Awesome Entra

A curated list of awesome Microsoft Entra tools, guides, and other resources.

Contents

• Merill's newsletter & podcast
• Mind Map
• Learning Hubs
• Presentations
• aka.ms
• Tools
• Community
• YouTube
• Podcast
• Bluesky
• Twitter
• LinkedIn
• Blogs

Merill's newsletter & podcast

• Entra.News - Weekly round up of the latest Microsoft Entra news from Microsoft and the community.
• Entra.Chat - Weekly podcast on Entra featuring seasoned Entra practitioners and Microsoft Entra product group team members.

Mind Map

• Microsoft Entra Mind Maps - Visual representation of Microsoft Entra and its components with links to docs. Includes Entra Roles mindmap.

Learning Hubs

These learning hubs are maintained by Microsoft Entra's Customer Experience Engineering (CxE) team.

• Global Secure Access - Resource Hub - Knowledge hub for all things GSA.
• Microsoft Entra ID Governance Training Hub - Tools, documentation, and training materials to master ID Governance.

Presentations

• Entra Slide Decks - Merill's collection of Entra related presentations.

aka.ms & cmd.ms

• cmd.ms/portals/azuread - Complete list of shortcuts to blades in the Entra portal.
• aka.ms/commands - List of common Microsoft short links.
• msportals.io - Links to all Microsoft admin portals.
• aka.ms/entratemplates - Email templates & posters to roll out Microsoft Entra features like MFA, SSPR, and more.
• aka.ms/entraidac - Microsoft Entra ID Admin Center
• aka.ms/myapps - My Apps
• aka.ms/myaccount - My Account
• aka.ms/my-groups - My Groups
• aka.ms/my-access - My Access Packages
• aka.ms/mystaff - My Staff
• aka.ms/mysecurity, aka.ms/mysecurityinfo - My Security Info
• aka.ms/mysignins - My Sign-ins
• aka.ms/pim - Privileged Identity Management - Roles
• aka.ms/pimg - Privileged Identity Management - Groups
• aka.ms/pimr - Privileged Identity Management - Roles
• aka.ms/pimz - Privileged Identity Management - Azure Resources
• aka.ms/sspr - Self Service Password Reset
• aka.ms/mfasetup - Alternative for My Security Info
• aka.ms/entradocs - Microsoft Entra Technical Documentation
• aka.ms/graphref - Microsoft Graph REST API Reference - v1.0
• aka.ms/graphrefbeta - Microsoft Graph REST API Reference - Beta

Tools

Microsoft Product Downloads

• Microsoft Entra Application Proxy
• Microsoft Entra Connect
• Microsoft Entra Provisioning Agent
• Microsoft Entra Connect Health agents

