{"id":50515343,"url":"https://github.com/dkmaker/microsoft-tenant-audit-cli","last_synced_at":"2026-06-02T23:31:06.215Z","repository":{"id":343981660,"uuid":"1179958147","full_name":"dkmaker/microsoft-tenant-audit-cli","owner":"dkmaker","description":"Security audit tool for Microsoft 365 tenants — CIS benchmarks, drift detection, HTML dashboard reports","archived":false,"fork":false,"pushed_at":"2026-03-12T15:28:46.000Z","size":781,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-12T21:27:15.541Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dkmaker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-12T14:56:05.000Z","updated_at":"2026-03-12T15:29:00.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/dkmaker/microsoft-tenant-audit-cli","commit_stats":null,"previous_names":["dkmaker/microsoft-tenant-audit-cli"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/dkmaker/microsoft-tenant-audit-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dkmaker%2Fmicrosoft-tenant-audit-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dkmaker%2Fmicrosoft-tenant-audit-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dkmaker%2Fmicrosoft-tenant-audit-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dkmaker%2Fmicrosoft-tenant-audit-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dkmaker","download_url":"https://codeload.github.com/dkmaker/microsoft-tenant-audit-cli/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dkmaker%2Fmicrosoft-tenant-audit-cli/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33841995,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-02T02:00:07.132Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-02T23:31:05.706Z","updated_at":"2026-06-02T23:31:06.209Z","avatar_url":"https://github.com/dkmaker.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🛡️ Office 365 Security Audit Framework\n\nA command-line security audit tool for Microsoft 365 tenants. Scans Entra ID, Exchange Online, SharePoint, and Teams configurations against CIS benchmarks and security best practices.\n\n## Features\n\n- **15+ security checks** across identity, data protection, access control, and threat protection\n- **HTML dashboard** with severity breakdown charts, expandable findings, and remediation guidance\n- **JSON reports** for automation and tooling integration\n- **Drift detection** — compare runs to spot new and resolved findings\n- **CIS M365 benchmark** mapping with framework references\n\n## Prerequisites\n\n- **Node.js 22+** — [download](https://nodejs.org/)\n- **pnpm** — install with `npm install -g pnpm`\n- **Microsoft Entra ID App Registration** with the following **Application** (not Delegated) API permissions:\n\n| Permission | Purpose |\n|------------|---------|\n| `Directory.Read.All` | Read users, roles, groups |\n| `Policy.Read.All` | Read conditional access policies |\n| `User.Read.All` | Read user profiles |\n| `UserAuthenticationMethod.Read.All` | Check MFA status |\n| `Sites.Read.All` | Read SharePoint site settings |\n| `MailboxSettings.Read` | Read inbox rules |\n| `TeamSettings.ReadWrite.All` | Read Teams configuration |\n\n\u003e 💡 See Microsoft's guide on [registering an application](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app) and [granting admin consent](https://learn.microsoft.com/en-us/entra/identity-platform/v2-permissions-and-consent).\n\n### Automated Setup (PowerShell 7)\n\nThe included `setup.ps1` script creates the app registration, assigns all permissions, grants admin consent, and outputs your `.env` credentials — all in one step:\n\n```powershell\n# Requires PowerShell 7+ and Global Admin rights\n./setup.ps1\n```\n\nThe script will:\n1. Install the `Microsoft.Graph` module if missing\n2. Prompt you to sign in as a Global Administrator\n3. Create the app registration with all 15 required permissions\n4. Grant admin consent\n5. Generate a client secret (1 year expiry)\n6. Print `TENANT_ID`, `CLIENT_ID`, and `CLIENT_SECRET` for your `.env` file\n\n## Installation\n\n```bash\n# Clone the repository\ngit clone \u003crepo-url\u003e\ncd office365-audit-framework\n\n# Install dependencies and build\npnpm install\npnpm build\n\n# Link the CLI globally (makes 'o365-audit' available everywhere)\nnpm link\n```\n\nAfter linking, you can run `o365-audit` from any directory.