Skip to content

v0.3.0 — Per-domain depth: Identity + DNS

Choose a tag to compare

@ibondarenko1 ibondarenko1 released this 23 May 18:29

14 new checks across Identity and DNS domains. Total findings on mock run: 42 (was 30 in v0.2).

New Identity checks (+8)

  • Authentication methods policy (SMS deprecated, FIDO2 enablement)
  • Application consent policy (permissive default = consent-phishing exposure)
  • Service principal inventory + credential expiration within 60 days
  • Named locations defined
  • Cross-tenant access policy unrestricted inbound
  • Sign-in risk policy enabled (Identity Protection)
  • Self-service password reset enabled
  • Standing-admin multi-role detection refined

New DNS checks (+6)

  • CAA records configured (control which CAs can issue certs)
  • DNSSEC enabled (DS record at parent)
  • SPF lookup count nearing RFC 7208 max 10 (PermError risk)
  • DMARC sub-policy (sp=) explicitly defined
  • DKIM key strength manual-verification guidance
  • MX backup record awareness

Schema v1.1 — documentation_url field

Findings now carry an optional documentation_url pointing to authoritative external reference (Microsoft Learn, NIST, RFC). Generate-Report surfaces these as inline links.

Backward compatible — findings without the field continue to validate.

Test coverage

114 Pester tests passing. End-to-end mock run produces 42 findings across 5 domains.

Next: v0.4 (Sentinel + Defender O365 depth)

Per ROADMAP.md: Sentinel +10 checks (data connectors, workbooks, hunting queries, playbooks, watchlists, threat indicators, ML/UEBA, solutions, ingestion baselines), Defender O365 +10 checks (quarantine policies, priority account protection, ZAP, attack simulation, Safe Documents, anti-spoofing, outbound spam thresholds, connection filter, transport rules, bulk threshold).