/ConditionalAccessDocumentation

Azure AD Conditional Access Documentation with PowerShell

Primary LanguagePowerShell

Document Conditional Access with PowerShell

PSGallery Version PSGallery Downloads

This PowerShell script documents your Azure AD Conditional Access policies. The script exports all data as a csv file which can be pretty formatted as excel workbook.

  1. Install this script from the PowerShell gallery (dependent modules are automatically installed):

    • Install-Script -Name Invoke-ConditionalAccessDocumentation -Scope CurrentUser

    • Script is saved to the user's default script lcoation: "C:\Users\%USERNAME%\Documents\WindowsPowerShell\Scripts"

  2. Connect to Microsoft Graph

    • Grant initial admin consent: Connect-Graph -Scopes "Application.Read.All", "Group.Read.All", "Policy.Read.All", "RoleManagement.Read.Directory", "User.Read.All" -ContextScope Process

    • You can also connect to Microsoft Graph Beta endpoint with Select-MgProfile -Name "Beta", this will also export policies with preview features like workload identities

    • After initial admin consent has been granted you can connect with: Connect-Graph

  3. Run script via PowerShell dot sourcing

    • & "C:\Users\$env:USERNAME\Documents\WindowsPowerShell\Scripts\Invoke-ConditionalAccessDocumentation.ps1"
  4. (Optional) Pretty format the csv with excel & save it as excel workbook

    • Example