SaaS base application solutions are is at Centre stage in the era of cloud-based digitalization. It provide immense capabilities in the space applications and productivity tools, however, it’ll also pose an extreme challenge in terms of increasing our attack surface, increases chances of data breach or identity theft. Hence, a regular auditing of these integrated application in term of usages and access right is must and can save a day for us in case an intruder try to take an advantage unnecessary permission or unused service principles.
Moreover, these tasks are tedious without a specialized tool
like MCAS but can still be done with the help of PowerShell scripts and some
manual efforts.
You can use below mentioned Powershell Cmdlets against your
Azure AD tenant in order to pull out required information.
1. 1. You can pull application dispalyName, objectID
and appID by using command below:
Get-AzureADApplication
| Select DisplayName,ObjectID,AppID
2. 2. You can list appOwner by using application’s
objectID in the command below:
Get-AzureADApplicationOwner
-ObjectId '<Mention Object ID here>’
3. 3. You can find API permission via command below:
$appl =
Get-AzureADApplication -ObjectId ‘<Mention Object ID here>'
$appl.requiredResourceAccess|
ConvertTo-Json -Depth 3
Note :-
The ResourceAppId represent the application ID of the SP of the API e.g. Microsoft Graph and ResourceAccess list the permission assigned to it where Scope is delegated permission and role is the application permission
No comments:
Post a Comment