I was recently engaged to review a organisation’s Entra configuration around Password Security and their Conditional Access policies. Now I’ve seen tenants with the number of policies ranging from a handful to hundreds of policies over the years, these guys had about 50, which is still quite a few to go through by hand. Now doing this by hand takes a heap of time however I recently stumbled upon the Conditional Access Documenter by Merill Fernando thanks to a LinkedIn post and I decided to give it a go on my test tenant.
Once you arrive at the idPowerApp site, you’ll notice there are two ways to generate the report, either by manual generation, which means exporting the JSON via Graph API or PowerShell or via Automatic Generation. If you go down the path of Manual, you do loose some features such as automatic linking of group or object names instead of GUIDs. In my case we’re going down the Automatic path, which creates an Enterprise App for you with the required permissions as you can see below. Review everything and consent for your tenancy (if you feel inclined, delete the enterprise app once you’ve done the export).
Once back at the Conditional Access Documenter homepage, you’ll now have a Teams Purple Generate Documentation page. Clicking on it will then go through its motions which take anywhere from 10 seconds to a minute or so for it to generate a fresh looking PowerPoint similar to what I have below. If need be you can remove PII such as Usernames, Group Names or Locations.
A nice little tool to help on those projects that need documentation or even just the ability to audit or go back in time to see how your CAs have changed over time.
Leave a Reply