Document Conditional Access Configuration with my Modern Workplace Concierge

Mon, 20 Apr 2020 19:22:33 +0000

Documenting things sucks. If it involves a lot of klick(edi klack klack) in portals and copying information around even more. But there’s hope. And it’s called automation. For the Intune part Thomas Kurt did already an awesome job with his IntuneDocumentation. Now the Modern Workplace Concierge is ready to help you with documenting your Conditional Access configuration. I promise you: we will get through this within under 15 minutes! Afterwards you can make an impression on your fellow Enterprise Mobility teammates.

What’s inside?
#

A Conditional Access policy is returned by the Microsoft Graph API in the following JSON representation:


{
 "id": "714b5737-5f13-415e-bf96-d659f3a5928e",
 "displayName": "PROD - Admin protection - Azure management: Require MFA",
 "createdDateTime": null,
 "modifiedDateTime": null,
 "state": "enabled",
 "grantControls": {
 "operator": "OR",
 "builtInControls": [
 "mfa"
 ],
 "customAuthenticationFactors": [],
 "termsOfUse": []
 },
 "conditions": {
 "signInRiskLevels": [],
 "clientAppTypes": [],
 "platforms": null,
 "locations": null,
 "deviceStates": null,
 "applications": {
 "includeApplications": [
 "797f4846-ba00-4fd7-ba43-dac1f8f63013"
 ],
 "excludeApplications": [],
 "includeUserActions": []
 },
 "users": {
 "includeUsers": [
 "All"
 ],
 "excludeUsers": [],
 "includeGroups": [],
 "excludeGroups": [
 "04988d96-ad01-4569-9aee-a199a1cb4f8e"
 ],
 "includeRoles": [],
 "excludeRoles": []
 }
 },
 "sessionControls": null
}

That’s not really human readable. Especially the object id’s (32 character UUIDs) make it difficult to guess to which users or apps a policy is assigned. But an API has definitely other goals than showing pretty formatted reports.

Modernworkplaceconcierge on Nicola Suter

Document Conditional Access Configuration with my Modern Workplace Concierge

What’s inside? #

What’s inside?
#