auditing-azure-active-directory-configuration

Featured

Auditing Microsoft Entra ID (Azure Active Directory) configuration to identify risky authentication policies, overly permissive role assignments, stale accounts, conditional access gaps, and guest user risks using AzureAD PowerShell, Microsoft Graph API, and ScoutSuite.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Auditing Azure Active Directory Configuration ## When to Use - When performing a security assessment of an Azure tenant's identity configuration - When compliance audits require review of authentication policies, MFA enforcement, and role assignments - When onboarding a new Azure tenant after merger or acquisition - When investigating suspicious sign-in activity or compromised accounts - When validating conditional access policies adequately protect against identity-based attacks **Do not use** for on-premises Active Directory auditing (use PingCastle or BloodHound AD), for Azure resource-level RBAC auditing without identity context, or for real-time threat detection (use Microsoft Defender for Identity). ## Prerequisites - Global Reader or Security Reader role in the target Microsoft Entra ID tenant - Microsoft Graph PowerShell SDK installed (`Install-Module Microsoft.Graph`) - Az CLI authenticated to the target tenant (`az login --tenant TENANT_ID`) - ScoutSuite with Azure provider configured for automated assessment - Access to Azure AD audit logs and sign-in logs (requires Azure AD Premium P1/P2) ## Workflow ### Step 1: Enumerate Tenant Configuration and Security Defaults Assess the tenant's baseline identity security settings including security defaults and legacy authentication status. ```powershell # Connect to Microsoft Graph Connect-MgGraph -Scopes "Directory.Read.All","Policy.Read.All","AuditLog.Read.All" # Get tenant details Get-MgOrganization | Select-...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Azure · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

detecting-misconfigured-azure-storage

Detecting misconfigured Azure Storage accounts including publicly accessible blob containers, missing encryption settings, overly permissive SAS tokens, disabled logging, and network access violations using Azure CLI, PowerShell, and Microsoft Defender for Storage.

12,642 Updated today
mukul975
AI & Automation Solid

detecting-azure-storage-account-misconfigurations

Audit Azure Blob and ADLS storage accounts for public access exposure, weak or long-lived SAS tokens, missing encryption at rest, disabled HTTPS-only traffic, and outdated TLS versions using the azure-mgmt-storage Python SDK.

12,642 Updated today
mukul975
AI & Automation Solid

azure-security-scanner

Azure security configuration scanning and hardening using Azure Security Center, Azure Policy, and ScoutSuite

1,034 Updated today
a5c-ai
AI & Automation Featured

detecting-azure-lateral-movement

Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel KQL hunting queries, and sign-in anomaly correlation to identify privilege escalation, token theft, and cross-tenant pivoting.

12,642 Updated today
mukul975
AI & Automation Solid

detecting-suspicious-oauth-application-consent

Detect risky OAuth application consent grants in Azure AD / Microsoft Entra ID using Microsoft Graph API, audit logs, and permission analysis to identify illicit consent grant attacks.

12,642 Updated today
mukul975