Skip to content
/ CAPs Public

Scripts to enumerate and report on Entra Conditional Access

24 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

techBrandon/CAPs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
Grant-CAPPermissions.ps1
Grant-CAPPermissions.ps1
 
 
Invoke-CAPReview.ps1
Invoke-CAPReview.ps1
 
 
README.md
README.md
 
 
Revoke-CAPPermissions.ps1
Revoke-CAPPermissions.ps1
 
 

Repository files navigation

Welcome! This repo is dedicated to reporting on Microsoft Entra Conditional Access.

The Invoke-CAPReview.ps1 script requires an account that has been delegated read-only permissions to the Graph Command Line Tools (aka Microsoft Graph PowerShell) These permissions (and more) are automatically delegated to highly privileged Entra ID roles however, best practice would require a dedicated account granted only the required permissions. The Grant-CAPPermissions.ps1 is a very simple script that can delegate these permissions. Set the $userUPN variable and run the script as Cloud Application Administrator or equivalent.

Script output reports on statistics and lists all Conditional Access Policies image

It then categorizes the policies into 9 of Microsoft's best practice categories

image

Finally, the script begins checking for misconfigured policies image

About

Scripts to enumerate and report on Entra Conditional Access

Resources

Readme
Activity

Stars

24 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages