Skip to content

Releases: CompassSecurity/EntraFalcon

V20250612

12 Jun 19:54
@zh54321 zh54321
V20250612
432fc37

Choose a tag to compare

View all tags
V20250612

Changelog

General

  • Improved: Added new internal function Format-ReportSection for faster TXT formatting.

Enterprise Apps Enumeration

  • Improved: User GUID is now resolved for delegated permissions
  • Fixed: Corrected formatting issues in the TXT report.

Groups Enumeration

  • Improved: Multiple adjustments for faster processing in large tenants.

Users Enumeration

  • Fixed: Added $null check to prevent errors when user creation date is $null.
  • Improved: Multiple adjustments for faster processing in large tenants.

App Registration

  • Fixed: Corrected formatting issues in the TXT report.

Conditional Access Policies

  • Fixed: Named location name was not displayed.
  • Fixed: Corrected formatting issues in the TXT report.

Full Changelog: V20250522...V20250612

Loading

V20250522

22 May 18:17
@zh54321 zh54321
V20250522
0aa452e

Choose a tag to compare

View all tags
V20250522

Changelog

General

  • Improved: API requests now use the $top parameter to retrieve more objects per request, reducing the total number of HTTP calls. (Performance improvement in large tenants)
  • Improved: Tuned status reporting for each section.
  • Fixed: Ensured cleanup of a previously missed global variable.
  • Improved: Updated Send-GraphBatchRequest to the latest version.

Groups Enumeration

  • Improved: Replaced additional += operations in loops with preallocated lists. (Performance improvement)
  • Added: Verbose mode now includes a performance summary.

Users Enumeration

  • Added: Verbose mode now includes a performance summary.

Full Changelog: V20250517...V20250522

Loading

V20250517

17 May 20:26
@zh54321 zh54321
V20250517
72b7e72

Choose a tag to compare

View all tags
V20250517

Changelog

General

  • Improved: Updated Send-GraphBatchRequest – all pagination requests are now batched, drastically reducing the number of HTTP requests. (Performance improvement)
  • Added: New parameter -LimitResults to limit the number of groups / users in the report (after sorting by risk). Useful for large tenants.

Groups

  • Improved: Replaced all += array operations in loops with preallocated lists. (Performance improvement)
  • Added: Warning displayed for tenants with a high number of groups or transitive member relationships, recommending the use of -LimitResults.
  • Improved: Transitive memberships are now built locally instead of retrieved from the Graph API. (Performance improvement)
  • Improved: More detailed output in Verbose mode.
  • Improved: Reduced the number of properties requested from the Graph API; values are now resolved later using hashtables. (Performance improvement)
  • Improved: Migrated code away from Where-Object pipelines to more efficient logic. (Performance improvement)
  • Improved: Optimized processing of nested groups. (Performance improvement)
  • Removed: User department and job title details removed from the group report. (Performance improvement)
  • Improved: Reduced object size passed to other enumeration functions. (Performance improvement)
  • Improved: Adjusted object formatting for TXT output to avoid the expensive Format-Table operation. (Performance improvement)
  • Improved: Group likelihood scoring based on member users now uses square root scaling to prevent score inflation in large tenants.

Users

  • Improved: Migrated portions of code using Where-Object to optimized alternatives. (Performance improvement)
  • Improved: Reduced unnecessary Graph API parameters; properties are resolved using hashtables. (Performance improvement)
  • Improved: Replaced some += in loops with more efficient structures. (Performance improvement)
  • Improved: Updated Send-BatchRequest with a new parameter that allows disabling automatic pagination. (Performance improvement a specific case)
  • Improved: Reduced object size passed to other enumeration functions. (Performance improvement)
  • Improved: More detailed output in Verbose mode.

Full Changelog: v20250508...V20250517

Loading

V20250508

08 May 18:58
@zh54321 zh54321
v20250508
2d94a55

Choose a tag to compare

View all tags
V20250508

Changelog

Enterprise Applications

  • Fixed: Inactivity state was incorrectly set when there was no sign-in at all.

HTML Report

  • Improved: Enhanced sorting logic for columns containing a mix of numbers and text.

Users

  • Added: Added more detailed verbose messages for transitive group memberships.

Full Changelog: V20250506...v20250508

Loading

V20250506

06 May 17:51
@zh54321 zh54321
V20250506
68757fc

Choose a tag to compare

View all tags
V20250506

Changelog

Conditional Access Policies

  • Added: RoleCheck 1 to verify if all Tier 0/1 Entra roles (with assignments) are included when more than 4 roles are targeted in a policy
  • Added: RoleCheck 2 to detect included roles which have scoped assignments
  • Added: Additional PresetView Conditional Access Policies with session controls
  • Improved: Split multiple AuthFlowMethods using spaces for better formatting
  • Improved: Show SessionControls count in the table
  • Improved: Adjusted some warning messages
  • Improved: Enhanced detection of policies blocking legacy authentication (Detection will not trigger if all four app types are selected)

Users

  • Fixed: Incorrect number of app roles
  • Fixed: Incorrect warning message for potentially sensitive app roles

Enumeration Summary

  • Fixed: Incorrect number of PIM-onboarded groups when PfG was not enumerated

Overall

  • Added: Started the implementation of a -Verbose mode

Full Changelog: V20250502...V20250506

Loading

V20250502

02 May 10:10
@zh54321 zh54321
V20250502
5283f9a

Choose a tag to compare

View all tags
V20250502

User Module

  • Fixed Issue #1 : Polluted return object in Invoke-CheckUsers

Full Changelog: https://github.com/CompassSecurity/EntraFalcon/commits/V20250502

Loading