XIA Configuration Server

Microsoft Entra Conditional Access Documentation Tool

Automatically document your Microsoft Entra Conditional Access policies with XIA Configuration Server. Generate clear, comprehensive documentation and reports covering assignments, conditions, grant controls, session controls, authentication strength, and policy relationships to support auditing, compliance, and security reviews.

The Microsoft Entra Directory Conditional Access icon.

Conditional Access Policies

XIA Configuration documents detailed information about your Microsoft Entra Conditional Access policies, giving administrators full visibility of how access is enforced across users, groups, roles, and applications.

  • Policy name, description, and unique identifier.
  • Assignments including users, groups, roles, and applications targeted by the policy.
  • Conditions such as device platform, locations, client apps, sign‑in risk, and user risk.
  • Grant controls including MFA requirements, authentication strength, and access restrictions.
  • Session controls including sign‑in frequency, persistent browser sessions, and app‑enforced restrictions.
  • Policy state including enabled, disabled, and report‑only modes.
  • Authentication strength requirements including passwordless and phishing‑resistant methods.
  • Policy relationships showing how each policy interacts with users, groups, roles, and applications.
The Entra Conditional Access icon.

Authentication Strengths

XIA Configuration documents detailed information about the authentication strength requirements configured within your Microsoft Entra Conditional Access configuration, helping administrators understand and verify the authentication methods enforced across their tenant.

  • Authentication strength name, description, and unique identifier.
  • Required authentication methods such as Microsoft Authenticator, FIDO2 security keys, Windows Hello for Business, and certificate‑based authentication.
  • Phishing‑resistant authentication requirements including FIDO2 and certificate‑based authentication.
The Entra Conditional Access authentication strengths icon.

Detect Entra Conditional Access policies that use BETA (Preview) features

Conditional Access policies that rely on Microsoft Entra BETA only (preview) features do not appear in tools, PowerShell cmdlets, or APIs that use the v1.0 Graph endpoint. This can lead to missing policies in audits, incomplete reporting, and gaps in visibility across your tenant.

XIA Configuration Server automatically detects and documents Conditional Access policies that use BETA features and highlights them clearly in your documentation, ensuring you always have a complete and accurate view of your policy configuration.

A code window icon that represents a BETA version.

Compare Conditional Access Policy Configurations

Using XIA Configuration's powerful configuration comparison feature you can:

  • Detect unauthorized modifications or configuration drift for your Conditional Access configuration.
  • Ensure consistent configuration by comparing settings across development, test, and production tenants.
  • Compare individual Conditional Access Policies for differences.
Screenshot of an Entra Directory configuration comparison component selection.
XIA Configuration allows you to select what components to compare.
Screenshot of an Entra Directory configuration comparison.
XIA Configuration automatically detects differences between Entra Directory configurations including the configuration of Conditional Access and individual Conditional Access Policies.

Microsoft Entra Conditional Access documentation FAQ

Here are answers to the most common questions about documenting Microsoft Entra Conditional Access with XIA Configuration.

Does XIA Configuration need an agent installed to document Conditional Access?

No. XIA Configuration is completely agentless. Conditional Access policies are retrieved securely via Microsoft Graph, with no software installed in your tenant.

Why is Conditional Access documentation important?

Conditional Access is one of the most critical security controls in Microsoft Entra. Documenting your policies provides clear visibility of assignments, conditions, and enforcement rules, helping IT teams manage change, troubleshoot access issues, and demonstrate compliance.

What Conditional Access information does XIA Configuration document?

XIA Configuration documents assignments, conditions, grant controls, session controls, authentication strength, policy state, and relationships between policies, users, groups, roles, and applications.

Can XIA Configuration document multiple Conditional Access policies?

Yes. XIA Configuration inventories all Conditional Access policies in your Microsoft Entra tenant and provides a unified, structured view of their configuration.

Can I track changes to Conditional Access policies over time?

Yes. Using the Data Comparer, you can compare Conditional Access documentation between scans to identify added, removed, or modified policies, helping detect configuration drift and support audit requirements.

What export formats are available for Conditional Access documentation?

Documentation can be exported to PDF and Microsoft Word (DOCX) formats, making it easy to share, review, and include in audit packs or compliance reports.

Does XIA Configuration support documenting authentication strength requirements?

Yes. XIA Configuration documents authentication strength settings, including requirements for multi-factor authentication and phishing-resistant methods.