CRT: — CrowdStrike Reporting Tool for Azure

You are currently viewing CRT: — CrowdStrike Reporting Tool for Azure


This tool searches the Azure AD/O365 tenancy for the following configurations:

  • One that can reveal hard-to-find permissions and configuration settings.
  • Assisting enterprises in safeguarding these environments.
  1. Federation Configuration in Exchange Online (O365)
  2. Client Access Settings Configured on Mailboxes 2. Federation Trust
  3. Remote Domain Mail Forwarding Rules
  4. SMTP Forwarding Rules for Mailboxes
  5. Mail Transportation Regulations
  6. Delegates who have been granted ‘Full Access’ permission
  7. Any Permissions Granted Delegates
  8. Delegates with permissions to ‘Send As’ or ‘SendOnBehalf’

Users who have access to PowerShell in Exchange Online

  1. Users that have ‘Audit Bypass’ turned on
  2. Mailboxes that are not visible in the Global Address List (GAL)
  3. Gather audit logging configuration settings for administrators.

Azure AD:-

  1. Service Principal Objects with KeyCredentials in Azure AD
  2. Report on O365 Admin Groups
  3. Application Permissions & Delegated Permissions

Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purposes.

Download Link:

Leave a Reply