Performing a Conditional Access Assessment with PowerShell ( – Sean McAvinue)

Information Architecture Information Management Microsoft Office Office 365 SharePoint

Decrypting Conditional Access Complexity

Conditional Access is a powerful tool granting an easy way to bolster the security of an Office 365 tenant. The flexibility of Conditional Access means it can fit most organizational and security requirements easily. However, as with most things in technology, with flexibility there often comes complexity.

I see many tenants that have grown over time and as organizations grow and change (for example, adopting a hybrid working model), Conditional Access is updated to reflect the changing requirements. Unfortunately, as these changes are made, old policies, groups and assignments are not always tidied up. After a while, Conditional Access loses the flexibility it previously had because it is harder to predict the impact a change will have when there are a mess of policies that target different groups or apps.

There are tools available to help admins understand their Conditional Access policies better such as the Conditional Access Insights and Reporting Dashboard and the Conditional Access What-If tool. They are both fantastic tools, but they are somewhat limited in picking apart the detail of complex Conditional Access policy combinations.

To generate the information needed to decrypt Conditional Access policies in a practical manner, I created a PowerShell script (available on GitHub) to document not just Conditional Access policy settings, but also detail who is impacted by each policy and why.

Read the entire article here.

Bob Mixon

My primary goal in life is to support my family, be a friend and enjoy each day as it may be my last. For work, I am a Senior Office 365 and SharePoint Solution Architect, Senior Information Architect and Microsoft SharePoint MVP. You can read my entire profile here.

More Posts - Website

Follow Me: