auditing-azure-active-directory-configuration
Installation
SKILL.md
Auditing Azure Active Directory Configuration
When to Use
- When performing a security assessment of an Azure tenant's identity configuration
- When compliance audits require review of authentication policies, MFA enforcement, and role assignments
- When onboarding a new Azure tenant after merger or acquisition
- When investigating suspicious sign-in activity or compromised accounts
- When validating conditional access policies adequately protect against identity-based attacks
Do not use for on-premises Active Directory auditing (use PingCastle or BloodHound AD), for Azure resource-level RBAC auditing without identity context, or for real-time threat detection (use Microsoft Defender for Identity).
Prerequisites
- Global Reader or Security Reader role in the target Microsoft Entra ID tenant
- Microsoft Graph PowerShell SDK installed (
Install-Module Microsoft.Graph) - Az CLI authenticated to the target tenant (
az login --tenant TENANT_ID) - ScoutSuite with Azure provider configured for automated assessment
- Access to Azure AD audit logs and sign-in logs (requires Azure AD Premium P1/P2)