Export-AADAssessConditionalAccessData.ps1

<#
.SYNOPSIS
    Produces the Azure AD Conditional Access reports required by the Azure AD assesment
.DESCRIPTION
    This cmdlet reads the conditional access from the target Azure AD Tenant and produces the output files
    in a target directory
.EXAMPLE
   .\Export-AADAssessConditionalAccessData -OutputDirectory "c:\temp\contoso"
#>

function Export-AADAssessConditionalAccessData {
    [CmdletBinding()]
    param (
        # Full path of the directory where the output files will be generated.
        [Parameter(Mandatory = $true)]
        [string] $OutputDirectory
    )

    Start-AppInsightsRequest $MyInvocation.MyCommand.Name
    try {

        ## Create Cache for Referenced IDs
        $ReferencedIdCache = New-AadReferencedIdCache

        ## Get Conditional Access Policies
        Get-MsGraphResults "identity/conditionalAccess/policies" `
        | Use-Progress -Activity 'Exporting conditionalAccessPolicies' -Property displayName -PassThru `
        | Add-AadReferencesToCache -Type conditionalAccessPolicy -ReferencedIdCache $ReferencedIdCache -PassThru `
        | Export-JsonArray (Join-Path $OutputDirectory "conditionalAccessPolicies.json") -Depth 5 -Compress

        ## Get Named Locations
        Get-MsGraphResults "identity/conditionalAccess/namedLocations" `
        | Use-Progress -Activity 'Exporting namedLocations' -Property displayName -PassThru `
        | Export-JsonArray (Join-Path $OutputDirectory "namedLocations.json") -Depth 5 -Compress

        ## Get Referenced Users
        Set-Content -Path (Join-Path $OutputDirectory "users.csv") -Value 'id,userPrincipalName,displayName'
        Get-MsGraphResults 'users?$select=id,userPrincipalName,displayName' -UniqueId $ReferencedIdCache.user -DisableUniqueIdDeduplication `
        | Use-Progress -Activity 'Exporting referenced users' -Property displayName -PassThru `
        | Select-Object -Property "*" -ExcludeProperty '@odata.type' `
        | Export-Csv (Join-Path $OutputDirectory "users.csv") -NoTypeInformation
        #| Export-JsonArray (Join-Path $OutputDirectory "users.json") -Depth 5 -Compress

        ## Get Referenced Groups
        Set-Content -Path (Join-Path $OutputDirectory "groups.csv") -Value 'id,displayName'
        Get-MsGraphResults 'groups?$select=id,displayName' -UniqueId $ReferencedIdCache.group -DisableUniqueIdDeduplication `
        | Use-Progress -Activity 'Exporting referenced groups' -Property displayName -PassThru `
        | Select-Object -Property "*" -ExcludeProperty '@odata.type' `
        | Export-Csv (Join-Path $OutputDirectory "groups.csv") -NoTypeInformation
        #| Export-JsonArray (Join-Path $OutputDirectory "groups.json") -Depth 5 -Compress

        ## Get Referenced ServicePrincipals (AppIDs)
        Set-Content -Path (Join-Path $OutputDirectory "servicePrincipals.csv") -Value 'id,appId,displayName'
        Get-MsGraphResults 'servicePrincipals?$select=id,appId,displayName' -Filter "appId eq '{0}'" -UniqueId $ReferencedIdCache.appId -DisableUniqueIdDeduplication `
        | Use-Progress -Activity 'Exporting referenced apps/servicePrincipals' -Property displayName -PassThru `
        | Export-Csv (Join-Path $OutputDirectory "servicePrincipals.csv") -NoTypeInformation
        #| Export-JsonArray (Join-Path $OutputDirectory "servicePrincipals.json") -Depth 5 -Compress

    }
    catch { if ($MyInvocation.CommandOrigin -eq 'Runspace') { Write-AppInsightsException $_.Exception }; throw }
    finally { Complete-AppInsightsRequest $MyInvocation.MyCommand.Name -Success $? }
}