Skip to content

V20250715

Choose a tag to compare

@zh54321 zh54321 released this 15 Jul 04:41
· 72 commits to main since this release

Changelog

General

  • Added: New ApiTop parameter to control the number of objects returned per API call. Useful for avoiding HTTP 504 errors caused by slow Microsoft infrastructure. Valid range: 5–999 (default: 999).
  • Fixed: Corrected formatting issues in various TXT reports.
  • Improved: Refined multiple texts for better clarity.
  • Improved: Updated the README with instructions on cloning the repository and handling PowerShell execution policies.

PIM for Entra ID Roles

  • Added: First Beta version of the PIM enumeration for Entra ID roles. The new report includes PIM settings for all Entra ID roles and performs several security checks:
    • Activation duration Tier-0 roles ≤ 4h / Tier-1 roles ≤ 12h
    • Permanent active assignment is disabled (except for GA because of breakglass accounts)
    • Checks whether:
      • Role activations require approval OR
      • Authentication Context (AC) is used and has a linked CAP
    • If an AC is used, it further verifies the linked Conditional Access Policy:
      • CAP is enabled
      • CAP is scoped to all users (no exclusions)
      • No other conditions are configured (e.g., Networks, Risks, Platforms, App Types, Auth Flow)
      • MFA or Authentication Strength is configured
      • Sign-in frequency is set to Every time

alt text

Entra ID Roles

  • Improved: Enhanced sorting of roles based on their tier classification.

Conditional Access Policies

  • Added: Sign-in frequency settings are now displayed in the Conditional Access Policies (CAP) table (hidden by default).

Groups Enumeration

  • Fixed: In PIM for Groups scenarios, the eligible group ownership status was not shown correctly in the details section.
  • Added: New preset view: PIM for Groups PrivEsc. This filter highlights protected groups that have unprotected groups as owners or members, indicating potential privilege escalation paths.

Full Changelog: V20250612...V20250715