# Azure AD

# List all applications

```powershell
az ad app list --output=table --query='[].{Name:displayName,URL:homepage}'
```

# List all service principles

```powershell
az ad sp list --output=table --query='[].{Name:displayName,Enabled:accountEnabled,URL:homepage,Publisher:publisherName,MetadataURL:samlMetadataUrl}'
```

# List all groups

```
az ad group list --output=json --query='[].{Group:displayName,Description:description}'
```

Resource: [https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/](https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/)