This metric will return a complete list of Azure AD Conditional Access policies and a list of excluded users for each policy. This is difficult because the policies only contain a list of user's ID, not their display names.

Policies.ConditionalAccess[].{ca_displayName: displayName, user_displayName: join(', ', map_by_key(conditions.users.excludeUsers[].{id: @}, ~.Users[], )[].displayName)}[].join(': ', [ca_displayName, to_string(user_displayName)])