CLI

• 365AutomatedLab - Create a Microsoft 365 Test Environment using a test data from an Excel workbook.
• AADInternals - PowerShell toolkit for administering and hacking Azure AD and Microsoft 365.
• AzADServicePrincipalInsights - Insights and change tracking on Service Principals/ Applications and Managed Identities (outputs html, csv, json).
• Azure AD Assessment aka.ms/AzureADAssessmentTools - Guidance to assess the health of an Azure AD tenant and provide best practice guidance / recommendations.
• Azure-AccessPermissions - Script to enumerate access permissions in an Azure Active Directory environment
• AzureADTenantID - PowerShell module to retrieve the TenantID for an Azure AD Tenant.
• AzurePrivilegedIAM - Docs and samples for privileged identity and access management in Microsoft Azure and Microsoft Entra
• AzurePasswordProtectionCalculator - Calculator for Azure Password Protection
• BadZure - A tool to simulate common Entra security misconfigurations.
• BloodHound - BloodHound uses graph theory to reveal hidden relationships and attack paths in an Active Directory environment that would otherwise be impossible to quickly identify.
• CA Optics - Conditional Access gap analyzer
• ConditionalAccessDocumentation - PowerShell module to document Conditional Access policies in Excel.
• ConvertTime - Convert Unix/Windows timestamps to a DateTime PowerShell Object. Get Unix/Windows time from a PowerShell DateTime Object.
• DCToolbox - Collection of tools for Conditional Access automation, what-if simulation and more.
• DIDSearcher - A PowerShell Module enabling simple methods for searching the ION and Web networks for DIDs to discover their keys and endpoints.
• EasyPIM - Manage PIM Azure Resource role and assignment with ease.
• Entra Exporter aka.ms/EntraExporter - PowerShell module that exports all the config and data of a Microsoft Entra tenant.
• Entra Export Template - Workflows for scheduled export of settings from an Entra tenant.
• EntraGoat - Deliberately vulnerable Microsoft Entra ID infrastructure to simulate security misconfigurations and attack vectors
• Evilginx - Man-in-the-middle attack framework
• family-of-client-ids-research - Research into Undocumented Behavior of Azure AD Refresh Tokens
• Graph PowerShell Sample Script Repository - aka.ms/graphsamples - Community contributed repository of common Graph PowerShell scripts
• GraphRunner - A Post-exploitation Toolset for Interacting with the Microsoft Graph API
• JWTDetails - Decode a JWT Access Token and convert to a PowerShell Object. PowerShell Object also includes the JWT Signature (sig), JWT Token Expiry (expiryDateTime) and JWT Token time to expiry (timeToExpiry).
• MicroBurst - PowerShell Toolkit for Attacking Azure.
• Microsoft365DSC - Manages, configures, extracts and monitors Microsoft 365 tenant configurations using PowerShell DSC
• Microsoft First Party AppNames aka.ms/AppNames - Repository hosting a daily updated csv/json of Microsoft first party app names and their GUIDs (useful for kql queries and scripts).
• Microsoft-Cloud-Group-Analyzer - Provides instant insights in what services, policies,... a given group or user is scoped to.
• Microsoft-Extractor-Suite - Invictus IR - PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
• MicrosoftGraphPS - Version manager for the Graph PowerShell SDK.
• MiniGraph - Minimal overhead Microsoft Graph client implementation for lean environment like Azure Functions
• MSIdentityTools aka.ms/msid - Collection of useful cmdlets for common Entra functionality.
• Passkey Provider AAGUID's - Programatically manage Passkey Providers AAGUIDs
• Ping Castle - Security Assessment Tool
• PKCE Code Verifier and Challenge Generator - Generate OAuth 2.0 Proof Key for Code Exchange (PKCE) 'code_challenge' and 'code_verifier' for use with an OAuth2 Authorization Code Grant flow.
• PSMSGraphBatchRequest - PowerShell module to transform data into Microsoft Graph Batch Requests.
• PowerZure - PowerShell project created to perform reconnaissance and exploitation of Azure, AzureAD, and the associated resources.
• ROADrecon - Tool for exploring information in Azure AD from both a Red Team and Blue Team perspective.
• ROPCI - Identify MFA gaps in your Entra configuration that allow API access through ROPC.
• ScoutSuite - Multi-Cloud Security auditing tool.
• ScubaGear - cisa.gov - PowerShell module developed by CISA to verify M365 tenant configuration confirms to Secure Cloud Business Applications (SCuBA) Security Configuration Baseline.
• StormSpotter aka.ms/StormSpotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects.
• TokenTactics - Tool to test and demonstrate the impact of token-based attacks on Microsoft Entra.
• TokenTacticsV2 - Fork of the great TokenTactics with support for CAE and token endpoint.
• Microsoft cloud group analyzer - Sript that provides insights in what services/policies/... a given group or user is scoped to.
• X509Details - Decode an X509 Certificate and present it as a PowerShell Object. Certificate PowerShell Object details updated to include the X509 Certificate time to expiry (timeToExpiry).
• EntraOps - Classify, identify and protect your privileges based on Enterprise Access Model
• Maester - Automated test framework for conditional access and Entra configuration

Web apps

• AADInternals - OSINT - OSINT web app that displays tenant information.
• API Token Tools - Web app to request OAuth 2.0 tokens and tools to help implement Certificate Based Authentication for App Registrations.
• Conditional Access Blueprint - Four tools to model and create CA policies.
• EntraPulse - AI-Powered Gateway to Microsoft Graph & Docs. Local and Cloud LLM support for Lokka and Docs/Learn MCP.
• Entra Scopes - The yellow pages of Microsoft first party apps. Includes filtering by scope, FOCI and more.
• Entra Sign-In Url Builder - Tool to generate OAuth 2.0 authorization URLs and admin consent urls. Handy for testing SSO.
• Graph Explorer aka.ms/ge - Graph Explorer is a web-based tool to help you understand and test Microsoft Graph APIs.
• Graph Permissions Explorer - Find out what Graph APIs are accessible for each Graph Permission Scope.
• idPowerToys - Microsoft Entra related power toys including a Conditional Access visualizer and Entra mind maps.
• SCIM Playground - SCIM Playground is a web-based tool to help you understand and test SCIM APIs.
• Tenant Lookup - Shows where tenant is located. Run by Microsoft 365 U.S. Government Programs team

Log Analytics, KQL, Logic Apps...

