Github CAPolicyAnalyzer скачать в хорошем качестве

Github CAPolicyAnalyzer

The CA Policy Analyzer is a free, browser-based security tool that analyzes your Entra ID (Azure AD) Conditional Access policies against industry benchmarks and known attack patterns. What it does You sign in with your Entra ID credentials, and it reads all your CA policies via Microsoft Graph — then evaluates them across six dimensions: Dashboard — A composite security posture score (0–100) with letter grade, built from three pillars: CIS alignment, template coverage, and configuration quality Policies — Visual flow cards for every policy showing Users → Conditions → Apps → Grant/Session controls Findings — Severity-ranked issues like FOCI token-sharing risks, known CA bypasses (Device Registration Service, Azure VM Sign-In), Swiss Cheese OR-logic problems, and missing MFA baselines Templates — Gap analysis against 37 best-practice policy templates, showing what you have, what partially matches, and what's missing CIS Benchmark — 19 controls from the CIS Microsoft 365 Foundations Benchmark v6.0.0, with pass/fail scoring, near-miss detection, MS Learn references, active M365 advisories, and step-by-step remediation guidance MS Learn Exclusions — 14 checks sourced from Microsoft documentation flagging policies missing required exclusions (Surface Hub, Teams Rooms, break-glass accounts, token protection prerequisites, etc.) Key design principles 100% client-side — no backend server, your data never leaves your browser License-aware — detects your Entra P1/P2/Intune licenses and excludes controls you can't implement, so the score reflects reality Actionable — every failing check includes remediation guidance with portal steps, suggested policy names, and sample JSON templates Research-backed — based on work from Fabian Bader (TROOPERS25 CA bypasses), Secureworks (FOCI research), CIS benchmarks, and Microsoft Learn documentation It's essentially a one-click CA policy audit that tells you what's good, what's broken, and exactly how to fix it.