EntraIDSecurityScripts

1.0.2

PowerShell module for auditing and securing Microsoft Entra ID (Azure AD). Includes functions for auditing Conditional Access exclusions, legacy authentication sign-ins, and privileged user MFA configuration.

Minimum PowerShell version

7.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name EntraIDSecurityScripts -RequiredVersion 1.0.2

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name EntraIDSecurityScripts -Version 1.0.2

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

jdenka

Copyright

Package Details

Author(s)

Kent Agent (kentagent-ai)

Functions

Get-ConditionalAccessExclusions Get-LegacyAuthSignIns Get-AdminsWithoutPhishingResistantMFA Test-EntraIDSecurityModuleConnection

Dependencies

This module has no dependencies.

Release Notes

## Version 1.0.2
- Renamed GitHub repository to match module name
- Updated all documentation links to new repo URL

## Version 1.0.0

Initial release with the following functions:

### Get-ConditionalAccessExclusions
- Audits all exclusions in Conditional Access policies
- Resolves GUIDs to display names
- Risk assessment for large group exclusions
- Export to CSV support

### Get-LegacyAuthSignIns
- Finds sign-ins using legacy authentication (IMAP, POP3, SMTP, etc.)
- Queries both interactive AND non-interactive sign-ins
- Risk level assessment per protocol
- Summary statistics and recommendations

### Get-AdminsWithoutPhishingResistantMFA
- Identifies privileged users without FIDO2/WHfB/Certificate MFA
- Checks all critical admin roles
- Risk level based on role criticality
- Compliance summary

### Test-EntraIDSecurityModuleConnection
- Verifies Microsoft Graph connection
- Checks for required permission scopes

FileList

EntraIDSecurityScripts.nuspec
EntraIDSecurityScripts.psm1
EntraIDSecurityScripts.psd1
Public\Get-LegacyAuthSignIns.ps1
Public\Get-ConditionalAccessExclusions.ps1
Public\Get-AdminsWithoutPhishingResistantMFA.ps1
Private\Resolve-GraphObjectName.ps1

Version History

Version	Downloads	Last updated
2.5.0	7	3/17/2026
2.4.0	9	3/12/2026
2.3.6	5	3/12/2026
2.3.4	4	3/12/2026
2.3.3	3	3/12/2026
2.3.2	4	3/12/2026
2.3.1	4	3/12/2026
2.3.0	5	3/12/2026
2.2.5	5	3/12/2026
2.2.4	4	3/12/2026
2.2.3	4	3/12/2026
2.2.2	5	3/12/2026
2.2.1	5	3/12/2026
2.2.0	3	3/12/2026
2.1.0	4	3/11/2026
2.0.1	5	3/11/2026
2.0.0	3	3/11/2026
1.0.2 (current version)	4	3/11/2026
1.0.1	3	3/11/2026
1.0.0	6	3/11/2026

Show less