Forum Discussion
Azure AD Assessment Tool from Microsoft not working anymore because of "disabled" enterprise app
Hi everyone,
i was using https://github.com/AzureAD/AzureADAssessment for some time now to easy get a good list of all high privileged users and enterprise app.
But it does not work anymore because MS disabled their own enterprise app due to service violations.
Creating an own app seems to be easy with the help of a user here:
This application has been disabled by Microsoft · Issue #89 · AzureAD/AzureADAssessment (github.com)
But i end up with:
Original exception: AADSTS7000218: The request body must contain
the following parameter: 'client_assertion' or 'client_secret'.
I already selected "Allow public client flows" and added the Redirect URI "https://login.microsoftonline.com/common/oauth2/nativeclient"
Can anyone help me out or do i need another tool?
BR
Stephan
- StephanGee I have updated the instructions with steps to create the custom app.
The assessment is currently in maintenance mode. There is an open source effort that I'm involved in along with Microsoft MVPs that you might be interested in. See https://maester.dev
5 Replies
Solved it:
Create an app reg with "Mobile and desktop applications" redirect uri
Redirect URI https://login.microsoftonline.com/common/oauth2/nativeclient
Allow public client flows to yes.Use Connect-AADAssessment -Clientid "your app id here" and connect with a user that has appropriate rights
It will add them - then you can use "Invoke-AADAssessmentDataCollection" to get the data.
I had a "Web" Redirect URI - so this did not work. My fault.
- Nichole_Peterson
Microsoft
merillms can you help with this, please? Thank you.
- Will this tool be further developed? If yes - it would be nice if also the eligble assignements to admins would show up. 🙂
- merillmsStephanGee I have updated the instructions with steps to create the custom app.
The assessment is currently in maintenance mode. There is an open source effort that I'm involved in along with Microsoft MVPs that you might be interested in. See https://maester.dev
