# Document Conditional Access with PowerShell 

[![PSGallery Version](https://img.shields.io/powershellgallery/v/Invoke-ConditionalAccessDocumentation.svg?style=flat-square&label=PSGallery%20Version)](https://www.powershellgallery.com/packages/Invoke-ConditionalAccessDocumentation) [![PSGallery Downloads](https://img.shields.io/powershellgallery/dt/Invoke-ConditionalAccessDocumentation?style=flat-square&label=PSGallery%20Downloads)](https://www.powershellgallery.com/packages/Invoke-ConditionalAccessDocumentation)
![GitHub](https://img.shields.io/github/license/nicolonsky/conditionalaccessdocumentation?style=flat-square)
![GitHub Release Date](https://img.shields.io/github/release-date/nicolonsky/conditionalaccessdocumentation?style=flat-square)


This PowerShell script documents your Entra ID Conditional Access policies while translating directory object IDs of targeted users, groups and apps to readable names. It is based on and extends **[nicolonsky/ConditionalAccessDocumentation](https://github.com/nicolonsky/ConditionalAccessDocumentation)** and incorporates updates by **[x3nc0n/ConditionalAccessDocumentation](https://github.com/x3nc0n/ConditionalAccessDocumentation)**. The script exports all data as a CSV file and can also generate a formatted Excel workbook.

1. Install this script from the PowerShell gallery (dependent modules are automatically installed):

    * `Install-Script -Name Invoke-ConditionalAccessDocumentation -Scope CurrentUser`
    
2. Connect to Microsoft Graph

    * Grant initial admin consent: `Connect-MgGraph -Scopes "Application.Read.All", "Group.Read.All", "Policy.Read.All", "RoleManagement.Read.Directory", "User.Read.All" -ContextScope Process`
    
    * After initial admin consent has been granted you can connect with: `Connect-MgGraph` for subsequent usage

## Usage

Run the script with the following options:

- Default CSV export:

    ```powershell
    .\Invoke-ConditionalAccessDocumentation.ps1
    ```

- Export with Excel:

    ```powershell
    .\Invoke-ConditionalAccessDocumentation.ps1 -ExportExcel
    ```

- Export with Excel to a custom path:

    ```powershell
    .\Invoke-ConditionalAccessDocumentation.ps1 -ExportExcel -ExcelPath "C:\Path\To\Save\ConditionalAccess.xlsx"
    ```

- Use multi-line output (default is single-line):

    ```powershell
    .\Invoke-ConditionalAccessDocumentation.ps1 -MultiLine
    ```
    
4. (Optional) Pretty format the csv with excel & save it as excel workbook 

    * ![Example](https://raw.githubusercontent.com/nicolonsky/ConditionalAccessDocumentation/master/Example/Example.png)

## New Features

- Automatic installation of required PowerShell modules if they are not present.
- CSV export with proper delimiter and encoding to ensure compatibility and readability.
- Excel export option that creates a workbook with multiple worksheets including a Master sheet, Summary sheet, and individual sheets for each Conditional Access policy.
- Readable two-column layout in the Excel export for enhanced clarity and presentation.
- Translation of directory object IDs (users, groups, apps) to human-readable names for easier analysis.