Free, open-source Microsoft 365 security assessment tool. Evaluates 23 findings, auto-remediates with rollback, generates professional reports, and simulates attack chains. Windows, local, no data leaves your machine.

Free, self-hosted M365 configuration drift monitoring. Baseline your tenant, detect changes at the property level, and restore in one click. For MSSPs and admins.

PowerShell security reporting framework for Microsoft 365 identity posture assessment. Analyzes Authentication Context, PIM, Conditional Access & more.

CA-PowerToys is a set of tools to help you manage Conditional Access policies. It is a command line tool that can be used to export, import, and clean up Conditional Access policies and associated Groups, helping to implement a Policy-as-Code approach.

Tools to help implement Conditional Access Policies in Azure AD

This solution is designed for an Azure Runbook to assign users to two Entra ID (AzureAD) groups based on their MFA capability (capable / non-capable).

Sign-in a user with the Microsoft Identity Platform and call an ASP.NET web API that calls a downstream Web API with Conditional Access

Een leuk framework voor Conditional Access. In mijn Blogs kan je mijn beredenering volgen en een stukje instructie.🥰

You wonder how to manage your travelers ? In this scenario we describe how to manage them with Identity Governance and Conditional Access.

Contains Entra Related PowerShell Scripts and Entra Related KQL for Logs in Log Analytics

An interactive powershell script for Azure/Entra. Creates a set of conditional access policies that will provide improved security over Microsoft's "Security Defaults". This script is primarily for less mature orgs that are perhaps still using Microsofts "Security Defaults" or only have very basic conditional access policies in place.

Sample policies to implement a Zero Trust User Access strategy using Entra ID Conditional Access

Sample on how to get Conditional Access Policies and Network Settings using API

Open-source security toolkit for M365 and other cloud platforms.

Deployment of Zero Trust, persona-based Azure AD Conditional Access Policies via Microsoft Graph, utilizing PowerShell.

Browser-only passkey readiness scanner for Microsoft Entra ID — PKCE-authenticated SPA that classifies users into 4 readiness tiers and flags Conditional Access blockers without sending tenant data anywhere

Simulate Microsoft Entra Conditional Access policy evaluation

Automated ISO 27001 control assurance using NIST OSCAL. Single-container app that queries Microsoft Entra ID Conditional Access policies, evaluates MFA enforcement for guest users, and produces audit-ready OSCAL artifacts — end-to-end, in real time.

Enterprise-grade Entra ID security automation - from zero to hardened in 3 phases

Read-only M365 security assessment instrument. Maps Exchange Online and Entra ID controls to NIST SP 800-53, CIS v8.1, HIPAA current rule, and HIPAA NPRM proposed rule. Produces structured markdown findings.