NLBaselineCA

1.0.0

Public/Export-NLBaselineCAPolicies.ps1

function Export-NLBaselineCAPolicies {
    <#
    .SYNOPSIS
    Export all Conditional Access policies to local files
     
    .DESCRIPTION
    Retrieves all Conditional Access policies from Microsoft 365 and saves them locally
     
    .EXAMPLE
    Export-NLBaselineCAPolicies
    #>
    
    [CmdletBinding()]
    param()
    
    try {
        # Check connection (app registration doesn't have Account property)
        $context = Get-MgContext -ErrorAction SilentlyContinue
        if (-not $context -or -not $context.TenantId) {
            Write-Host "Not connected to Microsoft 365. Connecting..." -ForegroundColor Yellow
            Write-Host ""
            $connection = Connect-NLBaselineCA
            if (-not $connection) {
                Write-Error "Cannot connect to Microsoft 365"
                return
            }
        }
        else {
            if ($context.Account) {
                Write-Host "Connected as: $($context.Account)" -ForegroundColor Green
            }
            else {
                Write-Host "Connected to tenant: $($context.TenantId)" -ForegroundColor Green
            }
            Write-Host ""
        }
        
        # Get module configuration
        $moduleConfigPath = Get-ConfigPath
        if (-not (Test-Path $moduleConfigPath)) {
            Write-Error "Module configuration not found. Run Quick Start first."
            return
        }
        
        $moduleConfig = Get-Content $moduleConfigPath | ConvertFrom-Json
        $storagePath = $moduleConfig.StoragePath
        
        if (-not (Test-Path $storagePath)) {
            Write-Error "Storage path not found: $storagePath. Run Quick Start to configure."
            return
        }
        
        if (-not (Test-Path $storagePath)) {
            New-Item -Path $storagePath -ItemType Directory -Force | Out-Null
        }
        
        Write-Host "Retrieving Conditional Access policies..." -ForegroundColor Yellow
        
        # Get all Conditional Access policies using helper function with REST API fallback
        $policies = Get-AllConditionalAccessPolicies
        
        if (-not $policies -or $policies.Count -eq 0) {
            Write-Host "No policies found to export." -ForegroundColor Yellow
            return
        }
        
        Write-Host "Found: $($policies.Count) policies" -ForegroundColor Green
        
        # Create policies directory
        $policiesPath = Join-Path $storagePath "Policies"
        if (-not (Test-Path $policiesPath)) {
            New-Item -Path $policiesPath -ItemType Directory -Force | Out-Null
        }
        
        # Export each policy
        $exportedCount = 0
        foreach ($policy in $policies) {
            $fileName = "$($policy.DisplayName).json"
            $filePath = Join-Path $policiesPath $fileName
            
            # Sanitize filename
            $fileName = $fileName -replace '[<>:"/\\|?*]', '_'
            $filePath = Join-Path $policiesPath $fileName
            
            # Convert policy to JSON and save
            $policyJson = $policy | ConvertTo-Json -Depth 10
            $policyJson | Out-File -FilePath $filePath -Encoding UTF8
            
            $exportedCount++
            Write-Host " Exported: $fileName" -ForegroundColor Gray
        }
        
        Write-Host ""
        Write-Host "Export completed: $exportedCount policies saved to $policiesPath" -ForegroundColor Green
        
        # Create summary file
        $summary = @{
            ExportDate = (Get-Date).ToString("yyyy-MM-dd HH:mm:ss")
            TotalPolicies = $policies.Count
            ExportedPolicies = $exportedCount
            PoliciesPath = $policiesPath
        }
        
        $summaryPath = Join-Path $storagePath "export-summary.json"
        $summary | ConvertTo-Json | Out-File -FilePath $summaryPath -Encoding UTF8
    }
    catch {
        Write-Error "Error exporting policies: $_"
    }
}