AzureADAssessment

2.0.800058

Export-AADAssessConditionalAccessData.ps1

                                <#

.SYNOPSIS

    Produces the Azure AD Conditional Access reports required by the Azure AD assesment

.DESCRIPTION

    This cmdlet reads the conditional access from the target Azure AD Tenant and produces the output files

    in a target directory

.EXAMPLE

   .\Export-AADAssessConditionalAccessData -OutputDirectory "c:\temp\contoso"

#>

function Export-AADAssessConditionalAccessData {

    [CmdletBinding()]

    param (

        # Full path of the directory where the output files will be generated.

        [Parameter(Mandatory = $true)]

        [string] $OutputDirectory

    )

    Start-AppInsightsRequest $MyInvocation.MyCommand.Name

    try {

        ## Create Cache for Referenced IDs

        $ReferencedIdCache = New-AadReferencedIdCache

        ## Get Conditional Access Policies

        Get-MsGraphResults "identity/conditionalAccess/policies" `

        | Use-Progress -Activity 'Exporting conditionalAccessPolicies' -ScriptBlock { $args[0] } -Property displayName `

        | Add-AadReferencesToCache -Type conditionalAccessPolicy -ReferencedIdCache $ReferencedIdCache -PassThru `

        | Export-JsonArray (Join-Path $OutputDirectory "conditionalAccessPolicies.json") -Depth 5 -Compress

        ## Get Named Locations

        Get-MsGraphResults "identity/conditionalAccess/namedLocations" `

        | Use-Progress -Activity 'Exporting namedLocations' -ScriptBlock { $args[0] } -Property displayName `

        | Export-JsonArray (Join-Path $OutputDirectory "namedLocations.json") -Depth 5 -Compress

        ## Get Referenced Users

        Set-Content -Path (Join-Path $OutputDirectory "users.csv") -Value 'id,userPrincipalName,displayName'

        Get-MsGraphResults 'users?$select=id,userPrincipalName,displayName' -UniqueId $ReferencedIdCache.user -DisableUniqueIdDeduplication `

        | Use-Progress -Activity 'Exporting referenced users' -ScriptBlock { $args[0] } -Property displayName `

        | Select-Object -Property "*" -ExcludeProperty '@odata.type' `

        | Export-Csv (Join-Path $OutputDirectory "users.csv") -NoTypeInformation

        #| Export-JsonArray (Join-Path $OutputDirectory "users.json") -Depth 5 -Compress

        ## Get Referenced Groups

        Set-Content -Path (Join-Path $OutputDirectory "groups.csv") -Value 'id,displayName'

        Get-MsGraphResults 'groups?$select=id,displayName' -UniqueId $ReferencedIdCache.group -DisableUniqueIdDeduplication `

        | Use-Progress -Activity 'Exporting referenced groups' -ScriptBlock { $args[0] } -Property displayName `

        | Select-Object -Property "*" -ExcludeProperty '@odata.type' `

        | Export-Csv (Join-Path $OutputDirectory "groups.csv") -NoTypeInformation

        #| Export-JsonArray (Join-Path $OutputDirectory "groups.json") -Depth 5 -Compress

        ## Get Referenced ServicePrincipals (AppIDs)

        Set-Content -Path (Join-Path $OutputDirectory "servicePrincipals.csv") -Value 'id,appId,displayName'

        Get-MsGraphResults 'servicePrincipals?$select=id,appId,displayName' -Filter "appId eq '{0}'" -UniqueId $ReferencedIdCache.appId -DisableUniqueIdDeduplication `

        | Use-Progress -Activity 'Exporting referenced apps/servicePrincipals' -ScriptBlock { $args[0] } -Property displayName `

        | Export-Csv (Join-Path $OutputDirectory "servicePrincipals.csv") -NoTypeInformation

        #| Export-JsonArray (Join-Path $OutputDirectory "servicePrincipals.json") -Depth 5 -Compress

    }

    catch { if ($MyInvocation.CommandOrigin -eq 'Runspace') { Write-AppInsightsException $_.Exception }; throw }

    finally { Complete-AppInsightsRequest $MyInvocation.MyCommand.Name -Success $? }

}