/ConditionalAccessDocumentation

Azure AD Conditional Access Documentation with PowerShell

Primary LanguagePowerShellMIT LicenseMIT

Document Conditional Access with PowerShell

PSGallery Version PSGallery Downloads GitHub GitHub Release Date

This PowerShell script documents your Entra ID Conditional Access policies while translating directory object IDs of targeted users, groups and apps to readable names. The script exports all data as a csv file which can be pretty formatted as excel workbook.

  1. Install this script from the PowerShell gallery (dependent modules are automatically installed):

    • Install-Script -Name Invoke-ConditionalAccessDocumentation -Scope CurrentUser

  2. Connect to Microsoft Graph

    • Grant initial admin consent: Connect-MgGraph -Scopes "Application.Read.All", "Group.Read.All", "Policy.Read.All", "RoleManagement.Read.Directory", "User.Read.All" -ContextScope Process

    • After initial admin consent has been granted you can connect with: Connect-MgGraph for subsequent usage

  3. Run script via PowerShell dot sourcing

    Invoke-ConditionalAccessDocumentation.ps1

  4. (Optional) Pretty format the csv with excel & save it as excel workbook

    • Example