Comments on: How to Report High-Priority Azure AD App Permissions That Hackers Might Exploit

By: Tony Redmond

Tony Redmond — Tue, 30 May 2023 15:31:45 +0000

In reply to Tilo. Thanks. I have updated the script in GitHub.

By: Tilo

Tilo — Mon, 29 May 2023 22:48:21 +0000

great script

I ran this in interactive shell (shell.azure.com) and modified beside the output also.
https://github.com/12Knocksinna/Office365itpros/blob/4c00badd21ea10f1baa36ea0dc4a96eedfd1886c/ReportPermissionsApps.PS1#L133 (should be outputfile2 I think)

also I had app with no AdditionalProperties.createdDateTime so added a check for this:

if ($App.AdditionalProperties.createdDateTime) {
Write-Host “createdDateTime not null.”
[datetime]$AppCreationDate = $App.AdditionalProperties.createdDateTime
}
else{
Write-Host “createdDateTime is null. set to 1970”
[datetime]$AppCreationDate = ‘1970-01-01’
}

cheers

By: Tony Redmond

Tony Redmond — Tue, 18 Apr 2023 21:52:24 +0000

In reply to Abdul Afrad. It's PowerShell, so you can take the output file and slice and dice it in whatever way you want. In this case, you could sort by app to find all the assigned permissions and report that.

By: Abdul Afrad

Abdul Afrad — Tue, 18 Apr 2023 19:13:19 +0000

Hi TonY,
Again great work!!
Is there any I get result like this( one line instead of multiple lines for same App)
DisplayName Permission type permission

Microsoft Graph Delegated Organization.ReadWrite.All, User.ReadWrite ,Directory.ReadWrite.All

ABC Application openid User.Read, Directory.Read.All, Mail.Send Sites.FullControl.All Sites.Read.All

Thank you.