Home
PowerShell
Get-MgIdentityConditionalAccessPolicy

How to get conditional access policies using Microsoft Graph PowerShell

Conditional access policies control access to data and cloud apps by enforcing security requirements based on sign-in context. Using the Get-MgIdentityConditionalAccessPolicy cmdlet, you can retrieve, analyze, and review all conditional access policies in your Microsoft Entra tenant, supporting compliance and ongoing risk management.

This article shows you how to get conditional access policies using both the Microsoft Entra admin center and Microsoft Graph PowerShell:

M365 admin center
PowerShell

Get conditional access policies using Microsoft Entra admin center

The Entra admin center provides a graphical interface to visualize and review all conditional access policies:

Go to Microsoft Entra admin center.
Select Security > Conditional Access.
Select the policy you wish to update.
View, filter, and export policies for audit.

Get conditional access policies using Microsoft Graph PowerShell

Prerequisites

You’ll need the Policy.Read.All or Policy.ReadWrite.ConditionalAccess permissions and Microsoft Graph PowerShell installed. Install and connect to Microsoft Graph PowerShell by running the script below:


                                  Install-Module Microsoft.Graph -Scope CurrentUser
Connect-MgGraph -Scopes "Policy.Read.All"

Using the Get-MgIdentityConditionalAccessPolicy cmdlet

Simply run the cmdlet to list all condition access policies:


                              Get-MgIdentityConditionalAccessPolicy

Examples

Example 1: Get details for a specific policy


                             Get-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId "policy-id"

Example 2: Get only the names and states of all policies


                              Get-MgIdentityConditionalAccessPolicy | Select-Object DisplayName, State

Supported parameters

The following essential parameters can be used along with the Get-MgIdentityConditionalAccessPolicy cmdlet:

Parameter	Description
-ConditionalAccessPolicyId	Policy ID to retrieve.
-Top	Limit number of CA policies returned.
-Filter	OData filter expression.
-ExpandProperty	Include related entities inline.
-Select	Project only desired properties.
-All	Retrieves all results by paging.
-Headers	Custom HTTP headers.

Limitations of using native tools to get conditional access policies

PowerShell commands can get complex with different use cases and scenarios.
IT admins can spend a lot of time troubleshooting errors, which negatively impacts productivity.
Delegation can get tricky since technicians require elevated permissions.

How ADManager Plus helps you manage Microsoft Entra ID

ADManager Plus, an identity governance and administration solution with comprehensive Microsoft Entra ID management and reporting capabilities, simplifies complex admin tasks from a single, user-friendly console:

Manage Entra ID users, contacts, groups, licenses, and other objects with a script-free, centralized console.
Reduce human errors by automating user provisioning, deprovisioning, and license assignment across various platforms.
Delegate Entra ID tasks to technicians without elevating their native privileges.
Keep a watchful eye with 200+ pre-packaged reports for your Entra ID and AD environments.
Monitor delegated activities through smart workflows.
Ensure business continuity with AD, Entra ID, and Google Workspace backup and recovery

Perform script-free Microsoft Entra ID management and reporting with ADManager Plus

Try it now for free

Related features:

Related Powershell Guides: