AlexFilipin
commented
4 years ago Thanks for the feedback
-
As of now remove-policies.ps1 is a helper script that you can use if you run the script interactively. Once I found the "best way to authenticate" I will add that to the helper script. And other future scripts, e.g. there is a first draft for named location automation.
-
If you are looking for a simple way to export I would take a look at Graph Explorer https://developer.microsoft.com/en-us/graph/graph-explorer and simply do a https://graph.microsoft.com/beta/identity/conditionalAccess/policies or take a look at https://mwconcierge.azurewebsites.net/ - but I will also look at ways that make sense for this solution. If you always keep the current version of your script as JSON and update policies with the automation you can do that today. After your first policy set deployment you 'simply' have to add the policy id to the JSON and it will start updating if you redeploy, this will keep the well known replacements in the JSON, opposed to a simple export where you would loose the well known replacement logic.
-
I agree, looking into this - If you have any good examples for an interactive auth flow to MS Graph you would prefer please let me know. When it comes to full automation I am looking into Azure DevOps integrations - more to come!
The project is really taking form, great work. A few suggestions to the backlog (if you agree) 1) Include options to the remove-policies.ps1 script so that it can be used alone with its own authentication 2) Add an option or a separate script to backup/restore current policies as an action in itself. 3) Add the option to authentication interactively as opposed to having to use device login flow or other authentication mechanisms that support full automation/API access