Tooling built for real environments — cloud security, identity automation, and Zero Trust readiness. Fork it, extend it, deploy it.
PowerShell module that pulls Microsoft Entra ID audit logs via Graph API and exports them to JSON, CSV, or Azure Log Analytics — useful for compliance evidence collection and long-term retention beyond the 30-day portal window.
Bicep templates for a production-ready Azure CAF Landing Zone with policy assignments, RBAC, Defender for Cloud settings, and budget alerts — opinionated defaults you can override via parameter files.
A set of Graph API-backed scripts to export, diff, import, and document Conditional Access policies. Enables GitOps-style CA management with human-readable YAML representations of policy state.
Python + Graph API tool that evaluates a Microsoft 365 tenant against CIS Benchmark controls and outputs a scored HTML report with remediation steps — supports Entra ID, Exchange Online, SharePoint, and Teams.
Curated KQL query library for Microsoft Defender XDR and Sentinel — organised by MITRE ATT&CK tactic, tagged by data source, and annotated with expected false-positive rates.
Interactive CLI tool (Python) that walks you through Microsoft's Zero Trust readiness model across all six pillars — identity, devices, apps, data, infrastructure, networks — and produces a weighted gap report.