emiliensocchi

emiliensocchi / entra-ca-insight

Public

Discover gaps in Entra Conditional Access policies before attackers do

22
0
100% credibility
Found Feb 26, 2026 at 20 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

A security analysis tool that proactively identifies gaps in Microsoft Entra ID Conditional Access policies by simulating access scenarios offline.

How It Works

1
📰 Discover CA Insight

You hear about a helpful tool from security experts that spots weak spots in your company's login protections before bad guys find them.

2
📥 Get the tool ready

Download the program and open it on your computer – it's simple, no fancy setup needed.

3
🔗 Link your organization

Enter a secure pass to connect it safely to your company's login rules, so it can peek without changing anything.

4
Choose your check
👥
Check staff logins

Scan everyday users trying to reach work apps from anywhere.

👻
Check guests

Review external visitors accessing your resources.

🤖
Check AI agents

Examine smart helpers and automated services.

5
🚀 Launch the scan

Hit start and watch it smartly test thousands of login scenarios offline to find unprotected paths quickly.

6
📊 Explore results

Open the colorful web dashboard to see gaps listed clearly with pictures, stats, and easy filters.

✅ Secure your setup

Use the insights to tighten protections, knowing you've caught risks before they cause trouble – your team is safer!

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 20 to 22 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is entra-ca-insight?

This Python tool scans your Microsoft Entra ID tenant to discover gaps in Conditional Access policies before attackers do, pinpointing access combos (like user, app, location, client) that fallback to plain username/password without MFA, auth strength, or blocks. Run it via CLI for automated scans or fire up the web portal to visualize gaps, track scan history, and compare policy changes over time. It's proactive—enumerates all possible access paths offline after a quick Graph API pull, unlike reactive sign-in log analysis.

Why is it gaining traction?

It beats log-based tools by finding unused gaps that never show in audits, scaling to thousands of identities with minimal API calls and multithreading. Developers love the dual CLI/web setup for CI/CD pipelines or interactive dashboards, plus smart filtering by users/groups/roles and exportable reports for compliance. Among discover tools github offers for Entra security, its offline permutation eval and universal coverage stats make policy tuning dead simple.

Who should use this?

Entra admins hardening access for cloud apps, AI agents, or guest users against real-world exploits. Security engineers auditing workload identities or agent resources in large tenants. Compliance teams needing historical proof of policy gaps before project discover github mandates kick in.

Verdict

Grab it if you're deep in Entra CA management—solid docs and wiki make setup straightforward despite 19 stars and 1.0% credibility score signaling early maturity. Test in non-prod first; lacks broad adoption but delivers real insight fast.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.