Entra Security Scanner for App Registrations

Check your environment for dangerous apps cyberattacks target.
Entra ID graphic
What’s in it for me?

Identify elevated custom app permissions that lead to non-compliance and security gaps.

App registrations in Microsoft 365 can jeopardize your tenant

After the Midnight Blizzard cyberattack on Microsoft in January 2024, it was discovered that custom apps pose a critical security risk. These in-house apps request broad privileges, undergo fewer controls, and were approved through a less rigorous process.

Entra Security Scanner for App Registrations

Secure Microsoft 365—from the inside out

With your free tool, identify elevated custom app permissions that lead to non-compliance and security gaps cyberattacks target.

The tool, created by 9-time MVP Vasil Michev and CTO Ivan Fioravanti, generates:

Comprehensive Permissions Audits: Understand the scope of permissions granted to each in-house developed app, identifying any that may be unnecessarily broad or risky.
Credentials Management Analysis: Evaluate how your internal apps manage credentials, highlighting any that may be expired or non-compliant.
Actionable, Tailored Recommendations: Get advice for mitigating the identified risks, tightening your security posture, and ensure your internal apps adhere to best practices for security and compliance.

How does the Entra Security Scanner for App Registrations work?

This tool uses a PowerShell script, AppRegistrationScanner.ps1, to scan all Entra Apps in your tenant. It can identify various apps, including those you've developed, PowerApps, and third-party applications.

How to use

You can customize the script with two options:

  • SkipExcelOutput: Outputs results as CSV and HTML
  • ExcessiveIntervalInDays: Set to 180 days by default, this filters for apps with long periods of inactivity or those with extended validities

Scoring system

Each app starts with a 10-point score. Points are deducted for issues detected:

  • Critical issues (Minus 2 points each):
  • Apps lacking an assigned owner
  • Apps granted risky permissions
  • Apps using insecure or development stage URIs (e.g., local host, http://)
  • Medium issues (Minus 1 point):

View the grading system table here.

This system helps you quickly identify and address potential security risks within your apps.