A comprehensive PowerShell module for security posture assessment and identity governance reporting across Microsoft 365, Azure, and hybrid environments.
- Overview
- What's Included
- Prerequisites
- Installation
- Reports
- Common Features
- Use Cases
- Module Architecture
- Troubleshooting
- Roadmap
- Contributing
- Author & Contributors
- Changelog
- Support
M365IdentityPosture is an extensible PowerShell framework for security posture assessment and identity governance reporting across Microsoft 365, Azure AD/Entra ID, and hybrid environments. Built with a modular architecture, the framework provides specialized reports for different identity and access management scenarios, with each report generating interactive HTML output featuring runtime theme switching and comprehensive data visualization.
The module currently includes two comprehensive reports:
-
๐ Authentication Context Inventory: Maps authentication context requirements and enforcement across Microsoft 365 services including Purview, Conditional Access, PIM, SharePoint, and Teams. Identifies security gaps and configuration issues.
-
๐ฆ Access Package Documentor: Interactive graph-based visualization and documentation of Entitlement Management. Features Cytoscape.js graph visualization with filtering, search, zoom/pan controls, and multi-format export (PNG, Markdown, JSON). Co-developed with Christian Frohn.
Both reports generate interactive HTML with runtime theme switching (Classic/Light and Dark) and are designed for security auditors, compliance teams, and identity governance professionals.
- PowerShell: Version 7.0 or higher (PowerShell Core)
- Operating System: Windows 10/11, Windows Server 2019+, macOS, Linux
This module dynamically loads and unloads its dependencies as needed for each reporting phase. You do not need to import all modules up front. The following modules are required and will be loaded automatically when needed:
# Authentication Context Inventory dependencies
Microsoft.Graph.Authentication
Microsoft.Graph.Groups
ExchangeOnlineManagement
Microsoft.Online.SharePoint.PowerShell
# Access Package Documentor dependencies
Microsoft.Graph.Authentication
Microsoft.Graph.Identity.Governance
# Azure modules (only if Azure PIM reporting is enabled in AuthContext)
Az.Accounts
Az.ResourcesNote: The module handles loading and unloading as needed. If a required module is missing, you will be prompted to install it, or the report will skip that phase.
Minimum permissions needed vary by report:
Microsoft Graph API:
Directory.Read.AllGroup.Read.AllPolicy.Read.AllPolicy.Read.ConditionalAccessAuthenticationContext.Read.AllRoleManagement.Read.DirectoryPrivilegedAccess.Read.AzureADGroupInformationProtectionPolicy.Read.All
Service-Specific Roles:
- Exchange Online: View-Only Organization Management
- SharePoint Online: SharePoint Administrator or Global Reader
- Azure: Reader role on subscriptions (for Azure PIM enumeration)
Microsoft Graph API:
EntitlementManagement.Read.AllDirectory.Read.All(for resolving directory objects)
# Install from PSGallery
Install-Module -Name M365IdentityPosture -Scope CurrentUser
# Or install for all users (requires admin)
Install-Module -Name M365IdentityPosture -Scope AllUsers- Clone or download this repository
git clone https://github.com/Noble-Effeciency13/M365IdentityPosture.git- Copy to PowerShell modules directory
# Check available module paths
$env:PSModulePath -split ';'
# Copy to user module path (recommended)
$modulePath = "$HOME\Documents\PowerShell\Modules\M365IdentityPosture"
Copy-Item -Path ".\M365IdentityPosture\*" -Destination $modulePath -Recurse -Force- Import the module
Import-Module M365IdentityPosturePurpose: Comprehensive discovery and analysis of authentication context enforcement across Microsoft 365 services, providing visibility into where and how authentication requirements are applied throughout your tenant.
