AADAgreement

Parameters

Parameter Attribute DataType Description Allowed Values
DisplayName Key String The display name of the agreement.
Id Write String The unique identifier of the agreement.
IsViewingBeforeAcceptanceRequired Write Boolean Whether the user is required to view the agreement document before accepting.
IsPerDeviceAcceptanceRequired Write Boolean Whether the agreement is per device or per user.
UserReacceptRequiredFrequency Write String Duration after which the user must re-accept the terms of use. Must be in ISO 8601 duration format.
AcceptanceStatement Write String The acceptance statement included in the agreement.
FileData Write String The content of the agreement file.
FileName Write String The name of the agreement file.
Language Write String The language of the agreement file.
Ensure Write String Specify if the agreement should exist or not. Absent, Present
Credential Write PSCredential Credentials of the workload's Admin
ApplicationId Write String Id of the Azure Active Directory application to authenticate with.
TenantId Write String Id of the Azure Active Directory tenant used for authentication.
ApplicationSecret Write PSCredential Secret of the Azure Active Directory application to authenticate with.
CertificateThumbprint Write String Thumbprint of the Azure Active Directory application's authentication certificate to use for authentication.
ManagedIdentity Write Boolean Managed ID being used for authentication.
AccessTokens Write StringArray[] Access token used for authentication.

Description

This resource configures Azure AD Terms of Use Agreements in Entra ID. Terms of Use agreements allow organizations to present information to users that they must agree to before accessing resources.

Permissions

Microsoft Graph

To authenticate with the Microsoft Graph API, this resource required the following permissions:

Delegated permissions

  • Read

    • Agreement.Read.All
  • Update

    • Agreement.ReadWrite.All

Application permissions

  • Read

    • Agreement.Read.All
  • Update

    • Agreement.ReadWrite.All

Examples

Example 1

This example creates a new Azure AD Terms of Use Agreement.

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        AADAgreement 'CompanyTermsOfUse'
        {
            DisplayName                          = "Company Terms of Use"
            IsViewingBeforeAcceptanceRequired    = $true
            IsPerDeviceAcceptanceRequired        = $false
            UserReacceptRequiredFrequency        = "P90D"
            AcceptanceStatement                  = "I accept the terms of use"
            FileData                             = "<h1>Company Terms of Use</h1><p>These are the terms and conditions...</p>"
            FileName                             = "CompanyToU.html"
            Language                             = "en-US"
            Ensure                               = "Present"
            Credential                           = $Credential
        }
    }
}

Example 2

This example creates a Terms of Use Agreement that requires re-acceptance every 30 days.

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        AADAgreement 'MonthlyTermsOfUse'
        {
            DisplayName                          = "Monthly Terms of Use"
            IsViewingBeforeAcceptanceRequired    = $true
            IsPerDeviceAcceptanceRequired        = $true
            UserReacceptRequiredFrequency        = "P30D"
            AcceptanceStatement                  = "I have read and accept the terms of use"
            FileData                             = "TERMS OF USE\n\nBy accepting these terms..."
            FileName                             = "monthly_terms.txt"
            Language                             = "en-US"
            Ensure                               = "Present"
            Credential                           = $Credential
        }
    }
}

Example 3

This example removes an existing Azure AD Terms of Use Agreement.

Configuration Example
{
    param(
        [Parameter(Mandatory = $true)]
        [PSCredential]
        $Credential
    )
    Import-DscResource -ModuleName Microsoft365DSC

    node localhost
    {
        AADAgreement 'CompanyTermsOfUse'
        {
            DisplayName = "Company Terms of Use"
            Ensure      = "Absent"
            Credential  = $Credential
        }
    }
}