Updated: Conditional Access Documentation Script Now Supports Translation to Friendly Names

A while ago I uploaded a quick script to document Conditional Access Policies out to JSON files. This has been really useful for me to export out policies but one issue I had with it was that the users and applications were represented as Object IDs and this wasn’t very user friendly when passing on as a report.

To help make this a bit easier, I have added a translation function to the original script which can be triggered by adding the -PerformTranslation $true parameter to the original script.

The preparation of the script is pretty much identical to the original post here with one modification, when we register our application, we need to add in the Application Permissions for “Policy.Read.All”, “User.Read.All”, “Group.Read.All” and “Application.Read.All”.

With this in place simply add in the “-PerformTranslation $True” flag to the standard command to translate from Object IDs to Group/Application names and users UPNs. The command to run the script with translations is:

Report-ConditionalAccess -clientId $clientid -tenantId $tenantid -clientSecret $clientSecret -PerformTranslation $true

The output is the same as before except now the Object IDs are are changed to friendly names:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s