\n\n## Configuration\n\nCopy the example environment file and fill in your Entra ID app registration credentials:\n\n```bash\ncp .env.example .env\n```\n\nEdit `.env`:\n\n```ini\nTENANT_ID=your-tenant-id\nCLIENT_ID=your-app-client-id\nCLIENT_SECRET=your-app-client-secret\n```\n\n\u003e ⚠️ The `.env` file must be in the directory where you run `o365-audit`, or in the project root.\n\n## Usage\n\n```bash\n# Run a full security audit\no365-audit audit\n\n# Audit specific categories only\no365-audit audit --categories identity data-protection\n\n# Audit specific services only\no365-audit audit --services \"Entra ID\" Teams\n\n# Verbose output (show individual findings)\no365-audit audit --verbose\n\n# Custom output directory and retention\no365-audit audit --output-dir ./reports --keep-runs 20\n```\n\n### CLI Options\n\n| Flag | Description | Default |\n|------|-------------|---------|\n| `--output-dir \u003cdir\u003e` | Output directory for reports | `./output` |\n| `--categories \u003ccats...\u003e` | Filter: `identity`, `data-protection`, `access-control`, `threat-protection` | all |\n| `--services \u003csvcs...\u003e` | Filter: `\"Entra ID\"`, `\"Exchange Online\"`, `SharePoint`, `Teams` | all |\n| `--verbose` | Show detailed per-finding output | `false` |\n| `--keep-runs \u003cn\u003e` | Number of past runs to retain | `10` |\n\n### Exit Codes\n\n| Code | Meaning |\n|------|---------|\n| `0` | No critical or high severity findings |\n| `1` | Critical or high severity findings detected |\n| `2` | Execution error (auth failure, network, etc.) |\n\n## Output\n\nEach run creates a timestamped directory:\n\n```\noutput/\n  2026-03-12T14-30-00/\n    report.json       # Machine-readable findings\n    report.html       # Interactive HTML dashboard\n  latest.json         # Pointer to most recent run\n```\n\n### HTML Dashboard\n\nOpen `report.html` in any browser to see:\n\n- **Executive summary** — finding counts by severity\n- **Severity breakdown** — doughnut chart\n- **Findings by service/category** — bar charts\n- **Check details table** — status, severity, finding count, framework refs\n- **Expandable findings** — affected resources with remediation guidance\n- **Drift section** — new/resolved findings vs. previous run\n\n### Drift Detection\n\nOn subsequent runs, the tool automatically compares against the previous run:\n\n- 🆕 **New findings** — issues that appeared since last run\n- ✅ **Resolved findings** — issues that were fixed\n\nThe drift summary appears in both CLI output and the HTML dashboard.\n\n## Security Checks\n\n| Category | Service | Checks |\n|----------|---------|--------|\n| Identity | Entra ID | MFA enforcement, conditional access, guest users, app registrations, privileged roles |\n| Data Protection | Exchange / SharePoint | Inbox forwarding rules, SharePoint sharing, site permissions |\n| Access Control | Teams | Guest access, app policies, app catalog, meeting policies |\n| Threat Protection | Exchange | Anti-spam/phish policies, transport rules |\n\n## Example Report\n\nThe [`examples/`](examples/) directory contains an anonymized sample report so you can preview the output without running an audit:\n\n- [`examples/report.json`](examples/report.json) — Machine-readable JSON report\n- [`examples/report.html`](examples/report.html) — Interactive HTML dashboard (open in any browser)\n\n### Dashboard Preview\n\n![HTML Dashboard Preview](examples/report-preview.png)\n\n## Development\n\nSee [DEVELOPMENT.md](DEVELOPMENT.md) for build instructions, project structure, and how to add new checks.\n\n## License\n\nISC\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdkmaker%2Fmicrosoft-tenant-audit-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdkmaker%2Fmicrosoft-tenant-audit-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdkmaker%2Fmicrosoft-tenant-audit-cli/lists"}