Overview
Bypass Microsoft Entra ID (prev. Azure Active Directory) restrictions and do everything you are allowed to do on CLI but on the UI.
EIDMK allows you to bypass Azure and Microsoft Entra ID portal UI restrictions by tricking your client (web browser) to send (legit and allowed by Microsoft) requests to Microsoft endpoints and thus receiving information that, usually, you would not be allowed to access through UI - but you are 100% allowed by Microsoft to access through CLI, Graph API, PowerShell or any other application/method - which is the case of this extension. Meaning that in fact this is not a bypass, but just another way to retrieve data that you ALREADY have access to. Keep in mind that you do not gain any new permissions by using this extension. Your user keeps exactly same roles, privileges and permissions - as documented here: https://learn.microsoft.com/en-us/entra/fundamentals/users-default-permissions If you are responsible for managing an Entra ID tentant remember that "Using the Restrict access to Microsoft Entra administration portal switch is NOT a security measure."(https://learn.microsoft.com/en-us/entra/fundamentals/users-default-permissions#restrict-member-users-default-permissions). It works similar to AzureHound by BloodHoundAD, except you don't need to use a terminal for this and can run it directly on your Google Chrome. In fact, even Microsoft official documentation states that the UI restriction does not restrict anyone, who has access to a tenant, from retrieving the information from Entra ID - find out more on this article, which was written after reporting to Microsoft a strange UI behaviour on Azure portal: https://www.linkedin.com/pulse/microsoft-azure-active-directory-authorization-bypass-vlad-yultyyev/. This extension may be handy if you are a security professional who needs a quick solution to analyze Microsoft Entra ID tenant. You need to be a user of particular tenant to view the content of that tenant. What can you expect to access using this extension? - Exactly same features/information that you can access through Graph API, CLI or PowerShell - List all groups that exist on the tenant - List all users and retrieve their information - List Application Registrations (names, URI, exposed APIs, roles, secret IDs, etc) - List Enterprise applications - List devices (names, operating system version, etc) - Create new tenants (an active Azure subscription is required for this action. Depending on your organization settings, only Azure AD B2C tenants may be allowed)
0 out of 5No ratings
Google doesn't verify reviews. Learn more about results and reviews.
Details
- Version1.0
- UpdatedJanuary 24, 2024
- Size45.19KiB
- LanguagesEnglish
- DeveloperWebsite
Email
contact@harckade.com - Non-traderThis developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.
Privacy
This developer declares that your data is
- Not being sold to third parties, outside of the approved use cases
- Not being used or transferred for purposes that are unrelated to the item's core functionality
- Not being used or transferred to determine creditworthiness or for lending purposes
Support
For help with questions, suggestions, or problems, please open this page on your desktop browser