When to Use:
- Security posture assessments and Zero Trust maturity evaluation
- Compliance audits requiring authentication requirements documentation
- Gap analysis of authentication context enforcement
- Pre/post implementation validation of authentication policies
Quick Start:
# Import the module
Import-Module M365IdentityPosture
# Basic usage - discovers all authentication contexts across services
Invoke-AuthContextInventoryReport
# Exclude Azure PIM enumeration for faster execution
Invoke-AuthContextInventoryReport -ExcludeAzure
# Custom output path with quiet mode
Invoke-AuthContextInventoryReport `
-TenantName "contoso" `
-OutputPath "C:\Reports\AuthContext" `
-Quiet `
-NoAutoOpenKey Capabilities:
- Purview Sensitivity Labels: Discovers labels with embedded authentication context requirements and tracks label inheritance
- Conditional Access Policies: Maps policies referencing authentication contexts with target users, groups, and applications
- Privileged Identity Management (PIM): Analyzes directory role policies, group-based PIM, and Azure resource PIM policies (optional)
- SharePoint Online: Identifies direct authentication context assignments and inherited contexts through labels
- Microsoft 365 Groups & Teams: Tracks label inheritance and context enforcement across teams and channels
- Protected Actions: Maps RBAC resource actions requiring authentication contexts
- Cross-Service Correlation: Identifies relationships and dependencies between services
- Gap Identification: Highlights unused or misconfigured authentication contexts
Parameters: For complete parameter documentation and advanced examples, run:
Get-Help Invoke-AuthContextInventoryReport -FullPurpose: Interactive graph-based visualization and comprehensive documentation of Entitlement Management configurations, providing clear visibility into access package structures, policies, workflows, and resource assignments.
When to Use:
- Access review preparation and delegation audits
- Onboarding/offboarding process documentation
- Entitlement management optimization and cleanup
- Compliance reporting for access governance
Quick Start:
# Import the module
Import-Module M365IdentityPosture
# Basic usage - documents all access packages and catalogs
Invoke-AccessPackageDocumentor -OutputPath "C:\Reports\AccessPackages"
# Use dark theme
Invoke-AccessPackageDocumentor `
-OutputPath "C:\Reports" `
-Theme Dark
# Quiet mode without auto-opening the report
Invoke-AccessPackageDocumentor `
-OutputPath "C:\Reports" `
-Quiet `
-NoAutoOpenKey Capabilities:
- Access Package Structure: Complete inventory of access packages, catalogs, and assignment policies
- Resource Assignments: Maps resource role scopes including groups applications, SharePoint sites, and Teams
- Approval Workflows: Documents multi-stage approval processes with approvers and escalation settings
- Policy Configurations: Captures expiration settings, access reviews, requestor questions, and custom extensions
- Verified ID Integration: Shows Verified ID requirements in policies when configured
- Interactive Cytoscape.js Graph:
- Zoom, pan, and drag-to-explore visualizations
- Filter by catalog, access package, policy, or resource type
- Full-text search across all node labels
- Click nodes to view detailed information in side panel
- Layout optimization for different graph sizes
- Multi-Format Export:
- PNG/JPEG: High-resolution graph screenshots
- Markdown: Hierarchical documentation with all details
- JSON: Structured data for external processing or integration
Parameters: For complete parameter documentation and advanced examples, run:
Get-Help Invoke-AccessPackageDocumentor -FullThis report was co-developed with Christian Frohn.
All reports in the M365IdentityPosture module share these capabilities:
Both reports generate HTML with two built-in themes:
- Classic (Light): Default professional appearance with high contrast
- Dark: Reduced eye strain for extended viewing sessions
Reports include a theme toggle button for instant switching without regenerating the report.
The module automatically loads required PowerShell modules on-demand for each phase and unloads them afterward to free memory. No need to pre-import dependencies.
Detailed execution logs are automatically generated in your temp directory with timestamps:
- Windows:
%TEMP%\M365IdentityPosture_YYYYMMDD_HHMMSS.log - Linux/macOS:
/tmp/M365IdentityPosture_YYYYMMDD_HHMMSS.log
All reports perform read-only operations with no tenant modifications, making them safe to run in production environments.
