Apr 23 2024 05:50 AM
Hi everyone,
i was using https://github.com/AzureAD/AzureADAssessment for some time now to easy get a good list of all high privileged users and enterprise app.
But it does not work anymore because MS disabled their own enterprise app due to service violations.
Creating an own app seems to be easy with the help of a user here:
This application has been disabled by Microsoft · Issue #89 · AzureAD/AzureADAssessment (github.com)
But i end up with:
Original exception: AADSTS7000218: The request body must contain
the following parameter: 'client_assertion' or 'client_secret'.
I already selected "Allow public client flows" and added the Redirect URI "https://login.microsoftonline.com/common/oauth2/nativeclient"
Can anyone help me out or do i need another tool?
BR
Stephan
Apr 23 2024 10:46 AM
@merillms can you help with this, please? Thank you.
Apr 25 2024 12:53 AM
Solved it:
Create an app reg with "Mobile and desktop applications" redirect uri
Redirect URI https://login.microsoftonline.com/common/oauth2/nativeclient
Allow public client flows to yes.
Use Connect-AADAssessment -Clientid "your app id here" and connect with a user that has appropriate rights
It will add them - then you can use "Invoke-AADAssessmentDataCollection" to get the data.
I had a "Web" Redirect URI - so this did not work. My fault.
Apr 25 2024 01:48 AM
Apr 26 2024 02:00 AM
SolutionApr 26 2024 02:43 AM
Apr 26 2024 02:00 AM
Solution