
I rebuilt my local M365 SOC Tool from PowerShell to a full Web App Now self-hostable with RBAC, SSO & much more
Hi everyone,
A while back I showed you my local Microsoft 365 SOC tool built in PowerShell. Back then it was limited to a single-user setup https://github.com/Mau2rice0/World-of-M365/tree/main/Security/SOC/M365%20Compromise%20Response%20Console
Well… I’ve been pulling all-nighters and completely rebuilt it from the ground up. It’s no longer PowerShell, it’s now a full JavaScript application and it’s absolutely fire.
You can now self-host it wherever you want:
- On-prem
- Azure
- Any web server with at least 2 cores and 4 GB RAM
I’ll be releasing it in the next few days so you can host and test it yourselves.
What’s new & improved:
- SSO support for additional users → no more manual logins
- Full RBAC permission system
- More RBAC roles coming: Analyst, Responder, Reader, Administrator
- Azure Files Share integration for storing evidence and data
- Significantly better performance
- Security hardening
- Fully automatic setup script that does the entire deployment for you
GCC / GCC-High compatibility is unfortunately not possible yet. I don’t have access to that environment and being based in Germany makes it pretty hard to get one.
If anyone has a GCC tenant they’d be willing to test with, I’d love to collaborate!
I’m planning to sink at least 35 hours into this project again this weekend.
If you have feature requests or ideas for what a proper M365 SOC tool should have, drop them in the comments. You guys know better than anyone what’s actually needed in the field.
Huge thanks to everyone who tested the earlier version:)
Can’t wait to get this into your hands.