How to Use AetherCred
A step-by-step guide to deploying and utilizing AetherCred for your Microsoft Entra security posture assessment.
Step 1: Get the Script
The AetherCred script is available on GitHub. You can download it directly or clone the repository.
git clone https://github.com/itsharryshelton/AetherCred.gitAlternatively, you can navigate to the releases page and download the latest version.
Step 2: Grant Permissions
AetherCred requires specific Microsoft Graph API permissions to fetch the necessary security configurations and user data from your Entra ID tenant. These permissions are the minimum required for the script to function.
Required Microsoft Graph API Permissions:
You can grant these permissions to a **service principal** (recommended for automation) or directly to a **user account** running the script (less secure for regular use). Instructions for both methods are provided below.
Step 3: Run the Script
Once you have the script and the necessary permissions, you can execute it from PowerShell.
.\AetherCred-Core.ps1The script will prompt you to authenticate. Follow the on-screen instructions to complete the authentication process.
Upon successful execution, AetherCred will generate an HTML report in the same directory as the script, providing a detailed overview of your Entra ID security posture.
Make sure you have the AetherCred-Report.html and /Modules folder in the same script location.
Recommend that you use Visual Studio Code to run the code, sometimes the auth token doesn't work well within standard terminal session.
Step 4: Analyse the Report
The generated HTML report is designed to be easily digestible, highlighting critical vulnerabilities and providing actionable remediation steps.
- Review the User Risk Score for individual accounts to prioritize remediation efforts.
- Examine the Core Security Recommendations section for a high-level overview of best practices.
- Utilize the Remediation Guides (available on this website) to fix identified issues.