A while ago I uploaded a quick script to document Conditional Access Policies out to JSON files. This has been really useful for me to export out policies but one issue I had with it was that the users and applications were represented as Object IDs and this wasn’t very user friendly when passing on as a report.
To help make this a bit easier, I have added a translation function to the original script which can be triggered by adding the -PerformTranslation $true parameter to the original script.
The preparation of the script is pretty much identical to the original post here with one modification, when we register our application, we need to add in the Application Permissions for “Policy.Read.All”, “User.Read.All”, “Group.Read.All” and “Application.Read.All”.
With this in place simply add in the “-PerformTranslation $True” flag to the standard command to translate from Object IDs to Group/Application names and users UPNs. The command to run the script with translations is:
Report-ConditionalAccess -clientId $clientid -tenantId $tenantid -clientSecret $clientSecret -PerformTranslation $true
The output is the same as before except now the Object IDs are are changed to friendly names: