A collection of scripts for finding threats in Office365.


This tool requires Reqeusts, Requests-cache and Jinja2 - these can be installed with pip install -r requirements.txt
It requires an administrative access to AzureAD & Office365 environment to set up but no specific account is required for its continued use.
You will need to create a new application registration in the AzureAD portal and grant it the following permissions at the application level and grant admin consent for them:

  • Microsoft Graph
    • Mail.ReadBasic.All
    • MailboxSettings.Read
    • User.Read.All

Next, generate a secret and make a record of the secret string as well as the app/client ID.
You will then need to make a copy of and update it with your own domain, app id and secret


Just run - no arguments are required and once the script has finished the report will be saved as report.html in the current directory