Have written a custom PowerShell script to retrieve azure ad conditional access policies information and save the output in a csv file. I'm using Get-AzureADMSConditionalAccessPolicy cmdlet queries to achieve that.
Some of Get-AzureADMSConditionalAccessPolicy cmdlet parameter values is returning System.Collections.Generic.List`1[System.String] values, i need this information in a readable format or at least none if the value for the parameter is empty.
Below is my script:
$allpolicies = Get-AzureADMSConditionalAccessPolicy
$allpolicies | ForEach-Object{
$policyID = $_.Id
$policydisplayname = $_.DisplayName
$policystate = $_.State
$applications = ($_.Conditions).Applications.IncludeApplications
$includedusers = ($_.Conditions).Users.IncludeUsers
$includedgroups = ($_.Conditions).Users.IncludeGroups
$includedlocation = ($_.Conditions).Locations.includelocations
New-object -typename PSobject -property @{
ID = $policyID
DisplayName = $policydisplayname
Policy_State = $policystate
Includedapps = $applications
Users_Applied_The_Policy = $includedusers
Groups_Applied_The_Policy = $includedgroups
Locations_Applied_The_Policy = $includedlocation
}
} | Sort-Object ID, DisplayName, Policy_State, Includedapps, Users_Applied_Policy, Groups_Applied_Policy, Locations_Applied | Export-Csv -Path C:\CAccessResults3.csv -NoTypeInformation
Output in the csv file;
On running the script without saving information into a csv file, the results is different, below is the snipshot.
I'm expecting to have the csv file have readable information for Includedapps, Users_Applied_Policy, Groups_Applied_Policy, Locations_Applied parameters.
CodePudding user response:
You can either turn the lists into strings with the -join operator:
$allpolicies = Get-AzureADMSConditionalAccessPolicy
$allpolicies | ForEach-Object {
New-object -typename PSobject -property @{
ID = $_.Id
DisplayName = $_.DisplayName
Policy_State = $_.State
Includedapps = ($_.Conditions).Applications.IncludeApplications -join ';'
Users_Applied_The_Policy = ($_.Conditions).Users.IncludeUsers -join ';'
Groups_Applied_The_Policy = ($_.Conditions).Users.IncludeGroups -join ';'
Locations_Applied_The_Policy = ($_.Conditions).Locations.includelocations -join ';'
}
} | Sort-Object ID, DisplayName, Policy_State, Includedapps, Users_Applied_Policy, Groups_Applied_Policy, Locations_Applied | Export-Csv -Path C:\CAccessResults3.csv -NoTypeInformation
Or you can output one object per conditional target (1 object = 1 row):
$allpolicies = Get-AzureADMSConditionalAccessPolicy
$allpolicies | ForEach-Object {
foreach($application in ($_.Conditions).Applications.IncludeApplications){
New-object -typename PSobject -property @{
ID = $_.Id
DisplayName = $_.DisplayName
Policy_State = $_.State
TargetType = 'Application'
TargetName = $application
}
}
foreach($user in ($_.Conditions).Users.IncludeUsers){
New-object -typename PSobject -property @{
ID = $_.Id
DisplayName = $_.DisplayName
Policy_State = $_.State
TargetType = 'User'
TargetName = $user
}
}
foreach($group in ($_.Conditions).Users.IncludeGroups){
New-object -typename PSobject -property @{
ID = $_.Id
DisplayName = $_.DisplayName
Policy_State = $_.State
TargetType = 'Group'
TargetName = $group
}
}
foreach($location in ($_.Conditions).Locations.includelocations){
New-object -typename PSobject -property @{
ID = $_.Id
DisplayName = $_.DisplayName
Policy_State = $_.State
TargetType = 'Location'
TargetName = $location
}
}
} | Sort-Object ID, DisplayName, TargetType, TargetName | Export-Csv -Path C:\CAccessResults3.csv -NoTypeInformation