🛡️ Category

Security & Compliance

Threat protection, data loss prevention, audit logs, and alerts

Check BitLocker Encryption Status Reliably with PowerShell

Avoid false positives by validating encryption, protection, and key protectors together

intermediatesecuritycomplianceendpoint-managementwindowsautomation

Identify Users Signing In with SMS-Based Authentication

Find every user who authenticated via SMS (text-message MFA) in the last 30 days and flag them for migration to phishing-resistant methods.

intermediatesecuritycomplianceidentitymfaaudit

Audit Entra ID App Registrations for Expiring Secrets/Certificates and Privileged Permissions

Identify app registrations with credentials expiring soon and flag privileged service principals that are unused or stale

advancedsecuritycomplianceidentityprivileged-accesscredential-managementaudit

Investigate M365 Security Posture: Secure Score, Risky Users, and Admin MFA

Audit your Microsoft 365 tenant's security posture by reviewing Secure Score, privileged role assignments, admin MFA coverage, and high-privilege app registrations — then prioritize remediation.

intermediatesecurity-postureprivileged-accessmfa-coverageapp-governancecompliance-audit

Review Consent Phishing Protection and Attack Simulation Policies in Microsoft 365

Audit user consent settings and phishing simulation campaigns across Entra ID and Microsoft Defender

intermediatesecuritycomplianceidentityphishing-defenseaudit

Review Risky Sign-Ins for Impossible Travel, Unfamiliar Locations, and Repeated Failures

Audit weekend and off-hours sign-in activity in Microsoft Entra ID to surface compromise indicators and triage suspicious accounts

intermediatesecurityidentity-protectionauditincident-responseentra-id

Investigate and Contain a Potentially Compromised User Account

Review recent Entra sign-ins, identify risk indicators, revoke sessions, reset credentials, remove risky app access, and document the response.

advancedSecurityIdentityIncident ResponseAccess ControlCompliance

Audit Privileged Admin Roles for MFA, Stale Accounts, and Least Privilege

Identify Global Admins and other privileged role holders, verify MFA coverage, detect stale accounts, and produce a least-privilege cleanup plan.

intermediatesecuritycomplianceidentitygovernanceaudit

Investigate Conditional Access Sign-In Logs and Policy Configuration

Analyze Entra ID sign-in telemetry and CA policy posture to surface failures, gaps, and policy evaluation patterns

intermediatesecuritycomplianceaccess-controlaudit

Generate a weekly VIP/admin sign-in anomaly report

Detect unusual sign-in patterns for privileged and executive accounts in Microsoft 365

intermediatesecuritycompliancemonitoringprivileged-accessreporting