Awesome Entra

A curated list of awesome Microsoft Entra tools, guides, and other resources.

Contents

• Newsletter
• Mind Map
• aka.ms
• Tools
• Community
• YouTube
• Bluesky
• Twitter
• LinkedIn
• Blogs

Newsletter

• Entra.News - Weekly round up of the latest Microsoft Entra news from Microsoft and the community.

Mind Map

• Microsoft Entra Mind Maps - Visual representation of Microsoft Entra and its components with links to docs. Includes Entra Roles mindmap.

Entra Learning Hubs

• Global Secure Access - Resource Hub - Knowledge hub for all things GSA maintained by the GSA Customer Experience Engineering team.

aka.ms & cmd.ms

• cmd.ms/portals/azuread - Complete list of shortcuts to blades in the Entra portal.
• aka.ms/commands - List of common Microsoft short links.
• msportals.io - Links to all Microsoft admin portals.
• aka.ms/entratemplates - Email templates & posters to roll out Microsoft Entra features like MFA, SSPR, and more.
• aka.ms/entraidac - Microsoft Entra ID Admin Center
• aka.ms/myapps - My Apps
• aka.ms/myaccount - My Account
• aka.ms/my-groups - My Groups
• aka.ms/my-access - My Access Packages
• aka.ms/mystaff - My Staff
• aka.ms/mysecurity, aka.ms/mysecurityinfo - My Security Info
• aka.ms/mysignins - My Sign-ins
• aka.ms/pim - Privileged Identity Management - Roles
• aka.ms/pimg - Privileged Identity Management - Groups
• aka.ms/pimr - Privileged Identity Management - Roles
• aka.ms/pimz - Privileged Identity Management - Azure Resources
• aka.ms/sspr - Self Service Password Reset
• aka.ms/mfasetup - Alternative for My Security Info
• aka.ms/entradocs - Microsoft Entra Technical Documentation
• aka.ms/graphref - Microsoft Graph REST API Reference - v1.0
• aka.ms/graphrefbeta - Microsoft Graph REST API Reference - Beta

Tools

Microsoft Product Downloads

• Microsoft Entra Application Proxy
• Microsoft Entra Connect
• Microsoft Entra Provisioning Agent
• Microsoft Entra Connect Health agents

