Need4Admin Light

Read-only · In-browser · No tenant data stored by this app

Lightweight web version of Need4Admin powershell script

This is the lightweight web edition of the Need4Admin PowerShell script. It uses a focused set of read-only delegated Microsoft Graph permissions to list active Entra directory roles and enterprise applications with delegated and application API permissions.

For Entra eligible roles, Azure active and eligible roles, assignments via PIM groups, sign-in analytics and more use the PowerShell script version on GitHub. New updated version will come out soon!

Sign in to run reports
Open source & how your data is handled

Need4Admin Light is a 100% open source ASP.NET web application on GitHub that lets you explore your Microsoft data securely through the official Microsoft Graph API.

Authentication is handled entirely by Microsoft via MSAL with PKCE — your credentials never touch the app. All data is fetched live and displayed only in your active browser session.

You can run it hosted or spin it up locally on your own machine — full control, full transparency.

What this build includes

Two focused reports

Entra active roles

UPN, status (enabled/disabled), Cloud/Hybrid, active Entra roles (high‑privileged Entra roles highlighted), search, and total users in the report.

Applications

Application display name, enterprise object ID, app (client) ID, app status (enabled/disabled), delegated and application API permissions.

Entra app registration

Requested delegated API permissions (need admin consent once)

Required role to read report: Global Reader

Microsoft Graph permissions

Application.Read.All
Directory.Read.All
openid
profile
offline_access
RoleAssignmentSchedule.Read.Directory
RoleManagement.Read.Directory
User.Read
User.Read.All

Full version on GitHub

Sign in to run reports