exception for the client access rule that's based on the client's protocol. Valid values for this parameter are: ExchangeActiveSync ExchangeAdminCenter ExchangeWebServices IMAP4 OfflineAddressBook OutlookAnywhere OutlookWebApp POP3 PowerShellWebServices RemotePowerShell REST UniversalOutlook
ExceptUsernameMatchesAnyOfPatterns
- Required: No
- Description: The ExceptUsernameMatchesAnyOfPatterns parameter specifies an exception for the client access rule that's based on the user's account name in the format [Domain][UserName] (for example, contoso.com\jeff). This parameter accepts text and the wildcard character () (for example, jeff, but not jeff).
Priority
- Required: No
- Description: The Priority parameter specifies a priority value for the client access rule. A lower integer value indicates a higher priority, and a higher priority rule is evaluated before a lower priority rule. The default value is 1.
RuleScope
- Required: No
- Description: The RuleScope parameter specifies the scope of the client access rule. Valid values are: All: The rule applies to all connections (end-users and middle-tier apps). Users: The rule only applies to end-user connections.
UserRecipientFilter
- Required: No
- Description: The UserRecipientFilter parameter specifies a condition for the client access rule that uses OPath filter syntax to identify the user. For example, {City -eq "Redmond"}. The filterable attributes that you can use with this parameter are: City Company CountryOrRegion CustomAttribute1 to CustomAttribute15 Department Office PostalCode StateOrProvince StreetAddress
Example
EXOClientAccessRule CliendAccessRuleExampleConfig {
Ensure = 'Present'
Identity = 'ExampleCASRule'
Credential = $Credential
Action = 'AllowAccess'
AnyOfAuthenticationTypes = @('AdfsAuthentication', 'BasicAuthentication')
AnyOfClientIPAddressesOrRanges = @('192.168.1.100', '10.1.1.0/24', '172.16.5.1-172.16.5.150')
AnyOfProtocols = @('ExchangeAdminCenter', 'OutlookWebApp')
Enabled = $false
ExceptAnyOfClientIPAddressesOrRanges = @('10.1.1.13', '172.16.5.2')
ExceptUsernameMatchesAnyOfPatterns = @('*ThatGuy*', 'contoso\JohnDoe')
Priority = 1
RuleScope = 'Users'
UserRecipientFilter = '{City -eq "Redmond"}'
}
