Azure AppHunter is an open-source PowerShell tool designed for security professionals to analyze and identify excessive or risky permissions assigned to Azure Service Principals. It enables users to enumerate dangerous Microsoft Graph permissions, detect privileged role assignments, and uncover potential escalation paths in Azure environments with minimal dependencies. The tool supports integration into automation and red teaming workflows, making it valuable for cloud security assessments.

The blog explores the use of various APIs, specifically the Graph API, Azure Monitor API, and Defender ATP API, for enhancing security operations and automating threat detection. It provides insights into the available data, permissions required, limitations, and includes ready-to-use PowerShell scripts for executing KQL queries across these APIs. A focus is placed on best practices for querying and the advantages of using the Graph API for comprehensive data access.

A PowerShell-based GUI tool enables efficient management and offboarding of devices from Microsoft Intune, Autopilot, and Entra ID. It features bulk operations, secure authentication methods, and a real-time dashboard for monitoring device statistics and distribution. The tool requires PowerShell 7 and Microsoft Graph API permissions for full functionality.