• Entra ID Security Config Analyzer (EIDSCA) - Monitor Entra ID security configuration using Log Analytics, Azure Workbook and Sentinel.
• Hunting Queries & Detection Rules - Azure Active Directory
• Automatically Exclude BreakGlass Group From Conditional Access - Logic App to automatically exclude a BreakGlass group from Conditional Access policies.
• EntraID-Group-Cleanup - Azure Runbook to automatically remove users from a group based on time of membership (e.g. 30 days).
• EntraID-MFA-DynamicGroup - Azure Runbook to automatically add users to a group based on MFA status.

Certifications

• Microsoft Certified: Identity and Access Administrator Associate
  • SC-300: Microsoft Identity and Access Administrator
  • SC-300: Learning Path
  • Study guide for Exam SC-300: Microsoft Identity and Access Administrator
  • SC-300 exam prep videos - Microsoft Learn
  • Course SC-300T00-A: Identity and Access Administrator
  • John Savill's SC-300 Cram - Playlist

Community

• Reddit /r/Entra - Subreddit for discussing Microsoft Entra.
• Discord discord.entra.news - Discord server for discussing Microsoft Entra.
• Slack - MacAdmins #microsoft-entra channel - Slack channel for discussing Microsoft Entra related to Apple devices.
• LinkedIn Group - Microsoft Entra - LinkedIn group for discussing Microsoft Entra.

YouTube

Channels

• Andy Malone (@AndyMaloneMVP), MVP
• John Craddock Identity and Access Training (@john_craddock), MVP
• John Savill (@NTFAQGuy), Microsoft
• Merill Fernando (@merillx)), Microsoft
• Peter Rising (@peterrisingM365), MVP
• RioCloudSync (@RioCloudSync), MVP
• Tech Mind Factory (@TechMindFactory), MVP
• Threatscape (@threatscape), MVP

Playlist

• Phishing Resistant Authentication in Microsoft Entra

Podcast

• Azure Security Podcast
• Entra Chat
• Ctrl+Alt+Azure

Shows

Entra ID Architecture Deep Dive

• Microsoft Entra ID Core Store: Data centers
• Microsoft Entra ID Core Store: Read and write replicas
• Microsoft Entra ID Core Store: Scale units

Awesome blog posts

These posts will make your head hurt, but in a good way.

• Microsoft Incident Response lessons on preventing cloud identity compromise

Bluesky

• Damien Bowden, MVP
• Merill Fernando, Microsoft
• Daniel Krzyczkowski, MVP
• Darren Robinson, MVP

Twitter

• Alex Simons (@Alex_A_Simons), Microsoft
• Ali Tajran (@alitajran)
• Andy Robbins (@_wald0), BloodHound
• Claus Jespersen, Microsoft
• Darren Robinson (@darrenjrobinson), MVP
• Daniel Krzyczkowski (@DKrzyczkowski), MVP
• Daniel Bradley (@DanielatOCN), MVP
• DebugPrivilege (@DebugPrivilege), Ex MVP
• Dirk-jan (@_dirkjan), ROADrecon
• Dr. Nestori Syynimaa (@DrAzureAD), AADInternals, Microsoft
• Erica Zelic (@EricaZelic)
• Fabian Bader (@fabian_bader), MVP
• Jan Bakker (@janbakker_), MVP
• Jef Kazimer (@jefkazimer), Microsoft
• Jeffrey Appel (@JeffreyAppel7), MVP
• Joe Stocker (@ITguySoCal), MVP
• John Savill (@NTFAQGuy), Microsoft
• Jon Jarvis (@jonjarvis), MVP
• Jon Towles (@m0bilej0n), MVP
• Joosua Santasalo (@SantasaloJoosua), MVP
• @inversecos
• Karl Fosaaen (@kfosaaen), MicroBurst
• Lukas Beran (@lukasberancz), Microsoft
• Marius Solbakken (@mariussolbakken)
• Matt Zorich (@reprise_99), Microsoft
• Matthew Levy (@mattchatt42), MVP
• Merill Fernando (@merill), Microsoft
• Nick Ludwig (@welcome2theDL), Microsoft
• Olaf Hartong (@olafhartong), MVP, MVP
• Pim Jacobs (@pimjacobs89), MVP, MVP
• mRr3b00t (@mRr3b00t)
• Nathan McNulty (@nathanmcnulty)
• Rod Trent (@rodtrent), Microsoft
• rootsecdev (@rootsecdev)
• Ryan Hausknecht (@Haus3c)
• Ryan Yates (@ryanyates1990), Former MVP in Cloud & Datacenter Management
• Sean Metcalf (@PyroTek3)
• Stian A. Strysse (@stianstrysse)
• Suryendu Bhattacharyya (@crookedbong)
• @SwiftOnSecurity
• Thomas Naunheim (@thomas_live), MVP, MVP
• Thijs Lecomte (@ThijsLecomte), MVP, MVP
• Tony Redmond (@12Knocksinna), MVP

