Azure AD

• List all applications
• List all service principles
• List all groups

List all applications

az ad app list --output=table --query='[].{Name:displayName,URL:homepage}'

 

List all service principles

az ad sp list --output=table --query='[].{Name:displayName,Enabled:accountEnabled,URL:homepage,Publisher:publisherName,MetadataURL:samlMetadataUrl}'

 

List all groups

az ad group list --output=json --query='[].{Group:displayName,Description:description}'

Resource: https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/