Visual progress indicators and status messages keep you informed during long-running operations across multiple services.
The M365IdentityPosture module addresses key identity and access management scenarios:
- Security Posture Assessment: Quarterly evaluations and Zero Trust maturity benchmarking
- Compliance Auditing: Authentication requirements documentation and regulatory validation
- Access Governance: Access review preparation and entitlement management optimization
- Identity Lifecycle Management: Onboarding/offboarding process documentation and validation
- Gap Analysis: Identify security gaps, misconfigurations, and unused resources
- Migration Planning: Zero Trust readiness assessment and authentication modernization
- Audit Evidence: Generate compliance documentation and security control effectiveness reports
Both reports complement each other: use Authentication Context Inventory for security policy enforcement analysis, and Access Package Documentor for access governance and delegation workflows.
M365IdentityPosture/
โโโ M365IdentityPosture.psd1 # Module manifest
โโโ M365IdentityPosture.psm1 # Root module with banner
โโโ Public/ # Exported functions
โ โโโ Invoke-AuthContextInventoryReport.ps1
โ โโโ Invoke-AccessPackageDocumentor.ps1
โโโ Private/ # Internal functions (organized by domain)
โ โโโ AuthContext/ # Authentication context specific
โ โโโ Authentication/ # Service connections
โ โโโ DataCollection/ # Cross-service data retrieval
โ โโโ DataProcessing/ # Data transformation
โ โโโ Orchestration/ # Workflow coordination
โ โโโ ReportGeneration/ # HTML/Export generation
โ โโโ Utilities/ # Shared helpers
โโโ Tests/ # Pester tests and validation
- Privileged role usage patterns
- Role activation history
- Standing vs eligible assignments
- Separation of duties analysis
- Role mining recommendations
- Conditional Access Gap Analysis
- Uncovered users and applications
- Policy overlap and conflicts
- MFA and device compliance gaps
- Sign-in risk coverage
- Location-based access patterns
- Identity Security Dashboard
- Security defaults assessment
- Identity Protection policy effectiveness
- Risky user and sign-in analytics
- Password health metrics
- Authentication method analysis
- Hybrid identity synchronization health
- Cross-cloud security posture (AWS/GCP integration)
- Automated remediation recommendations
- Integration with Microsoft Secure Score
- Custom compliance framework mapping
- Maester integration
# Check your PowerShell version
$PSVersionTable.PSVersion
# If version < 7.0, install PowerShell 7+
# Windows
winget install Microsoft.PowerShell
# macOS
brew install --cask powershell
# Linux
# See: https://docs.microsoft.com/powershell/scripting/install/installing-powershell-on-linux# Verify module is in correct path
Get-Module -ListAvailable M365IdentityPosture
# Check for missing dependencies
Test-ModuleManifest -Path ".\M365IdentityPosture\M365IdentityPosture.psd1"
# Force reload if cached
Remove-Module M365IdentityPosture -Force -ErrorAction SilentlyContinue
Import-Module M365IdentityPosture -Force# Clear existing Graph context
Disconnect-MgGraph
# Re-authenticate with required scopes
Connect-MgGraph -Scopes @(
"Directory.Read.All",
"Policy.Read.All",
"Group.Read.All",
"Policy.Read.ConditionalAccess",
"AuthenticationContext.Read.All",
"RoleManagement.Read.Directory",
"PrivilegedAccess.Read.AzureADGroup",
"InformationProtectionPolicy.Read.All"
)
# Verify connected account
Get-MgContextDetailed logs are automatically generated:
# Default log location
# Windows: %TEMP%\M365IdentityPosture_YYYYMMDD_HHMMSS.log
# Linux/macOS: /tmp/M365IdentityPosture_YYYYMMDD_HHMMSS.log
# View current session log
Get-Content "$env:TEMP\M365IdentityPosture_*.log" | Select-Object -Last 100
# Enable verbose output for debugging
Invoke-AuthContextInventoryReport -TenantName "contoso" -Verbose
# Enable debug output for maximum detail
$DebugPreference = 'Continue'
