cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Azure AD Assessment Tool from Microsoft not working anymore because of "disabled" enterprise app

StephanGee
Steel Contributor

‎Apr 23 2024 05:50 AM

‎Apr 23 2024 05:50 AM

Azure AD Assessment Tool from Microsoft not working anymore because of "disabled" enterprise app

Hi everyone,

 

i was using https://github.com/AzureAD/AzureADAssessment for some time now to easy get a good list of all high privileged users and enterprise app.

But it does not work anymore because MS disabled their own enterprise app due to service violations.

 

Creating an own app seems to be easy with the help of a user here:
This application has been disabled by Microsoft · Issue #89 · AzureAD/AzureADAssessment (github.com)

But i end up with:

Original exception: AADSTS7000218: The request body must contain
the following parameter: 'client_assertion' or 'client_secret'.

 

I already selected "Allow public client flows" and added the Redirect URI "https://login.microsoftonline.com/common/oauth2/nativeclient"

 

Can anyone help me out or do i need another tool?

 

BR

Stephan

231 Views
0 Likes
5 Replies
Reply
5 Replies
Nichole_Peterson

‎Apr 23 2024 10:46 AM

‎Apr 23 2024 10:46 AM

Re: Azure AD Assessment Tool from Microsoft not working anymore because of "disabled" ente

@merillms can you help with this, please?  Thank you.

1 Like
Reply
StephanGee

‎Apr 25 2024 12:53 AM

‎Apr 25 2024 12:53 AM

Re: Azure AD Assessment Tool from Microsoft not working anymore because of "disabled" ente

@StephanGee  @Nichole_Peterson 

Solved it:
Create an app reg with "Mobile and desktop applications" redirect uri
Redirect URI https://login.microsoftonline.com/common/oauth2/nativeclient
Allow public client flows to yes.

 

Use Connect-AADAssessment -Clientid "your app id here" and connect with a user that has appropriate rights

It will add them - then you can use "Invoke-AADAssessmentDataCollection" to get the data.

 

I had a "Web" Redirect URI - so this did not work. My fault.

0 Likes
Reply
StephanGee

‎Apr 25 2024 01:48 AM

‎Apr 25 2024 01:48 AM

Re: Azure AD Assessment Tool from Microsoft not working anymore because of "disabled" ente

Will this tool be further developed? If yes - it would be nice if also the eligble assignements to admins would show up. :)
0 Likes
Reply
best response confirmed by StephanGee (Steel Contributor)
merillms

‎Apr 26 2024 02:00 AM

‎Apr 26 2024 02:00 AM

Solution

Re: Azure AD Assessment Tool from Microsoft not working anymore because of "disabled" ente

@StephanGee I have updated the instructions with steps to create the custom app.

The assessment is currently in maintenance mode. There is an open source effort that I'm involved in along with Microsoft MVPs that you might be interested in. See https://maester.dev
0 Likes
Reply
StephanGee

‎Apr 26 2024 02:43 AM

‎Apr 26 2024 02:43 AM

Re: Azure AD Assessment Tool from Microsoft not working anymore because of "disabled" ente

Thanks a lot. We are already have a look into this.
And also thanks for all the great work with the tools, the newsletter, etc. Every time i got through all the interesting stuff, there is a new letter with other hints for better Entra
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by StephanGee (Steel Contributor)
merillms

‎Apr 26 2024 02:00 AM

‎Apr 26 2024 02:00 AM

Solution

Re: Azure AD Assessment Tool from Microsoft not working anymore because of "disabled" ente

@StephanGee I have updated the instructions with steps to create the custom app.

The assessment is currently in maintenance mode. There is an open source effort that I'm involved in along with Microsoft MVPs that you might be interested in. See https://maester.dev

View solution in original post

0 Likes
Reply