Entra ID Lab Setup
Status: Scaffold — content in progress
Requirements
- Azure free tier or MSDN subscription (Entra ID P2 trial for PIM/Identity Protection features)
- Entra ID tenant:
itdrlab.onmicrosoft.com - Python 3 + ROADtools / AADInternals for attack simulation
Lab Configuration
Create Test Users
# Using AZ CLI or Entra portal
az ad user create --display-name "testuser1" --user-principal-name "testuser1@itdrlab.onmicrosoft.com" --password "TestPass!123"
Enable Logging
- Entra Sign-in logs → Diagnostic Settings → send to Log Analytics Workspace
- Enable Entra ID Identity Protection
- Configure Entra Audit log streaming to SIEM
App Registrations for Attack Simulation
- Create an app registration with
Mail.Readpermission for consent grant simulation - Note the client ID for device code flow simulation
Attack Tool Setup
# ROADtools for Entra ID enumeration and token abuse
pip install roadtools
roadtx auth --device-code # triggers device code flow
Cross-Links
| Topic | Link |
|---|---|
| Device Code Phishing | device-code-phishing |
| Golden SAML | golden-saml |