In this repository you can find several scripts that can help you understand MS Graph Security better, support your learning, and help you to secure your environment better.
DO NOT use the scripts in this repository with a malicious intent or against an environment that is not managed by you and/or your organization.
- “Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments” by Matt Burrough
- Not specifically about MS Graph, but the information definitely supports your Azure Application Security Knowledge
- https://github.com/Azure/Cloud-Katana
- https://learn.microsoft.com/en-us/graph/permissions-reference
- https://aka.ms/AzureADSecOps
- https://aka.ms/IRPlaybooks
- https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-graph-activity-logs-is-now-generally-available/ba-p/4094535
- https://learn.microsoft.com/en-us/graph/microsoft-graph-activity-logs-overview
- https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-mfa-get-started
- https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/identity-secure-score
- https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-secure-remote-workers
- https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/five-steps-to-full-application-integration-withazure-ad
- https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
- https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication
- https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/detect-and-remediate-�illicit-consent-grants