| name | auditex-operator |
| description | Use when operating this repo as a Codex-led Microsoft 365 audit tool and choosing how to authenticate, collect evidence, and summarize blocked coverage. |
Auditex Operator
Overview
Use Auditex as the stable local product surface, not the older homelab scripts, unless the task is specifically about tenant seeding.
Run order
- Validate the local package with offline mode.
- Generate a provider setup plan with
auditex setup-guide.
- Prefer delegated Azure CLI token reuse for the first Microsoft 365 live pass.
- Run probe before full collection.
- Capture the signed-in context from the run manifest.
- Inspect
summary.json, run-manifest.json, and diagnostics.json.
- Escalate only when blockers justify it.
Commands
Offline:
auditex --offline --tenant-name demo --out outputs/offline
Delegated:
auditex setup-guide m365 --auditor-profile global-reader --collector-preset full --format json
auditex --tenant-name CONTOSO --tenant-id contoso.onmicrosoft.com --use-azure-cli-token --auditor-profile global-reader --out outputs/live
Google:
auditex setup-guide google --collector-preset everything --format json
auditex google probe --collector-preset everything --top 1 --page-size 1
Evidence review
run-manifest.json
audit-log.jsonl
summary.json
diagnostics.json
Treat partial and failed collectors as structured gaps, not silent omissions.