Lightweight, read-only web app for Microsoft Entra ID (Azure AD). Sign in with a work account, then generate in-browser reports: privileged users (Entra directory roles, Cloud/Hybrid, status) and enterprise applications (delegated and application API permissions, status, sensitive permission highlighting).
This repository is the webbased version build on ASP.NET Core of Need4Admin PowerShell script.
-
UPN, status (enabled/disabled), account type (Cloud / Hybrid)
-
Active Entra directory roles; high-privileged roles highlighted
-
Search, sortable columns, print-friendly layout
-
Application name, enterprise object ID, app (client) ID
-
Status (enabled/disabled) for the enterprise app (service principal)
-
Delegated permissions and application (app-only) permissions
-
High-impact API permissions highlighted for review
- Read-only Graph calls; reports run in the user’s session
- Host your own instance if you do not want a third party running the app
- Runtime: .NET 9 (ASP.NET Core, Razor Pages)
- Auth: MSAL.js in the browser
- Data: Microsoft Graph (delegated token from signed-in user)
- Host with .NET 9 SDK for local dev/prod.
- Entra ID rights to register an application and grant admin consent for Graph permissions
- Operators running reports typically need Global Reader (or equivalent read access in your tenant)
See quick start guide: TUTORIAL.md.
Issues and pull requests are welcome.