Enterprise apps accessible to any tenant user · Admin-consented delegated permissions · Read-only
Not signed in
Setup
Uses the app registration and permissions (Application.Read.All + DelegatedPermissionGrant.Read.All).
If you have already admin-consented those permissions, click Sign in and scan directly.
Note: Add https://blue16.nl/EntraAppRedTeamRecon.html as a redirect URI (SPA platform) to the app registration before use.
Any authenticated tenant user — including those with no assigned Entra role — can run this scan, demonstrating the exact attack surface it maps.