Checklist
Entra / Azure Test
- Pingcastle Entra ID Scan to look for overly-permissive applications
- RoadTools for
- Synced Admin Accounts & non Admin Accounts with Entra Roles
- Test for Device Code Flow Authentication Flow Login
- AzureHound for Entra / Azure Attack Path Enumeration
- Privileged Identity Management (PIM) active?
- directly assigned Roles
- Conditional Access Policies audit
- Admin Accounts without phishing resistant MFA
- Use of Privileged Access Workstations (PAWs)
- Device Code Flow Login
- Legacy Authentication
- MFA for all Users
- MFA usage Break-Glass-Account?
- Exclusions from CA Policies
- External / Partner Permissions for Access on Tenant?
- Azure Resource / Resource Group Permissions
- Guest User / Invitation Policy
- Self Service Password Reset Config
- Sysleaks
- Entra Portal Access for standard Users
- Dynamic Groups
- Intune Configuration
- Sensitive Files on Sharepoint