Best (non-MS) resources on Conditional Access as Code

Cory Zaner asked: do you know if it (Conditional Access) can be automated?

Well, most things in IT can be automated, and in the Microsoft world this is generally the case with any aspect of Azure - but in the M365 Defender Security space this is generally limited to Operational items - but Conditional Access is one area that can be Automated.

So unlike most of the other Features in M365 Defender, this can be modified by API access - the best set of resources that I know of (in order) would be:

• Thomas N. - https://www.cloud-architekt.net/speaking/ The most recent deck – 2022-06-11 Scottish Summit 2022 “Deploying and Managing Conditional Access at Scale” Slides
• Excellent article here that is really worth the time reading as this will highlight how to enable this in detail: https://www.cloud-architekt.net/aadops-conditional-access/

He also points out the others that have done great work in this space:

• Fortigi/ConditionalAccess (github.com)
• AlexFilipin/ConditionalAccess (github.com)
• DanielChronlund/DCToolbox: Tools for Microsoft cloud fans (github.com)

One important point – don’t get caught up trying to manage GUID’s:

• Fortigi has published some build scripts on GitHub?to convert those GUIDs to readable display names.
• This also covers known GUIDs such as AAD Role and Application ID to DisplayName.