This tool is designed to help save your CA policies as an HTML format for external review or documentation.
This script generates a simple table of your CA policies.
Run the script using:
.\Export-CaPolicy.ps1The script automatically connects to the Graph Module if you are not connected. If you need to change environments, you can manually disconnect using the command below.
Disconnect-MgGraphThis script not only generates a table of your CA policies but also includes recommendations and checks for each policy. It provides detailed insights and suggestions to enhance the security of your Conditional Access policies.
Run the script using:
.\Export-CAPolicyWithRecs.ps1The script automatically connects to the Graph Module if you are not connected. If you need to change environments, you can manually disconnect using the command below.
Disconnect-MgGraphThe recommendations script checks for the following items:
- Legacy Authentication
- MFA Policy targets All Users Group and All Cloud Apps
- Mobile Device Policy requires MDM or MAM
- Require Hybrid Join or Intune Compliance on Windows or Mac
- Require MFA for Admins
- Require Phish-Resistant MFA for Admins
- Policy Excludes Same Entities It Includes
- No Users Targeted in Policy
- Direct User Assignment
- Implement Risk-Based Policy
- Block Device Code Flow
- Require MFA to Enroll a Device in Intune
- Block Unknown/Unsupported Devices
Sample output
This tool has been updated to version 2.0 to maintain support for new features as they are released.
The other large change in V2.0 is updating the styling of the export so it is easier to read, and now the selects properly target the whole column.
It's cool to share stuff to make other people's lives easier, so let's keep doing that.
Shield:
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
