Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure AD v2.0 - administration and visibility

Iron Contributor

Hi,

I may be missing something here but as a Global Admin for Office 365 I have full visibility of the v1.0 applications, meaning I can see them and I can see the permissions that have been assigned for the application. 

However, for the v2.0 endpoints I have no visibility of their permissions. As an admin I think this potentially dangerous.

Is there any way to have visibility of the permissions for v2 applications?

5 Replies

Hello Terry,

 

Which portal you are using to add v2.0 enabled applications ? 

Is it https://apps.dev.microsoft.com ..?

 

Regards,

Rishabh

Hi,

 

I'm not registering v2.0 applications, as an administrator I'm interested in seeing who is registering applications and the permissions they're requesting.

 

If I were to register a v2 application, I'd be following the documentation @ https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-app-registration which states the registration URL as https://apps.dev.microsoft.com/

 

regards

Terry

This question has been answered here: https://stackoverflow.com/questions/42244325/retrieve-application-permissions-of-a-service-principal...

 

Not the most user friendly way though, maybe someone else has a better solution :)

Hello Terry,

 

My bad for not getting the question from the previous query.

I tried checking more details and here is what I found :- 

When the application is added from the "https://apps.dev.microsoft.com/portal/" portal, the application object is not created, whereas once the application is consented by either user or admin it starts getting listed in enterprise application as serviceprincipal.

 

Now in order to check the permission for any of the service principal you can run the below mentioned command on azure ad powershell. 

 

Untitled.png

 

 

 

 

Regards,

Rishabh

Thanks, I'll take a look at that.