| Connect-PASession |
Establishes Graph and Azure connections and returns a PA.Session object |
| Export-PAReport |
Exports findings to CSV, JSON, and/or HTML report files |
| Find-PAGroupConsolidation |
Identifies opportunities to consolidate individual role assignments into groups |
| Find-PALeastPrivilegeGap |
Identifies over-privileged access by comparing granted vs used permissions |
| Find-PAUnusedAssignment |
Identifies unused role assignments based on activity analysis |
| Get-PAActivitySignal |
Collects activity signals per principal from Log Analytics or Graph API |
| Get-PAAppPermission |
Collects application permissions and delegated permission grants from a tenant |
| Get-PAAzureRbacAssignment |
Collects Azure RBAC role assignments across in-scope subscriptions |
| Get-PAEntraRoleAssignment |
Collects Entra ID directory role assignments from a tenant |
| Get-PAPimEligibility |
Collects PIM eligible assignments from Entra ID and Azure RBAC |
| Invoke-PAPermissionAudit |
Runs a complete permission audit pipeline |
| New-PARemediationScript |
Generates runnable remediation scripts from analysis findings |
| Test-PAFindingAccuracy |
Re-validates findings against current tenant state |