invictus-ir/Microsoft-Extractor-Suite — reverse-engineered prompt

Build me a PowerShell toolkit for incident responders that can collect evidence from Microsoft 365, Entra ID, and Azure in one place.

I want an investigator to sign in to the right Microsoft services, choose a date range or specific users, then pull the important logs and settings without having to run a bunch of separate scripts. It should collect audit logs, mailbox audit logs, admin audit logs, message traces, sign in logs, Azure activity logs, mailbox rules, transport rules, OAuth app permissions, MFA status, risky users, risky detections, conditional access policies, admin roles, devices, mailbox permissions, licenses, groups, PIM assignments, security alerts, and Secure Score information.

Also add a quick triage command for specific users, plus an option to collect almost everything automatically. Save the results locally in a clean evidence folder with clear names, progress messages, and useful warnings when permissions or licenses are missing.

Please include built in help, examples, and simple docs. Look up current Microsoft docs online if you need to.