CLI

• 365AutomatedLab - Create a Microsoft 365 Test Environment using a test data from an Excel workbook.
• AADInternals - PowerShell toolkit for administering and hacking Azure AD and Microsoft 365.
• AzADServicePrincipalInsights - Insights and change tracking on Service Principals/ Applications and Managed Identities (outputs html, csv, json).
• Azure AD Assessment aka.ms/AzureADAssessmentTools - Guidance to assess the health of an Azure AD tenant and provide best practice guidance / recommendations.
• Azure-AccessPermissions - Script to enumerate access permissions in an Azure Active Directory environment
• AzureADTenantID - PowerShell module to retrieve the TenantID for an Azure AD Tenant.
• AzurePrivilegedIAM - Docs and samples for privileged identity and access management in Microsoft Azure and Microsoft Entra
• AzurePasswordProtectionCalculator - Calculator for Azure Password Protection
• BadZure - A tool to simulate common Entra security misconfigurations.
• BloodHound - BloodHound uses graph theory to reveal hidden relationships and attack paths in an Active Directory environment that would otherwise be impossible to quickly identify.
• CA Optics - Conditional Access gap analyzer
• ConditionalAccessDocumentation - PowerShell module to document Conditional Access policies in Excel.
• DCToolbox - Collection of tools for Conditional Access automation, what-if simulation and more.
• EasyPIM - Manage PIM Azure Resource role and assignment with ease.
• Entra Exporter aka.ms/EntraExporter - PowerShell module that exports all the config and data of a Microsoft Entra tenant.
• Entra Export Template - Workflows for scheduled export of settings from an Entra tenant.
• Evilginx - Man-in-the-middle attack framework
• family-of-client-ids-research - Research into Undocumented Behavior of Azure AD Refresh Tokens
• Graph PowerShell Sample Script Repository - aka.ms/graphsamples - Community contributed repository of common Graph PowerShell scripts
• GraphRunner - A Post-exploitation Toolset for Interacting with the Microsoft Graph API
• MicroBurst - PowerShell Toolkit for Attacking Azure.
• Microsoft365DSC - Manages, configures, extracts and monitors Microsoft 365 tenant configurations using PowerShell DSC
• Microsoft First Party AppNames aka.ms/AppNames - Repository hosting a daily updated csv/json of Microsoft first party app names and their GUIDs (useful for kql queries and scripts).
• Microsoft-Cloud-Group-Analyzer - Provides instant insights in what services, policies,... a given group or user is scoped to.
• Microsoft-Extractor-Suite - Invictus IR - PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.
• MicrosoftGraphPS - Version manager for the Graph PowerShell SDK.
• MiniGraph - Minimal overhead Microsoft Graph client implementation for lean environment like Azure Functions
• MSIdentityTools aka.ms/msid - Collection of useful cmdlets for common Entra functionality.
• Ping Castle - Security Assessment Tool
• PSMSGraphBatchRequest - PowerShell module to transform data into Microsoft Graph Batch Requests.
• PowerZure - PowerShell project created to perform reconnaissance and exploitation of Azure, AzureAD, and the associated resources.
• ROADrecon - Tool for exploring information in Azure AD from both a Red Team and Blue Team perspective.
• ROPCI - Identify MFA gaps in your Entra configuration that allow API access through ROPC.
• ScoutSuite - Multi-Cloud Security auditing tool.
• ScubaGear - cisa.gov - PowerShell module developed by CISA to verify M365 tenant configuration confirms to Secure Cloud Business Applications (SCuBA) Security Configuration Baseline.
• StormSpotter aka.ms/StormSpotter - Azure Red Team tool for graphing Azure and Azure Active Directory objects.
• TokenTactics - Tool to test and demonstrate the impact of token-based attacks on Microsoft Entra.
• TokenTacticsV2 - Fork of the great TokenTactics with support for CAE and token endpoint.
• Microsoft cloud group analyzer - Sript that provides insights in what services/policies/... a given group or user is scoped to.
• EntraOps - Classify, identify and protect your privileges based on Enterprise Access Model
• Maester - Automated test framework for conditional access and Entra configuration

Web apps

• AADInternals - OSINT - OSINT web app that displays tenant information.
• Microsoft Graph Explorer aka.ms/ge - Graph Explorer is a web-based tool to help you understand and test Microsoft Graph APIs.
• idPowerToys - Microsoft Entra related power toys including a Conditional Access visualizer and Entra mind maps.
• SCIM Playground - SCIM Playground is a web-based tool to help you understand and test SCIM APIs.
• Conditional Access Blueprint - Four tools to model and create CA policies.

Log Analytics, KQL, Logic Apps...

• Entra ID Security Config Analyzer (EIDSCA) - Monitor Entra ID security configuration using Log Analytics, Azure Workbook and Sentinel.
• Hunting Queries & Detection Rules - Azure Active Directory
• Automatically Exclude BreakGlass Group From Conditional Access - Logic App to automatically exclude a BreakGlass group from Conditional Access policies.
• EntraID-Group-Cleanup - Azure Runbook to automatically remove users from a group based on time of membership (e.g. 30 days).
• EntraID-MFA-DynamicGroup - Azure Runbook to automatically add users to a group based on MFA status.

