ca-policy-investigation
CommunityCorrelate CA policy changes with sign-in failures
AuthorSCStelz
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill identifies and correlates Conditional Access (CA) policy changes with sign-in failures to reveal potential unauthorized policy manipulation, privilege abuse, or bypass attempts that weaken security controls.
Core Features & Use Cases
- CA policy-change correlation: Link policy state transitions (enabled, disabled, or report-only) to user sign-in events to determine cause and effect.
- Error-code contextual analysis: Associate CA-related error codes (53000, 50074, 530032) with policy changes and access attempts to assess risk.
- Audit-log driven investigations: Traverse SigninLogs, AADNonInteractiveUserSignInLogs, and AuditLogs to produce an auditable incident timeline and findings.
Quick Start
Trigger ca-policy-investigation when CA policy changes or sign-in failures are detected to begin a correlated analysis of policy states and impact.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ca-policy-investigation Download link: https://github.com/SCStelz/security-investigator/archive/main.zip#ca-policy-investigation Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.