Share via

How to get all data related to Entra ID Conditional access Policy

Mani 376 Reputation points
2025-01-21T19:42:31.05+00:00

Hello All,

How to get all data related to Entra ID Conditional access Policy

I tried Get-AzureADMSConditionalAccessPolicy | FL

And it has given me this output,

Id : ce4c0f55-6554-47c4-9527-9429cdaa4ca8

DisplayName : MFA_Policy

State : disabled

Conditions : class ConditionalAccessConditionSet {

              **Applications: class ConditionalAccessApplicationCondition {**

              **IncludeApplications: System.Collections.Generic.List`1[System.String]**

              **ExcludeApplications: System.Collections.Generic.List`1[System.String]**

              **IncludeUserActions: System.Collections.Generic.List`1[System.String]**

              **IncludeProtectionLevels:**

            **}**

              **Users: class ConditionalAccessUserCondition {**

              **IncludeUsers: System.Collections.Generic.List`1[System.String]**

              **ExcludeUsers: System.Collections.Generic.List`1[System.String]**

              **IncludeGroups: System.Collections.Generic.List`1[System.String]**

              **ExcludeGroups: System.Collections.Generic.List`1[System.String]**

              **IncludeRoles: System.Collections.Generic.List`1[System.String]**

              **ExcludeRoles: System.Collections.Generic.List`1[System.String]**

            **}**

              **Platforms: class ConditionalAccessPlatformCondition {**

              **IncludePlatforms: System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.ConditionalAccessDevicePlatforms]**

              **ExcludePlatforms: System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.ConditionalAccessDevicePlatforms]**

            **}**

              **Locations: class ConditionalAccessLocationCondition {**

              **IncludeLocations: System.Collections.Generic.List`1[System.String]**

              **ExcludeLocations: System.Collections.Generic.List`1[System.String]**

            **}**

              **SignInRiskLevels: System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.ConditionalAccessRiskLevel]**

              **ClientAppTypes: System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.ConditionalAccessClientApp]**

            **}**

GrantControls : class ConditionalAccessGrantControls {

              **_Operator: OR**

              **BuiltInControls: System.Collections.Generic.List`1[Microsoft.Open.MSGraph.Model.ConditionalAccessGrantControl]**

              **CustomAuthenticationFactors: System.Collections.Generic.List`1[System.String]**

              **TermsOfUse: System.Collections.Generic.List`1[System.String]**

            **}**

Please suggest is there any chance to get the conditions in details using PowerShell or by using any other alternate.

PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,808 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,211 questions
Accepted answer
  1. Raja Pothuraju 12,660 Reputation points Microsoft Vendor
    2025-02-05T20:10:53.2033333+00:00

    Hello @Mani,

    Thank you for posting your query on Microsoft Q&A.

    Adding to Andy David - MVP answer. You can refer to the document which will only focus on exporting Conditional Access policies using PowerShell commands:

    https://www.alitajran.com/export-conditional-access-policies/

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 152.3K Reputation points MVP
    2025-01-21T20:47:21.7833333+00:00
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.