Authenticated Enumeration
Microsoft Graph Module
Connect to MS Graph
Login pop-up
Use token
Get a Token
Users
Enumerate all users
Enumerate specific user
Search for users who contain the word "admin" in their Display name:
All users who are synced from on-prem:
Objects owned by a specific user:
If a normal user owns a object with a sensitive role such as "Global Administrator', the normal user is indirectly a GA as well!
Groups
Get goups and roles where specified user is a member of
Roles
Get all available role templates
Get users who have a specific role such as Global Administrator:
Devices
List owners of all the devices
List devices registered by a user
List devices managed using Intune
Applications (Registered Applications)
Get all applications objects registered with the current tenant
The Get-MgApplication
will show all the applications details including password but password value is not shown. List all the apps with an application password
Service Principals (Enterprise Applications)
Get All Service Principals:
Az PowerShell
A module from Microsoft for managing Azure resources.
Connect to Entra ID first:
Using credentials from Command Line
Or:
Or use a token:
General context
Get information about the current context:
List all available contexts
Enumerate all resources visible to the current user:
Enumerate all Azure RBAC role assignments
VMs
Get all VMs that our context can READ:
App Registrations
Storage Accounts
Key Vaults
Azure CLI
A set of commands used to create and manage Azure resources. Can be installed on multiple platforms and can be used with multiple clouds.
The default output format is JSON
Login using creds:
Get users
Last updated