We have just released a major update to the Microsoft Extractor Suite. Below an overview of all the functions:
🔧 Installation
𝘐𝘯𝘴𝘵𝘢𝘭𝘭-𝘔𝘰𝘥𝘶𝘭𝘦 -𝘕𝘢𝘮𝘦 𝘔𝘪𝘤𝘳𝘰𝘴𝘰𝘧𝘵-𝘌𝘹𝘵𝘳𝘢𝘤𝘵𝘰𝘳-𝘚𝘶𝘪𝘵𝘦
📈 Entra ID acquisition now supports:
- Get-AdminUsers retrieve users with Administrative privileges
- Get-ConditionalAccessPolicies get all enabled CA policies
- Get-RiskyDetections
- Get-RiskyUsers
- Get-MFA, check MFA enrollment status in your tenant
🔍 Microsoft 365 forensics:
- Get- Sessions, identify sessions in the UAL can be used to detect Adversary in The Middle (AiTM) attacks
- Get-MessageIDs, can be used to find all messages accessed within a session
- Get-Email/Get-Attachment, used to retrieve emails and attachments based on InternetMessageIds
📖 Documentation:
https://microsoft-365-extractor-suite.readthedocs.io/en/latest/