Microsoft 365

The building-phishing-reporting-button-workflow skill helps you design a phishing report button workflow that preserves the original email, extracts IOCs, classifies reports, and routes triage and feedback for Microsoft 365 or similar email security setups.

detecting-oauth-token-theft helps investigate OAuth token theft, replay, and session hijacking in Microsoft Entra ID and M365. Use this detecting-oauth-token-theft skill for Security Audit, incident response, and hardening reviews. It focuses on sign-in anomalies, suspicious scopes, new devices, and containment steps.

analyzing-outlook-pst-for-email-forensics is a digital forensics skill for examining Outlook PST and OST files for message content, headers, attachments, deleted items, timestamps, and metadata. It supports email evidence review, timeline reconstruction, and defensible investigation workflows for incident response and legal cases.

configuring-windows-defender-advanced-settings skill for Microsoft Defender for Endpoint hardening. Covers ASR rules, controlled folder access, network protection, exploit protection, deployment planning, and audit-first rollout guidance for security engineers, IT admins, and Security Audit workflows.