Free Tool: Microsoft Midnight Blizzard Scanner and Report

Find dangerous tenant misconfigurations and excessive app privileges that cyber criminals exploit

On January 12th, Microsoft detected a Midnight Blizzard attack on its internal systems exploiting legacy accounts and misconfigurations. Now is the time to take proactive action, guarding against the possibility of supply chain attacks targeting your tenant.

Protect yourself with CoreView’s App Permissions Scanner+

With our free PowerShell script, identify misconfigurations and elevated app permissions that malicious actors can use to hack your Microsoft tenant.
‍
This script, created by 9-time MVP Vasil Michev and CTO Ivan Fioravanti, generates various reports available in HTML, CSV and Excel:

A full list of apps with access to your tenant.

Two filtered files with privileges targeted by the Midnight Blizzard group to attack Microsoft 365 tenants on Entra or Exchange.

Download script now

Step-by-step instructions

Notes:

To run this script, you must have company admin rights and following modules installed: PowerShell Exchange Online Module, PowerShell Beta Graph Module and PowerShell ImportExcel Module.
There are possible incompatibilities between Graph V1 and Graph V2 modules, we suggest removing V1 and upgrading to V2.

Download script now

1. Download the free script

The script delivery is not packaged so that you can review the script before implementing.

2. Run the scripts

In a PowerShell session, run each script of the following scripts:

EnterpriseAppsPermissions.ps1
ExchangeManagementRoles.ps1

3. Download your reports

Each script outputs various files in HTML, CSV and Excel: a full list of apps with access to your tenant and two filtered files with privileges targeted by the Midnight Blizzard group to attack Microsoft 365 tenants on Entra or Exchange side.

4. Assess potential vulnerabilities

If you need help understanding the report, contact our experts.