Tag: audit

Checks for services and scheduled tasks that are configured to run using domain accounts. For such accounts, the script reports the password expiry date.
Use cases:
1) detecting expiry of accounts used for services, so that the account password may be renewed
2) detecting the use of domain accounts, as opposed to managed service accounts

Searches one or more Azure Tenants for Certificates and Client Secrets. The script reports on all credentials discovered, with their expiry date and a 'hint' that identifies the secret.
If expired or soon-to-expire credentials are discovered, an event log is written - this can be used as a trigger to generate an alert
The Application specified in the credential set must have the following permissions:
Application.Read.All (mandatory) - to read the secret metadata attached to the application
User.Read.All (mandatory) - to report the owner name and contact details
Directory.Read.All (optional) - to report the tenant name

Show all Active Directory Accounts which have not been logged into for specified days or more.
System account and accounts without any login activity are ignored by this script.
Reporting on inactive accounts will return the command to disable those accounts.
Disabling accounts will return the command to re-enable those accounts to counter mistakes.