Entra ID Master Key (EIDMK)

EIDMK allows you to bypass Azure and Microsoft Entra ID portal UI restrictions by tricking your client (web browser) to send (legit and allowed by Microsoft) requests to Microsoft endpoints and thus receiving information that, usually, you would not be allowed to access through UI - but you are 100% allowed by Microsoft to access through CLI, Graph API, PowerShell or any other application/method - which is the case of this extension. Meaning that in fact this is not a bypass, but just another way to retrieve data that you ALREADY have access to. Keep in mind that you do not gain any new permissions by using this extension. Your user keeps exactly same roles, privileges and permissions - as documented here: https://learn.microsoft.com/en-us/entra/fundamentals/users-default-permissions

If you are responsible for managing an Entra ID tentant remember that "Using the Restrict access to Microsoft Entra administration portal switch is NOT a security measure."(https://learn.microsoft.com/en-us/entra/fundamentals/users-default-permissions#restrict-member-users-default-permissions).

It works similar to AzureHound by BloodHoundAD, except you don't need to use a terminal for this and can run it directly on your Google Chrome.

In fact, even Microsoft official documentation states that the UI restriction does not restrict anyone, who has access to a tenant, from retrieving the information from Entra ID - find out more on this article, which was written after reporting to Microsoft a strange UI behaviour on Azure portal: https://www.linkedin.com/pulse/microsoft-azure-active-directory-authorization-bypass-vlad-yultyyev/.

This extension may be handy if you are a security professional who needs a quick solution to analyze Microsoft Entra ID tenant.

You need to be a user of particular tenant to view the content of that tenant.