PowerShell Script used to create a report for Azure AD Conditional Access Policies.
The modules used in the script may still be in development and may change during the development cycle.
Review improvements for report format and possibly doc export.
The script will generate a report for all the Conditional Access Policies used in the Azure AD Tenant.
The report will resolve all ID's used within the policies for users, groups, named locations and applications.
Below is a list of steps recommended to allow the report to authenticate and retrieve the information required.
Steps:
1. Download and install the Microsoft Graph PowerShell module by launching a PowerShell Console as Administrator
and execute the below command:
Install-Module Microsoft.Graph -AllowClobber -Force
2. Launch a PowerShell Console
3. Run the below to authenticate to the Microsoft Graph PowerShell (Preview) Application that is added to Azure AD.
Connect-Graph -Scopes "Policy.Read.All","Directory.Read.All"
4. Complete the authentication by following the device login prompts.
5. Review and accept the required permissions.
6. The report can be executed as soon as the permissions are granted on the application.
Generates a report in the CSV and HTML format in the same location where the script is located.
PS C:\> Generate-ConditionalAccessReport.ps1 -export All
Generates a report in the CSV format in the same location where the script is located.
PS C:\> Generate-ConditionalAccessReport.ps1 -export CSV
Generates a report in the HTML format in the same location where the script is located.
PS C:\> Generate-ConditionalAccessReport.ps1 -export HTML
Exports .html and .csv files that contains the Conditional Access policies.
The script will connect to the Microsoft Graph service and collect the required information.
Github - https://github.com/microsoftgraph/msgraph-sdk-powershell