Skip to content

Releases: thetolkienblackguy/ConditionalAccessIQ

v0.1.0-alpha

14 Mar 20:59
@thetolkienblackguy thetolkienblackguy
v0.1.0-alpha
f17f18b

Choose a tag to compare

View all tags
v0.1.0-alpha Latest
Latest

ConditionalAccessIQ v0.0.3 Release Notes

Overview

ConditionalAccessIQ, is a PowerShell module that helps administrators track, audit, and visualize changes to Conditional Access policies in Microsoft Entra ID (Azure AD). The module creates comprehensive HTML reports of policy modifications, including detailed before/after comparisons, and provides a complete audit trail for compliance and security purposes.

What's New

  • Improvements:
  • New Invoke-CAIQBreakGlassAssessment function to assess if break glass accounts are properly excluded from all Conditional Access policies
  • HTML dashboard to visualize break glass account exclusions across all policies

Upgrade Notes

This version is fully backward compatible with previous versions. No changes to existing scripts or workflows are required.

Installation

Install-Module ConditionalAccessIQ
Import-Module ConditionalAccessIQ

Quick Start

# Connect to Microsoft Graph with required permissions
Connect-MgGraph -Scopes "Policy.Read.All","AuditLog.Read.All","Directory.Read.All"

# Run the main command with default options
Invoke-CAIQ

This generates a comprehensive HTML report (Conditional_Access_Intelligence.html) showing all policy changes from the past 24 hours and automatically opens it in your browser.

Advanced Usage

# Customize date range (UTC format)
Invoke-CAIQ -StartDate "2024-11-01T00:00:00Z" -EndDate "2024-11-15T23:59:59Z" -OutputPath "C:\Reports\CA" -Title "November CA Policy Changes"

Known Limitations

  • Audit Log Retention: Limited to your Entra ID audit log retention period

Requirements

  • PowerShell 5.1 or PowerShell Core (7.x)
  • Microsoft Graph PowerShell SDK

Note: Feedback and feature requests are welcome!

Assets 2
Loading

v0.0.3-alpha

26 Feb 18:40
@thetolkienblackguy thetolkienblackguy
v0.0.3-alpha
81fe722

Choose a tag to compare

View all tags
v0.0.3-alpha

ConditionalAccessIQ v0.0.3 Release Notes

Overview

ConditionalAccessIQ, is a PowerShell module that helps administrators track, audit, and visualize changes to Conditional Access policies in Microsoft Entra ID (Azure AD). The module creates comprehensive HTML reports of policy modifications, including detailed before/after comparisons, and provides a complete audit trail for compliance and security purposes.

What's New

  • Improvements:
    • Added support for all Graph environments (Global, US Gov, US Gov DoD, China, Germany)

Upgrade Notes

This version is fully backward compatible with previous versions. No changes to existing scripts or workflows are required.

Installation

Install-Module ConditionalAccessIQ
Import-Module ConditionalAccessIQ

Quick Start

# Connect to Microsoft Graph with required permissions
Connect-MgGraph -Scopes "Policy.Read.All","AuditLog.Read.All","Directory.Read.All"

# Run the main command with default options
Invoke-CAIQ

This generates a comprehensive HTML report (Conditional_Access_Intelligence.html) showing all policy changes from the past 24 hours and automatically opens it in your browser.

Advanced Usage

# Customize date range (UTC format)
Invoke-CAIQ -StartDate "2024-11-01T00:00:00Z" -EndDate "2024-11-15T23:59:59Z" -OutputPath "C:\Reports\CA" -Title "November CA Policy Changes"

Known Limitations

  • Audit Log Retention: Limited to your Entra ID audit log retention period

Requirements

  • PowerShell 5.1 or PowerShell Core (7.x)
  • Microsoft Graph PowerShell SDK

Note: Feedback and feature requests are welcome!

Loading

v0.0.2-alpha - Initial Release

26 Feb 18:19
@thetolkienblackguy thetolkienblackguy
v0.0.2-alpha
4896a94

Choose a tag to compare

View all tags
v0.0.2-alpha - Initial Release Pre-release
Pre-release

ConditionalAccessIQ v0.0.2 Release Notes

Overview

This is the first public version of ConditionalAccessIQ, a PowerShell module that helps administrators track, audit, and visualize changes to Conditional Access policies in Microsoft Entra ID (Azure AD). The module creates comprehensive HTML reports of policy modifications, including detailed before/after comparisons, and provides a complete audit trail for compliance and security purposes.

What's Included

  • Core Commands:

    • Invoke-CAIQ to analyze and report on policy changes
    • Send-CAIQMailMessage to email reports via Microsoft Graph

  • Key Features:

    • Change Detection: Identifies modified, added, and deleted policies
    • Historical Tracking: Preserves each version of every policy
    • User-Friendly Reports: Interactive HTML with clear before/after comparisons
    • Name Resolution: Automatically resolves object IDs to display names
    • Audit Logs: Integrates with Microsoft Graph to track who made changes

  • Advanced Capabilities:

    • Template-based report generation with caching for performance
    • Email notifications with attachments
    • HTML reports with policy restoration instructions
    • Detection of Microsoft-managed policies

Installation

Install-Module ConditionalAccessIQ
Import-Module ConditionalAccessIQ

Quick Start

# Connect to Microsoft Graph with required permissions
Connect-MgGraph -Scopes "Policy.Read.All","AuditLog.Read.All","Directory.Read.All"

# Run the main command with default options
Invoke-CAIQ

This generates a comprehensive HTML report (Conditional_Access_Intelligence.html) showing all policy changes from the past 24 hours and automatically opens it in your browser.

Advanced Usage

# Customize date range (UTC format)
Invoke-CAIQ -StartDate "2024-11-01T00:00:00Z" -EndDate "2024-11-15T23:59:59Z" -OutputPath "C:\Reports\CA" -Title "November CA Policy Changes"

Known Limitations

  • Audit Log Retention: Limited to your Entra ID audit log retention period

Requirements

  • PowerShell 5.1 or PowerShell Core (7.x)
  • Microsoft Graph PowerShell SDK

Note: This is the initial public release. Feedback and feature requests are welcome!

Loading