AetherCred Logo

How to Use AetherCred

A step-by-step guide to deploying and running your Entra security posture assessment.

📦 Download

Get the latest version of AetherCred from our Github:

https://github.com/itsharryshelton/AetherCred.git

Or download from the Releases Page:

https://github.com/itsharryshelton/AetherCred/releases

⚙️ Prerequisites: Install PowerShell Modules

Before you begin, ensure you have the necessary PowerShell modules to interact with Microsoft Graph. Open PowerShell as an administrator and run these commands:

Install-Module Microsoft.Graph -Scope AllUsers -Force
Install-Module Microsoft.Graph.Beta -Scope CurrentUser -Force

These modules are required for the scripts to communicate correctly with your Microsoft Entra ID tenant.

Step 1: Create the Entra Application

We've included a script to automate the creation of the required App Registration in Entra ID. Run this from the project folder. You will need to sign in with an account that has at least the Application Administrator role.

.\AetherCred-CreateApplication.ps1

The script will create the application with the correct API permissions requested. Once finished, it will output the Tenant ID and Application (Client) ID. Copy these two values - you'll need them for the config file.

After the script finishes, continue to Step 2 to grant consent and create the secret.

If you prefer or need to create the application manually, follow these steps in the Microsoft Entra admin center.

  1. Register a new application:
    - Navigate to App registrations and click + New registration.
    - Name: AetherCred
    - Supported account types: Accounts in this organizational directory only.
    - Leave Redirect URI blank and click Register.
  2. Copy Identifiers:
    On the app's Overview page, copy the Application (client) ID and Directory (tenant) ID. Save these for the config file.
  3. Add API Permissions:
    - Go to the API permissions blade and click + Add a permission, then select Microsoft Graph.
    - Select Application permissions. Add and check the box for each of the following:
    • Application.Read.All
    • AuditLog.Read.All
    • Directory.Read.All
    • Domain.Read.All
    • Organization.Read.All
    • Policy.Read.All
    • Reports.Read.All
    • User.Read.All
    • UserAuthenticationMethod.Read.All
    • Group.Read.All
  4. (Optional) Add Branding:
    - Go to the Branding & properties blade.
    - Set the Home page URL to: https://aethercred.co.uk/
    - You can download the logo from this link and upload it.

Once you have manually created the app, continue to Step 2.

Step 2: Grant Consent and Create a Client Secret

This is a manual step that must be completed in the Microsoft Entra admin center. It grants the permissions your new application requested and creates a password for it to use.

  1. Navigate to the Microsoft Entra admin center > App registrations and find the AetherCred application.
  2. Go to the API permissions blade and click the Grant admin consent for [Your Tenant] button. Click "Yes" to confirm. The status for all permissions should turn to green ticks.
  3. Go to the Certificates & secrets blade. Click + New client secret, give it a description (e.g., "AetherCredSecret"), set the expiry, and click "Add".
  4. CRITICAL: Immediately copy the Value of the new secret. It will disappear forever once you leave the page.

📝 Step 3: Update the Configuration File

Now, connect the main script to your new Entra application. Open the AetherCred.config file in a text editor.

Fill in the three values you collected in the previous steps:

AETHERCRED_APP_ID=UPDATEME
AETHERCRED_TENANT_ID=UPDATEME
AETHERCRED_CLIENT_SECRET=UPDATEME

Save and close the file.

🚀 Step 4: Run AetherCred!

Everything is configured! You can now run the main script to start the security analysis.

.\AetherCred-Core.ps1

The script will use the details from the config file to authenticate non-interactively and generate the HTML security report in the same folder.