Detect Entra Conditional Access policies that use BETA (Preview) features using PowerShell

Published23 December 2025

Learn how to detect Entra Conditional Access policies that use BETA (Preview) features using Microsoft Graph PowerShell, and identify policies hidden from the v1.0 endpoint.

Summary

In a previous article we discussed how Entra Conditional Access policies can disappear from Microsoft Graph v1.0 when BETA (Preview) features are enabled.

In this article we provide a simple PowerShell script uses Microsoft Graph PowerShell to detect which policies use BETA (Preview) features.

To do this we perform the following steps:

  1. Enumerate all policies using the BETA endpoint, and

  2. Enumerate all policies using the v1.0 production endpoint, then

  3. Identify policies that appear in BETA but not in v1.0.

PowerShell code

# Connect to Microsoft Graph.
Connect-MgGraph -Scopes "Policy.Read.All"

# Get production (v1.0) policies
$prodPolicies = Get-MgIdentityConditionalAccessPolicy
$prodIds = $prodPolicies. Id

# Get all beta policies
$betaPolicies = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/identity/conditionalAccess/policies"

# Evaluate the policies
foreach ($betaPolicy in $betaPolicies .value)
 {
   if ($betaPolicy . id -in $prodIds) {
     Write-Output " $( $betaPolicy. displayName) : PRODUCTION"
   }
   else {
     Write-Output "$( $betaPolicy. displayName) : BETA"
   }
 }

 

Our Entra documentation tool - XIA Configuration Server can also detect Conditional Access policies that use BETA (Preview) features.