Unlocking Microsoft 365 Security: How I Automated AI-Powered Risk Analysis with PowerShell

Video URL – https://www.youtube.com/watch?v=gyPXlI6GHCo

In this video, I walk you through my exclusive PowerShell script that transforms Microsoft 365 security management. Watch as I extract real-time security data from my Microsoft 365 tenant, summarize it, and seamlessly upload it to a custom AI Foundry agent powered by GPT-5. You’ll see how I authenticate using Azure AD, leverage model routing for the best AI analysis, and generate a detailed, actionable HTML security report—complete with risk assessments, prioritized recommendations, and remediation guides. This tool is available only to subscribers, so if you want to supercharge your Microsoft 365 security with AI automation, this is a must-watch! Drop your questions in the comments and discover what’s possible when PowerShell meets next-gen AI. See the blog post at – https://blog.ciaops.com/2026/01/22/co…

Essential 8 AI report via PowerShell

I recently provided a PowerShell script to extract M365 data for your own AI analysis. Also as part of that I provided two recommended prompts you can use to generate a report based on that data. I have now added an Essential 8 prompt you can use to generate a detailed Essential 8 analysis and report, which you an find here:

https://github.com/directorcia/Office365/blob/master/Analysis/Secure%20Score/prompt-e8.txt

You can see the result of this prompt in the images provided, which in this case was used with Copilot Researcher with Claude.

You can of course, use this prompt with any AI you prefer and just use it as a starting point and customise to suit your needs

If you have any further suggestions for prompts with this extract security data please let me know.

PowerShell script to extract M365 security data for your own AI analysis

I wrote about how I have now integrated PowerShell and AI recently:

https://blog.ciaops.com/2026/01/22/combining-powershell-and-ai-for-m365-security-analysis/

In that example, I use my own agent developed in Azure AI Foundry to analyse security data extracted from Microsoft 365. In there I did offer free access to the script and my Foundry AI agent for analysis. However, I do appreciate that many people are hesitant to allow a ‘foreign’ AI system to evaluate private M365 security data.

Therefore, I have created another script that will simply extract your M365 security data and put it into a local JSON file that you can then upload to your own AI for analysis. You will find that script at:

https://github.com/directorcia/Office365/blob/master/Analysis/Secure%20Score/o365-secure-score-extract.ps1

and the documentation is here:

https://github.com/directorcia/Office365/wiki/Extract-Microsoft-365-Secure-Score-information

To use this script you need to have the PowerShell Graph module installed and use an account that has appropriate access to M365 security information.

When run, you’ll see it extract the security from various places in the tenant as shown above.

It will then save that information to a local file as shown above.

In this case you’ll see that I used the –compact option to two data files. The normal one, which is around 8MB and a smaller one around 234KB. The reason for this is that I found in my testing that many AI systems don’t support large file uploads (M365 Copilot does but). So the smaller one can work with those limited systems.

Once you give your AI system of choice access to the data file by uploading it, you can then use any prompt you wish to analyse the data. Here are some prompts I have created you can use. A long one:

https://github.com/directorcia/Office365/blob/master/Analysis/Secure%20Score/prompt-long.txt

and a shorter one:

https://github.com/directorcia/Office365/blob/master/Analysis/Secure%20Score/prompt-short.txt

I have uploaded my test data into a variety of AI systems but have gotten the best results from M365 Copilot Researcher and Analyst:

My original script does the extraction and the uploading for you together, but this new script now allows you to do just the extraction and then take that data and use any AI system or prompt you wish.

I have also created a number of additional scripts that extract as well as analyse a variety of other M365 services such as Exchange, SharePoint Entra Id and more. These are available to CIAOPS Patrons.

If you find a great prompt to use with this extracted data, let me know and I’ll share it so everyone can benefit.

Combining PowerShell and AI for M365 Security Analysis

I’ve used AI to create smart Microsoft 365 expert technical agents which I have deployed to Teams for CIAOPS Patrons:

I’ve also created a smart Microsoft 365 expert technical agent that you can use for free via email:

https://blog.ciaops.com/2025/06/11/get-your-m365-questions-answered-via-email-2/

simply by putting your question in the body of an email and sending it to robert.agent@ciaops365.com.

Now, I have integrated AI into my PowerShell scripts! Let me explain what I’ve done.

I’ve created an agent in Azure AI Foundry that is ‘grounded’ with all my M365 knowledge that is in the CIAOPS Patron community. I’ll cover off what I have learned about Azure AI Foundry in another post.

Next, I created a PowerShell script that firstly logs into a tenant to be inspected,

extracts all the security information like Secure Score details, Conditional Access policies and more,

bundles all that up into a single JSON file (about 8MB in size)

and then connects to my Foundry agent and uploads that extracted data for analysis

After analysis it generates and displays an extensive HTML report

which looks like:

and you can find a complete copy of to review at here, because it is too large for this post:

https://github.com/directorcia/Office365/blob/master/Analysis/secure-score-foundry.png

I’ve configured my Foundry agent to use a ‘Model router’, meaning that the agent uses what it things is the best LLM to do the analysis automatically.

The report include Prioritized recommendations:

A visualized Remediation Roadmap:

and whole lot more. I encourage you to take a moment and study the example output for yourself, which is AI generated.

