KQL Queries. Microsoft Defender, Microsoft Sentinel

Repository to host Zero Trust Lab Guide docs

Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL

Microsoft Security Copilot is a generative AI-powered security solution that helps increase the efficiency and capabilities of defenders to improve security outcomes at machine speed and scale, whi…

This is resources for various prompts I find useful

8 Lessons, Kick-start Your Cybersecurity Learning.

onedrive user enumeration - pentest tool to enumerate valid o365 users

Repository hosting a static list of Microsoft First party apps and Graph permissions that's updated daily

A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, i…

Sample queries for Advanced hunting in Microsoft 365 Defender

Sample PowerShell module and scripts for managing Azure AD Identity Protection service

The repository contains artifacts to create and publish reports, alerts, and dashboards based on Azure AD B2C logs. These artifacts can also be used for Security Information & Event Management (SIE…

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

Automation to assess the state of your M365 tenant against CISA's baselines

Tools to help implement Conditional Access Policies in Azure AD

Open source documentation of Microsoft Azure