Azure Entra Security Scanner: new feature upload of script
Not sure if this "PAT" part will be the final solution, or i can make i better But the goal is to have a community to share custom scripts
Community Scripts Guide
In 5 minutes, you'll share a custom scanner with the community, browse scripts others have published, and import one into your own dashboard — no infrastructure setup required.
Community scripts extend the Custom Scripts system by letting you publish your scanners publicly and reuse scripts written by other Azure security practitioners. Every shared script goes through an admin approval process before it appears in the community library.
Quick Start
1. Open Your Tested Script
Navigate to the script detail page for a custom script that has a passing test run (green checkmark ✅). You can only share scripts that have been validated.
2. Generate a GitHub Personal Access Token
Open this pre-filled link to create a PAT (Personal Access Token — a password-like string that grants GitHub API access on your behalf):
👉 Create a PAT with public_repo scope
Check the public_repo box if it isn't already selected, then click Generate token. Copy the token immediately — GitHub only shows it once.
3. Share Your Script
Click "Share to Community" on the script detail page. Paste your PAT when prompted. Your script is uploaded as a GitHub Issue on the japperJ/Phython-script repository and appears as "Pending Review" in your Shared column.
4. Wait for Approval
A repository admin reviews your submission. Once approved, your script becomes visible to everyone in the community library. You'll see the status change from "Pending Review" to "Approved" in your Shared column.
5. Browse and Import
Click "Browse Community" (globe icon 🌐) in the Custom Scripts sidebar to see all approved scripts. Click any card to preview the code, then click "Import" to add it to your local custom scripts.
Sharing a Script
Prerequisites
Before you can share, you need two things:
- A passing test run — your script must show a green checkmark (✅) on the script detail page. If you haven't tested yet, click "Test Run" in the editor and confirm results appear without errors.
- A GitHub account — you need a GitHub Personal Access Token (PAT) with the
public_reposcope, which allows the app to create Issues on your behalf.
How Your PAT Is Stored
Your PAT is stored in your browser's sessionStorage — a temporary storage area that is automatically cleared when you close the browser tab. The token is never sent to our servers; it goes directly from your browser to the GitHub API. If you close and reopen the tab, you'll need to re-enter your PAT.
Creating a PAT
- Visit https://github.com/settings/tokens/new?scopes=public_repo&description=Azure+Entra+Security+Scanner
- Set an expiration (90 days is a reasonable default)
- Confirm the
public_reposcope is checked - Click Generate token
- Copy the token — it starts with
ghp_and GitHub only shows it once
The Sharing Flow
- Open the script detail page for your tested script
- Click "Share to Community"
- Paste your GitHub PAT when prompted
- The app creates a GitHub Issue on the
japperJ/Phython-scriptrepository containing your script name, description, column definitions, and full source code - Your script appears as "Pending Review" in the Shared column of your Custom Scripts list
A repository admin must approve the Issue before the script becomes publicly visible. This review step prevents malicious or broken scripts from entering the community library.
What's next? Once your script is approved, other users can find and import it from the community library. You can check the status any time in your Shared column.
Browsing Community Scripts
Getting There
- Open the Custom Scripts page from the dashboard sidebar
- Click the "Browse Community" button (globe icon 🌐) at the top of the page
What You'll See
The community library shows only admin-approved scripts. Each script card displays:
| Field | What It Shows |
|---|---|
| Script name | The scanner's display name (e.g., "Stale Guest Accounts") |
| Description | A one-line summary of what the script checks |
| Author | The GitHub username of the person who shared it |
| Column badges | Pill-shaped labels showing the data columns the script produces (e.g., UPN, Severity, Last Sign-In) |
Click any card to open a full preview of the script source code. This lets you review the scanning logic before importing.
What's next? Found a script you like? Import it into your local environment — see the next section.
Importing a Script
Steps
- From the community library, click a script card to open the preview
- Review the source code and column definitions
- Click "Import" to add the script to your local Custom Scripts list
What Happens After Import
- The imported script appears in your Custom Scripts list as a draft (status:
draft) - The script is fully independent — changes you make don't affect the community version
- You can modify the name, description, columns, or scan logic to fit your tenant
- Run a Test Run to validate the script works against your Azure environment
- Set the status to active when you're ready to see results in the sidebar
Imported scripts behave exactly like scripts you wrote from scratch. The full Custom Scripts Guide applies — same API, same column types, same testing workflow.
What's next? After importing, test the script against your tenant and tweak it to match your security requirements. If you improve it significantly, consider sharing your version back to the community.
Troubleshooting
"Connect GitHub" prompt keeps appearing
Cause: Your PAT is stored in sessionStorage, which is cleared every time you close the browser tab. If you closed and reopened the tab, the token is gone.
Fix: Re-enter your PAT. Visit the PAT creation link if your previous token expired. If you need a longer-lived session, keep the tab open while working with community features.
Script won't share — "Share to Community" button is disabled
Cause: The script doesn't have a passing test run. You can only share scripts that have been validated with a green checkmark (✅).
Fix: Open the script in the editor, click "Test Run", and confirm results appear without errors. Once the test passes, the share button becomes active.
Can't find my shared script in the community library
Cause: Your script is pending admin approval. Only approved scripts appear in the community library.
Fix: Check the Shared column in your Custom Scripts list — it should show "Pending Review". Wait for a repository admin to approve the submission. There's no action needed on your end.
Import fails with a 403 error
Cause: The script was removed from the approved list. A repository admin may have revoked approval or the original content was modified.
Fix: The script is no longer available for import. Check the community library for an updated version, or contact the script author through their GitHub profile.
Share this post
About JP Admin User
AI and software development enthusiast
Related Posts
Azure Entra security scanner
The new feature for custom script
March 17, 2026
GitHub Copilot CLI brings AI assistance directly to your terminal
March 16, 2026
Github Copilot-cli /chronicle tips
You asked for it and you got the answer, very helpfull information / Tips you are getting, beside the /diff, but it good to be reminded on what you can do better, learning is the key here
March 12, 2026