RiskyUsers‐Analyzer - LETHAL-FORENSICS/Microsoft-Analyzer-Suite GitHub Wiki

TL;DR

RiskyUsers-Analyzer.ps1 is a PowerShell script utilized to simplify the analysis of the detected identity-based user risks from the Entra ID Identity Protection extracted via Microsoft-Extractor-Suite by Invictus-IR.

Fig 1: RiskyUsers-Analyzer

RiskyUsers
Fig 2: Risky Users

[!NOTE] Using the riskyUsers Graph API requires a Microsoft Entra ID P2 license.

Links

What is Identity Protection?
Microsoft Graph - riskyUser resource type