LinkedIn

• Bailey Bercik, Microsoft
• Damien Bowden, MVP
• Jan Bakker, MVP
• Chetan Desai, Microsoft
• Christina Morillo, Ex-Microsoft
• Den D., Microsoft
• Eric Mannon, MVP
• Eric Woodruff, Semperis
• Katie Knowles, DataDog
• Mark Morowczynski, Microsoft
• Mark Wahl, Microsoft
• Tee Earls, Microsoft
• Daniel Krzyczkowski, MVP

Blogs

Microsoft Blogs

• Microsoft Entra Blog - aka.ms/identityblog
• Microsoft Entra Developer Blog
• Microosft Security Blog

Community Blogs

• 360 Thrive 365 - threesixtythrive365.com
• Admindroid Blog - blog.admindroid.com
• Alex Holmeset's Blog - alexholmeset.blog
• Alitajran - alitajran.com
• Andy Robbins - medium.com/@_wald0
• Blueboxes - blueboxes.co.uk
• Brian Reid - c7solutions.com
• Darren Robinson - blog.darrenjrobinson.com
• Lukas Beran - cswrld.com
• Call 4 Cloud - call4cloud.nl
• Charbel Nemnom - charbelnemnom.com
• Ciraltos - ciraltos.com
• Cloud Architekt - cloud-architekt.net
• Cloud Brothers - cloudbrothers.info
• Cloud Coffee - cloudcoffee.ch
• CloudTips - cloudtips.nl
• Damien Bowden - damienbod.com
• David Okeyode's Blog - davidokeyode.medium.com
• Derk van der Woude - derkvanderwoude.medium.com
• DirTeam - dirteam.com
• EMS Route - emsroute.com
• F12 - f12.hu
• Formula5 - formula5.com
• Good Workaround - goodworkaround.com
• Hamet Benoit's Blog - blog.hametbenoit.info
• Hans Brender - hansbrender.com
• Hybrid Brothers - hybridbrothers.com
• Identity Man - identity-man.eu
• Idefix Wiki - idefixwiki.no
• In The Cloud 24/7 - inthecloud247.com
• Intune IRL - intuneirl.com
• Icewolf's Blog - blog.icewolf.ch
• Jan Bakker - janbakker.tech
• Jeff Brown's Blog - jeffbrown.tech
• Julian Jakob - julianjakob.com
• Learning By Doing - learningbydoing.cloud
• Merill Fernando's Blog - merill.net
• MS Security - mssec.wordpress.com
• Matt Chatt - mattchatt.co.za
• Michev.info - michev.info
• Mike MDM - mikemdm.de
• MIM And Beyond - suryendub.github.io
• Mobile Jon - mobile-jon.com
• Myron Helgering - myronhelgering.com
• Nate Hutchinson - natehutchinson.co.uk
• Niels Kok - nielskok.tech
• Niklas Rast - niklasrast.com
• Oceanleaf - oceanleaf.ch
• O365 Reports - o365reports.com
• Our Cloud Network - ourcloudnetwork.com
• Prajwal Desai - prajwaldesai.com
• Poem to MDM - poemtomdm.fr
• Practical 365 - practical365.com
• Rod Trent's Substack - rodtrent.substack.com
• Rogier Dijkman - rogierdijkman.medium.com
• Rothe's Blog - blog.rothe.uk
• RootSecDev - rootsecdev.medium.com
• SCCMentor - sccmentor.com
• SCloud - scloud.work
• SMB to the Cloud - smbtothecloud.com
• Sander Van Rooij - svrooij.io
• Secure Cloud Blog - securecloud.blog
• SecureD IAM - securediam.com
• Silvio Di Benedetto - silviodibenedetto.com
• Sky Cliffs - skycliffs.wordpress.com
• Sky made simple - blog.skymadesimple.io
• Sonnes Cloud Blog - blog.sonnes.cloud
• Sysanddeploy - systanddeploy.com
• TBone - tbone.se
• That Lazy Admin - thatlazyadmin.com
• The New Control Plane - medium.com/the-new-control-plane
• Undocumented Features - undocumented-features.com
• Zero Trust - zerotrust.how
• Tech Mind Factory

User Groups

• Dutch Microsoft Entra Community