Test-MtHighRiskAppPermissions

SYNOPSIS

Check if any applications or service principals have high risk Graph permissions that can lead to direct or indirect paths to Global Admin and full tenant takeover. The permissions are based on the research published at https://github.com/emiliensocchi/azure-tiering/tree/main.

SYNTAX

Test-MtHighRiskAppPermissions [[-AttackPath] <String>] [-ProgressAction <ActionPreference>]
 [<CommonParameters>]

DESCRIPTION

Applications that use Graph API permissions with a risk of having a direct or indirect path to Global Admin and full tenant takeover.

EXAMPLES

EXAMPLE 1

Test-MtHighRiskAppPermissions

Returns true if no application has Tier-0 graph permissions

PARAMETERS

-AttackPath

Check for direct path to Global Admin or indirect path through a combination of permissions. Default is "All".

Type: String
Parameter Sets: (All)
Aliases:

Required: False
Position: 1
Default value: All
Accept pipeline input: False
Accept wildcard characters: False

-ProgressAction

Type: ActionPreference
Parameter Sets: (All)
Aliases: proga

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Test-MtHighRiskAppPermissions

SYNOPSIS

SYNTAX

DESCRIPTION

EXAMPLES

EXAMPLE 1

PARAMETERS

-AttackPath

-ProgressAction

CommonParameters

INPUTS

OUTPUTS

System.Boolean

NOTES

SYNOPSIS​

SYNTAX​

DESCRIPTION​

EXAMPLES​

EXAMPLE 1​

PARAMETERS​

-AttackPath​

-ProgressAction​

CommonParameters​

INPUTS​

OUTPUTS​

System.Boolean​

NOTES​

RELATED LINKS​

SYNOPSIS

SYNTAX

DESCRIPTION

EXAMPLES

EXAMPLE 1

PARAMETERS

-AttackPath

-ProgressAction

CommonParameters

INPUTS

OUTPUTS

System.Boolean

NOTES

RELATED LINKS