Skip to content

V20260518

Choose a tag to compare

View all tags
@zh54321 zh54321 released this 18 May 19:48
· 8 commits to main since this release
V20260518
0946ffd

General

  • Improved: Main table action bar layout, row-count selector, and filtered summary.
  • Improved: View sharing now preserves filters, visible columns, and sorting more reliably. Furthermore, copying can include either the full URL or only the query string (if CTRL is pressed).
  • Improved: Send-GraphBatchRequest now supports configurable MaxBatchSize which helps to avoid throttling.

PIM for Groups Report (Beta)

  • Added: A new dedicated PIM for Groups report. The report provides direct visibility into the settings of PIM-enabled group roles (Member and Owner) and helps identify where important activation controls, such as authentication context, MFA, approval, notifications, and limited activation duration, are missing, weak, or inconsistently applied.

Overview table:
image

Detailed role setting:
image

Enterprise Applications

  • Added: Detection of enterprise applications whose AppId matches a list of known malicious OAuth applications, including source references in report output.

Entra Agent ID

  • Fixed: Agent Identity, Agent Blueprint Principal, and Agent Blueprint reports are no longer written when there are no corresponding objects to report.
  • Added: Enabled status to the Agent Identity Blueprint report and detail views.
  • Added: Enumeration of Agent Identity Blueprints owned by Enterprise Applications and Managed Identities, including ownership counts and detail links.

Security Findings

  • Added: ENT-013 security finding for Enterprise Applications whose AppId matches known malicious OAuth applications.
  • Changed: ENT-012 now uses Requires Verification confidence because privileged Azure role impact depends heavily on scope and resource context.
  • Changed: PIM-002 now suppresses active Tier-0 violations for groups where reachable access is only available through eligible PIM-for-Groups relationships.
  • Changed: CAP-007 and CAP-008 now use tighter risk-policy scope checks.
  • Changed: GRP-005 no longer includes Tier-2 and Tier-3 Azure roles, reducing finding noise.
  • Improved: Links to affected objects were adjusted for several findings.
  • Improved: The findings-by-category chart now uses dynamic height to avoid skipped Y-axis labels.

Users

  • Added: New preset view Unnecessary Synced Users for enabled on-prem synchronized users older than 90 days with no recorded sign-in.
  • Changed: The Users Without MFA Methods preset view now excludes Entra Connect synchronization accounts.
Assets 2
Loading