2.9 KiB
Document Conditional Access with PowerShell
This PowerShell script documents your Entra ID Conditional Access policies while translating directory object IDs of targeted users, groups and apps to readable names. This is an extended version of Daniel Chronlund’s DCToolbox. The script exports all data as a csv file which can be pretty formatted as excel workbook.
-
Install this script from the PowerShell gallery (dependent modules are automatically installed):
Install-Script -Name Invoke-ConditionalAccessDocumentation -Scope CurrentUser
-
Connect to Microsoft Graph
-
Grant initial admin consent:
Connect-MgGraph -Scopes "Application.Read.All", "Group.Read.All", "Policy.Read.All", "RoleManagement.Read.Directory", "User.Read.All" -ContextScope Process -
After initial admin consent has been granted you can connect with:
Connect-MgGraphfor subsequent usage
-
Usage
Run the script with the following options:
-
Default CSV export:
.\Invoke-ConditionalAccessDocumentation.ps1 -
Export with Excel:
.\Invoke-ConditionalAccessDocumentation.ps1 -ExportExcel -
Export with Excel to a custom path:
.\Invoke-ConditionalAccessDocumentation.ps1 -ExportExcel -ExcelPath "C:\Path\To\Save\ConditionalAccess.xlsx" -
Use multi-line output (default is single-line):
.\Invoke-ConditionalAccessDocumentation.ps1 -MultiLine
-
(Optional) Pretty format the csv with excel & save it as excel workbook
New Features
- Automatic installation of required PowerShell modules if they are not present.
- CSV export with proper delimiter and encoding to ensure compatibility and readability.
- Excel export option that creates a workbook with multiple worksheets including a Master sheet, Summary sheet, and individual sheets for each Conditional Access policy.
- Readable two-column layout in the Excel export for enhanced clarity and presentation.
- Translation of directory object IDs (users, groups, apps) to human-readable names for easier analysis.