Certifications

• Microsoft Certified: Identity and Access Administrator Associate
  • SC-300: Microsoft Identity and Access Administrator
  • SC-300: Learning Path
  • Study guide for Exam SC-300: Microsoft Identity and Access Administrator
  • SC-300 exam prep videos - Microsoft Learn
  • Course SC-300T00-A: Identity and Access Administrator
  • John Savill's SC-300 Cram - Playlist

Community

• Reddit /r/Entra - Subreddit for discussing Microsoft Entra.
• Discord discord.entra.news - Discord server for discussing Microsoft Entra.
• Slack - MacAdmins #microsoft-entra channel - Slack channel for discussing Microsoft Entra related to Apple devices.
• LinkedIn Group - Microsoft Entra - LinkedIn group for discussing Microsoft Entra.

YouTube

Channels

• Andy Malone (@AndyMaloneMVP), MVP
• John Craddock Identity and Access Training (@john_craddock), MVP
• John Savill (@NTFAQGuy), Microsoft
• Merill Fernando (@merillx)), Microsoft
• Peter Rising (@peterrisingM365), MVP
• RioCloudSync (@RioCloudSync), MVP

Shows

Entra ID Architecture Deep Dive

• Microsoft Entra ID Core Store: Data centers
• Microsoft Entra ID Core Store: Read and write replicas
• Microsoft Entra ID Core Store: Scale units

Awesome blog posts

These posts will make your head hurt, but in a good way.

• Microsoft Incident Response lessons on preventing cloud identity compromise

Bluesky

• Damien Bowden, MVP
• Merill Fernando, Microsoft

Twitter

• Alex Simons (@Alex_A_Simons), Microsoft
• Ali Tajran (@alitajran)
• Andy Robbins (@_wald0), BloodHound
• Claus Jespersen, Microsoft
• Daniel Krzyczkowski (@DKrzyczkowski), MVP
• Daniel Bradley (@DanielatOCN), MVP
• DebugPrivilege (@DebugPrivilege), Ex MVP
• Dirk-jan (@_dirkjan), ROADrecon
• Dr. Nestori Syynimaa (@DrAzureAD), AADInternals, Microsoft
• Erica Zelic (@EricaZelic)
• Fabian Bader (@fabian_bader), MVP
• Jan Bakker (@janbakker_), MVP
• Jef Kazimer (@jefkazimer), Microsoft
• Jeffrey Appel (@JeffreyAppel7), MVP
• Joe Stocker (@ITguySoCal), MVP
• John Savill (@NTFAQGuy), Microsoft
• Jon Jarvis (@jonjarvis), MVP
• Jon Towles (@m0bilej0n), MVP
• Joosua Santasalo (@SantasaloJoosua), MVP
• @inversecos
• Karl Fosaaen (@kfosaaen), MicroBurst
• Lukas Beran (@lukasberancz), Microsoft
• Marius Solbakken (@mariussolbakken)
• Matt Zorich (@reprise_99), Microsoft
• Matthew Levy (@mattchatt42), MVP
• Merill Fernando (@merill), Microsoft
• Nick Ludwig (@welcome2theDL), Microsoft
• Olaf Hartong (@olafhartong), MVP, MVP
• Pim Jacobs (@pimjacobs89), MVP, MVP
• mRr3b00t (@mRr3b00t)
• Nathan McNulty (@nathanmcnulty)
• Rod Trent (@rodtrent), Microsoft
• rootsecdev (@rootsecdev)
• Ryan Hausknecht (@Haus3c)
• Ryan Yates (@ryanyates1990), Former MVP in Cloud & Datacenter Management
• Sean Metcalf (@PyroTek3)
• Stian A. Strysse (@stianstrysse)
• Suryendu Bhattacharyya (@crookedbong)
• @SwiftOnSecurity
• Thomas Naunheim (@thomas_live), MVP, MVP
• Thijs Lecomte (@ThijsLecomte), MVP, MVP
• Tony Redmond (@12Knocksinna), MVP

