Skip to content

[Feature ] Group Microsoft 365 #1452

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

[Feature ] Group Microsoft 365 #1452

wants to merge 11 commits into from
+2,516 −13

Conversation

@basile-roux-bib
Copy link

@basile-roux-bib basile-roux-bib commented May 14, 2025
edited
Loading

Description

This PR adds a new node type called AZGroup365 that represents Microsoft 365 Groups.
A new relationship kind, AZGroup365MemberOf, was also created, but it ultimately appears as the usual MemberOf edge in the graph, as there is no behavioral difference between being a member of a security group or a Microsoft 365 group (note that a Microsoft 365 group can also be a security group).

In the UI, a Group365 is represented with the group icon and the color of a user.

A group that is both a security group and a Microsoft 365 group will appear as a Microsoft 365 group in the UI.

The new node type has been added to the data quality features, which required some changes to the database schema. As a result, a new migration called v7.4.0.sql has been created.

Motivation and Context

Resolves #1359

See the issue for more details about the motivation and implementation.

How Has This Been Tested?

Most of the code was already implemented for security groups and was simply replicated with minimal to no changes. Therefore, it is unlikely that anything was broken by these changes.

It requires changes to Azurehound code due to the addition of two kinds; the pull request for azurehound is also available here

AZGroup365 has been added to existing integration tests, and some new tests were implemented — all of which passed.

Additionally, the final implementation was tested on a complete dataset (~10–15 GB of data), including users, groups, and AZGroup365, without revealing any issues. Pathfinding, queries, and ingestion are working correctly.

Screenshots (optional):

Types of Changes

  • New feature (non-breaking change which adds functionality)
  • Database migration

Checklist:

@basile-roux-bib
Added Microsoft Office 365 groups to bloodhound
ccfb06b
@basile-roux-bib
Added O365GroupMemberOf relationship
8b7f590
@basile-roux-bib
Added integration tests for Microsoft 365 groups
e2d86c2
@basile-roux-bib
Fixed the unwanted behavior of some Microsoft 365 groups being render…
6988c12 
…ed as normal AZGroups
@basile-roux-bib
Added visibility attribute to office 365 groups + small changes to da…
30cf8d3 
…tabase & AZGroup365 edge description
@basile-roux-bib
Changed Microsoft membership edge name,description,abuse... Added bac…
c79182b 
…k every AZGroup properties to Microsoft 365 groups.
@basile-roux-bib
Code cleaning
9ca1613
@basile-roux-bib
rollback wrongly commited local changes
21c8402
@basile-roux-bib
Removed AZM365MemberOf edge (replaced by AZGroupMember since it is th…
e46c9ca 
…e same) + added Owners for Microsoft 365 groups + some clean up
@basile-roux-bib
code CleanUp
51be54b
@basile-roux-bib
Updated doc with the new feature
dbd7857
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature: Add Microsoft 365 groups to Bloodhound/AzureHound

1 participant

@basile-roux-bib