Invoke-AuthContextInventoryReport -TenantName "contoso"The M365IdentityPosture module continues to expand with additional identity and access management reports:
-
Role Assignment Auditing
- Privileged role usage patterns and activation history
- Standing vs eligible assignments analysis
- Separation of duties validation
- Role mining and optimization recommendations
-
Conditional Access Gap Analysis
- Uncovered users and applications identification
- Policy overlap and conflict detection
- MFA and device compliance gap analysis
- Sign-in risk coverage evaluation
- Location-based access pattern analysis
-
Identity Protection Dashboard
- Security defaults effectiveness assessment
- Identity Protection policy analysis
- Risky user and sign-in analytics
- Password health metrics
- Authentication method distribution
- Hybrid identity synchronization health monitoring
- Cross-cloud security posture (AWS/GCP integration)
- Automated remediation recommendations
- Microsoft Secure Score integration
- Custom compliance framework mapping
- Maester test framework integration
Timeline: Development priorities are determined by community feedback and organizational needs. Contributions are welcome! See the Contributing section for guidelines.
We welcome contributions! Please follow these guidelines:
When adding a new security or identity report:
-
Follow the established pattern:
- Public function:
Invoke-<ReportName```Report - Private orchestration in appropriate folders
- Consistent parameter naming
- Public function:
-
Maintain module philosophy:
- Read-only operations only
- Comprehensive error handling
- Progress reporting for long operations
- HTML output with metrics dashboard
-
Documentation requirements:
- Complete comment-based help
- README section for new report
- Sample output screenshots
- Required permissions documentation
- Fork the repository
- Create a feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
- Follow PowerShell best practices and style guidelines
- Add Pester tests for new functions
- Update documentation for new features
- Ensure backward compatibility
- Test with PowerShell 7+ on multiple platforms
- Use tab characters for indentation (not spaces)
- Include comprehensive comment-based help
- โญ Star this repo if you find it useful
- ๐ Watch for updates on new reports
- ๐ด Fork to customize for your organization
- ๐ฌ Share your use cases and success stories
- ๐ Report issues to help improve the module
- ๐ก Suggest features for future development
This project is licensed under the MIT License - see the LICENSE file for details.
Sebastian Flรฆng Markdanner - Module Author
- ๐ Website: https://chanceofsecurity.com
- ๐ GitHub: @Noble-Effeciency13
- ๐ผ LinkedIn: Sebastian Markdanner
Christian Frohn - Access Package Documentor Co-Author
- Collaborative development of the Access Package Documentor feature
- ๐ Website: https://www.christianfrohn.dk/
- ๐ GitHub: @ChrFrohn
- ๐ผ LinkedIn: Christian Frohn
- Microsoft Graph PowerShell SDK team
- Exchange Online Management module team
- SharePoint PnP Community
- Azure PowerShell team
- The PowerShell community
- All contributors and users providing feedback
- Microsoft Graph API Documentation
- Authentication Context Overview
- Conditional Access Documentation
- PIM Documentation
- Sensitivity Labels Documentation
- Zero Trust Guidance
See CHANGELOG.md for a detailed history of changes, updates, and version information.
- New Feature: Access Package Documentor with interactive graph visualization
- Interactive Cytoscape.js graph for access package relationships
- Comprehensive export capabilities (PNG, Markdown, JSON)
- Enhanced HTML reports with light/dark theme toggle
- Developed in collaboration with Christian Frohn
- See full changelog for complete details
For bugs, feature requests, or questions:
- ๐ Open an issue
- ๐ฌ Check discussions for Q&A
- ๐ Follow updates on Chance of Security
๐ Security: For security concerns or vulnerability reports, please email security@chanceofsecurity.com rather than using public issues.