Created by Merill Fernando, Identity PowerToys provides a slick method to see all of your existing Conditional Access Policies in an easy to read PowerPoint slide format.
Whether you're in InfoSec, Architecture or a Cloud Engineer, Identity PowerToys is a must have tool in your back pocket to quickly audit, review and better understand all your existing Conditional Access Policies.
Ok, so how do I use it?
Visit, https://idpowertoys.com and log on.
You'll be prompted with the following screen to authorise the installation of the idPowerToys application in Azure AD, so click accept.
Obviously only do this with the correct approval from your organisation!!
Ok so for this example, we're going to use the Automatic Generation option (I like easy).
If you click settings, Merill has provided several options to remove PII and confidential information from the report if you so need to.
Ok, so when you're ready click the "Generate Documentation" button and you'll automatically download a Microsoft PowerPoint file with all of your Conditional Access Policies.
Here's a sample screenshot from one of the slides during my testing. The information is clearly laid out in an easy to read format, providing all of the steps from that specific policy I named "Token Protection Policy". You can even see the group name bottom left which has a (2) next to it. That refers to the number of accounts assigned to the group (cool eh!).
For those interested in the configuration the application makes within Azure AD, I've added some further information below.
As you can see, an idPowerToys app is created in AzureAD > Enterprise Application.
In addition, the application automatically adds the Cloud Application Administrator and Reports Reader roles. So it's worth checking before you add the app, whether your environment uses Azure Privileged Identity Management. As this will surely kick off a few alerts to the SOC team ;)
Thanks again to Merill for creating this awesome app and I hope you found this guide useful. Please check Identity PowerToys out and you'll find Merill's contact information on the home page.