This PowerShell script documents your Entra ID Conditional Access policies while translating directory object IDs of targeted users, groups and apps to readable names. The script exports all data as a csv file which can be pretty formatted as excel workbook.
-
Install this script from the PowerShell gallery (dependent modules are automatically installed):
Install-Script -Name Invoke-ConditionalAccessDocumentation -Scope CurrentUser
-
Connect to Microsoft Graph
-
Grant initial admin consent:
Connect-MgGraph -Scopes "Application.Read.All", "Group.Read.All", "Policy.Read.All", "RoleManagement.Read.Directory", "User.Read.All" -ContextScope Process -
After initial admin consent has been granted you can connect with:
Connect-MgGraphfor subsequent usage
-
-
Run script via PowerShell dot sourcing
Invoke-ConditionalAccessDocumentation.ps1 -
(Optional) Pretty format the csv with excel & save it as excel workbook
