Comments on: How to Report High-Priority App Permissions That Hackers Might Exploit https://practical365.com/entra-id-apps-review-permissions/ Practical Office 365 News, Tips, and Tutorials Tue, 23 Jan 2024 14:55:05 +0000 hourly 1 https://wordpress.org/?v=6.6.1 By: <div class="apbct-real-user-wrapper"> <div class="apbct-real-user-author-name">Tony Redmond</div> <div class="apbct-real-user-badge" onmouseover=" let popup = document.getElementById('apbct_trp_comment_id_264700'); popup.style.display = 'inline-flex'; "> <div class="apbct-real-user-popup" id="apbct_trp_comment_id_264700"> <div class="apbct-real-user-title"> <p class="apbct-real-user-popup-header">The Real Person!</p> <p class="apbct-real-user-popup-text">Author <b>Tony Redmond</b> acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.</p> </div> </div> </div> </div> https://practical365.com/entra-id-apps-review-permissions/#comment-264700 Tue, 30 May 2023 15:31:45 +0000 https://practical365.com/?p=57144#comment-264700 In reply to Tilo.

Thanks. I have updated the script in GitHub.

]]>
By: Tilo https://practical365.com/entra-id-apps-review-permissions/#comment-264632 Mon, 29 May 2023 22:48:21 +0000 https://practical365.com/?p=57144#comment-264632 great script

I ran this in interactive shell (shell.azure.com) and modified beside the output also.
https://github.com/12Knocksinna/Office365itpros/blob/4c00badd21ea10f1baa36ea0dc4a96eedfd1886c/ReportPermissionsApps.PS1#L133 (should be outputfile2 I think)

also I had app with no AdditionalProperties.createdDateTime so added a check for this:

if ($App.AdditionalProperties.createdDateTime) {
Write-Host “createdDateTime not null.”
[datetime]$AppCreationDate = $App.AdditionalProperties.createdDateTime
}
else{
Write-Host “createdDateTime is null. set to 1970”
[datetime]$AppCreationDate = ‘1970-01-01’
}

cheers

]]>
By: <div class="apbct-real-user-wrapper"> <div class="apbct-real-user-author-name">Tony Redmond</div> <div class="apbct-real-user-badge" onmouseover=" let popup = document.getElementById('apbct_trp_comment_id_259974'); popup.style.display = 'inline-flex'; "> <div class="apbct-real-user-popup" id="apbct_trp_comment_id_259974"> <div class="apbct-real-user-title"> <p class="apbct-real-user-popup-header">The Real Person!</p> <p class="apbct-real-user-popup-text">Author <b>Tony Redmond</b> acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.</p> </div> </div> </div> </div> https://practical365.com/entra-id-apps-review-permissions/#comment-259974 Tue, 18 Apr 2023 21:52:24 +0000 https://practical365.com/?p=57144#comment-259974 In reply to Abdul Afrad.

It’s PowerShell, so you can take the output file and slice and dice it in whatever way you want. In this case, you could sort by app to find all the assigned permissions and report that.

]]>
By: Abdul Afrad https://practical365.com/entra-id-apps-review-permissions/#comment-259963 Tue, 18 Apr 2023 19:13:19 +0000 https://practical365.com/?p=57144#comment-259963 Hi TonY,
Again great work!!
Is there any I get result like this( one line instead of multiple lines for same App)
DisplayName Permission type permission

Microsoft Graph Delegated Organization.ReadWrite.All, User.ReadWrite ,Directory.ReadWrite.All

ABC Application openid User.Read, Directory.Read.All, Mail.Send Sites.FullControl.All Sites.Read.All

Thank you.

]]>