AI-Assisted Security Script Development
Objective
Use AI to write a PowerShell script that generates a stale account report from Entra ID, then critically review the AI output for security issues, errors, and production readiness before deployment.
Required: Access to Claude. PowerShell environment with Microsoft Graph PowerShell SDK installed (or test in a lab).
Step 1: Generate the script
Role: You are a security automation engineer writing production
PowerShell scripts.
Context: I need a script that connects to Microsoft Entra ID via
the Microsoft Graph PowerShell SDK and generates a report of
user accounts with no sign-in activity in the past 90 days.
Task: Write a PowerShell script that:
1. Connects to Microsoft Graph with appropriate scopes
2. Queries all user accounts with their last sign-in date
3. Filters to accounts with no sign-in in 90+ days
4. Excludes service accounts (UPN matching svc-* or app-*)
5. Excludes break-glass accounts
6. Outputs a CSV report with: UPN, DisplayName, Department,
LastSignIn, DaysSinceLastSignIn, AccountEnabled
7. Includes error handling and logging
Constraints:
- Use Microsoft.Graph PowerShell module (not AzureAD module)
- Minimal permissions (User.Read.All, AuditLog.Read.All)
- No hardcoded credentials
- Production-quality error handling
Step 2: Review the AI-generated script
Before running anything, review the script critically:
Security review checklist:
- Does it request minimum necessary Graph permissions?
- Does it handle authentication securely (no hardcoded secrets)?
- Does it handle errors gracefully (try/catch, meaningful messages)?
- Does it validate inputs before using them?
- Could it accidentally modify anything? (Should be read-only)
Functionality review:
- Is the Graph API endpoint correct for last sign-in data?
- Does the 90-day filter calculate correctly?
- Are service accounts and break-glass accounts properly excluded?
- Is the CSV output formatted correctly?
Ask the AI to review its own work:
Role: You are a security code reviewer.
Context: [Paste the script from Step 1]
Task: Review this script for:
1. Security vulnerabilities
2. Logic errors
3. Edge cases not handled
4. Production readiness gaps
5. Microsoft Graph API accuracy
Step 3: Test and refine
If you have a lab environment, run the script. If not, dry-run the logic:
- Does
Connect-MgGraphauthenticate successfully? - Does the API call return user data with sign-in dates?
- Does the filter correctly identify stale accounts?
- Is the CSV output well-formed?
For any issues found, prompt the AI with the specific error message and ask for a fix. Track how many iterations are needed to reach a working script.
Step 4: Document the development process
Record:
| Metric | Value |
|---|---|
| Time for AI to generate first draft | |
| Issues found in security review | |
| Issues found in functionality review | |
| Iterations to working script | |
| Estimated time without AI assistance | |
| Actual time with AI assistance |
This data supports the ROI case for AI-assisted development (Module 8).
Verification checklist
- Script generated with AI assistance
- Security review completed — no hardcoded credentials, minimal permissions
- Functionality review completed — correct API, proper filtering
- AI self-review requested and evaluated
- Script tested (or dry-run reviewed)
- Development process metrics documented