I am now building similar AI analysis scripts for al M365 services like Exchange, SharePoint, etc and plant expand these over time.

Here’s the best part. As part of my testing process I am happy to make this Secure Score AI Analysis script available to a select few who read this and send me an email (director@ciaops.com) asking for a copy. You’ll need to be comfortable with PowerShell and have the MSGraph module already installed to run the script. Even better for the select few that do respond – I’ll give you access to my Azure AI Foundry agent for FREE to do the analysis. There are some conditions you’ll need to agree to, like going on my email list and understanding this is all still a beta test but there will be no cost if you qualify and agree. To start that process just email me (director@ciaops.com) saying you are keen to give it a go and I’ll send along the all the details.

There are just so many ways that I can see how to integrate AI with PowerShell and I’ll be sharing more soon on what I am doing.

Incident Response Plan with M365BP Publication

I’ve just finished off a new publication – Incident Response Plan with Microsoft 365 Business Premium. The details are:

Executive Summary

This playbook provides a comprehensive, step-by-step approach for responding to security incidents in Microsoft 365 Business Premium environments. It follows the NIST incident response lifecycle and integrates Microsoft’s best practices for cloud security. The plan is designed to help organizations minimize damage, protect sensitive data, restore operations quickly, and meet legal and regulatory requirements.

Key Components

Length = Over 90 pages

Quick Start Guide

Emergency Checklist: Immediate actions for newly discovered incidents, with a printable 1–2 page checklist for high-pressure situations.
Decision Tree: Rapid classification of incident severity (Critical, High, Medium, Low) to guide response urgency.

Notable Features

Checklists and Templates: Ready-to-use forms for incident logs, evidence collection, communications, and insurance claims.
Technical Guidance: PowerShell scripts and portal instructions for investigation and remediation.
Compliance Alignment: Guidance for GDPR, HIPAA, CCPA, and other regulatory notifications.
Continuous Improvement: Emphasis on regular drills, lessons learned, and updating the plan after incidents.

Intended Outcomes

Swift, organized response to security incidents.
Minimized business disruption and data loss.
Compliance with legal and regulatory requirements.
Improved cyber resilience through ongoing training and process refinement.

Like my last publication:

Implementing ACSC Essential Eight Maturity Level 3 with Microsoft 365 Business Premium publication

You can get your copy by heading over to my Ko-Fi at:

https://ko-fi.com/ciaops

and leaving me a one time tip for whatever you feel it is worth I’ll then email you a copy. Also ensure you include a message letting me know you want this particular publication

Note – All CIAOPS Patrons receive all my publications for free as part of their subscription. The benefits of membership.

ASD Conditional Access policies comparison script

I have taken the ASD Conditional Access policy recommendations here:

https://blueprint.asd.gov.au/configuration/entra-id/protection/conditional-access/policies/

and created a script here:

https://github.com/directorcia/Office365/blob/master/asd-ca-get.ps1

that will compare your existing Conditional Access configuration to what the ASD recommends and tell you what you should consider changing to bring your policies more in alignment with those from the ASD.

Above, you’ll see one policy evaluation and recommendation outputted to a HTML file for easy reading.

The documentation for the script is here:

https://github.com/directorcia/Office365/wiki/ASD-Conditional-Access-Policy-Evaluation-Script

I look forward to hearing what you experience is using my script.

ASD iOS Compliance policy check script

I’ve taken the iOS Compliance policy settings recommendations from the ASD Blueprint for Secure Cloud and created an online JSON settings file here:

https://github.com/directorcia/bp/blob/main/Intune/Policies/ASD/ios-compliance.json

I’ve then created a PowerShell script here:

https://github.com/directorcia/Office365/blob/master/asd-ioscomp-get.ps1

with documentation here:

https://github.com/directorcia/Office365/wiki/ASD-iOS-Compliance-Policy-Check

that reads the online JSON file (or uses a local version if you want to use that) and compares the recommended ASD settings to those in your own Intune environment. Note, the script makes NO CHANGES to your environment, it simply reads the current settings.

It then produces the console output you see above and a HTML report like this:

You can refer to this page I also created:

https://github.com/directorcia/bp/wiki/iOS-Compliance-Policy-Settings-%E2%80%90-Security-Rationale

as to why these settings are important to the security of your M365 environment.

Look out for more scripts like this coming soon. I welcome any suggestion about improving this.

ASD Windows Compliance policy check script

I’ve taken the Windows Compliance policy settings recommendations from the ASD Blueprint for Secure Cloud and created an online JSON settings file here:

https://github.com/directorcia/bp/blob/main/Intune/Policies/ASD/windows-compliance.json

I’ve then created a PowerShell script here:

https://github.com/directorcia/Office365/blob/master/asd-wincomp-get.ps1

with documentation here:

https://github.com/directorcia/Office365/wiki/Windows-Compliance-Policy-Check

It then produces the console output you see above and a HTML report like this:

You can refer to this page I also created:

https://github.com/directorcia/bp/wiki/indows-Compliance-Policy-Settings-%E2%80%90-Security-Rationale

as to why these settings are important to the security of your M365 environment.

Look out for more scripts like this coming soon. I welcome any suggestion about improving this.