LinkedIn

• Bailey Bercik, Microsoft
• Damien Bowden, MVP
• Jan Bakker, MVP
• Chetan Desai, Microsoft
• Christina Morillo, Ex-Microsoft
• Den D., Microsoft
• Eric Mannon, MVP
• Mark Morowczynski, Microsoft
• Mark Wahl, Microsoft
• Monicah Wambugu, Microsoft
• Tee Earls, Microsoft

Blogs

Microsoft Blogs

• Microsoft Entra Blog - aka.ms/identityblog
• Microsoft Entra Developer Blog
• Microosft Security Blog

Community Blogs

• 360 Thrive 365 - threesixtythrive365.com
• Admindroid Blog - blog.admindroid.com
• Alex Holmeset's Blog - alexholmeset.blog
• Alitajran - alitajran.com
• Andy Robbins - medium.com/@_wald0
• Blueboxes - blueboxes.co.uk
• Brian Reid - c7solutions.com
• Lukas Beran - cswrld.com
• Call 4 Cloud - call4cloud.nl
• Charbel Nemnom - charbelnemnom.com
• Ciraltos - ciraltos.com
• Cloud Architekt - cloud-architekt.net
• Cloud Brothers - cloudbrothers.info
• Cloud Coffee - cloudcoffee.ch
• Damien Bowden - damienbod.com
• David Okeyode's Blog - davidokeyode.medium.com
• Derk van der Woude - derkvanderwoude.medium.com
• DirTeam - dirteam.com
• EMS Route - emsroute.com
• F12 - f12.hu
• Formula5 - formula5.com
• Good Workaround - goodworkaround.com
• Hamet Benoit's Blog - blog.hametbenoit.info
• Hans Brender - hansbrender.com
• Hybrid Brothers - hybridbrothers.com
• Identity Man - identity-man.eu
• Idefix Wiki - idefixwiki.no
• In The Cloud 24/7 - inthecloud247.com
• Intune IRL - intuneirl.com
• Icewolf's Blog - blog.icewolf.ch
• Jan Bakker - janbakker.tech
• Jeff Brown's Blog - jeffbrown.tech
• Julian Jakob - julianjakob.com
• Learning By Doing - learningbydoing.cloud
• Merill Fernando's Blog - merill.net
• MS Security - mssec.wordpress.com
• Matt Chatt - mattchatt.co.za
• Michev.info - michev.info
• Mike MDM - mikemdm.de
• MIM And Beyond - suryendub.github.io
• Mobile Jon - mobile-jon.com
• Myron Helgering - myronhelgering.com
• Nate Hutchinson - natehutchinson.co.uk
• Niels Kok - nielskok.tech
• Niklas Rast - niklasrast.com
• Oceanleaf - oceanleaf.ch
• O365 Reports - o365reports.com
• Our Cloud Network - ourcloudnetwork.com
• Prajwal Desai - prajwaldesai.com
• Poem to MDM - poemtomdm.fr
• Practical 365 - practical365.com
• Rod Trent's Substack - rodtrent.substack.com
• Rogier Dijkman - rogierdijkman.medium.com
• Rothe's Blog - blog.rothe.uk
• RootSecDev - rootsecdev.medium.com
• SCCMentor - sccmentor.com
• SCloud - scloud.work
• SMB to the Cloud - smbtothecloud.com
• Sander Van Rooij - svrooij.io
• Secure Cloud Blog - securecloud.blog
• SecureD IAM - securediam.com
• Silvio Di Benedetto - silviodibenedetto.com
• Sky Cliffs - skycliffs.wordpress.com
• Sky made simple - blog.skymadesimple.io
• Sonnes Cloud Blog - blog.sonnes.cloud
• Sysanddeploy - systanddeploy.com
• TBone - tbone.se
• That Lazy Admin - thatlazyadmin.com
• The New Control Plane - medium.com/the-new-control-plane
• Undocumented Features - undocumented-features.com
• Zero Trust - zerotrust.how

User Groups

• Dutch Microsoft Entra Community