Home
Entra Role ReaperFull-stack app to perform access reviews of Entra ID users.
Backend: .NET 9 Minimal API, Microsoft Identity (OBO) + Microsoft Graph Frontend: Vite + React + TypeScript + Tailwind + shadcn/ui components
- Search and select users and groups from Entra ID
- Choose a time period for review
- Backend processing per user:
- Aggregates directory audit logs within the selected window
- Determines which permissions are actually granted today via the user’s current directory roles and surfaces the granting role names
- Flags privileged permissions and includes Entra PIM data: eligible roles and currently active PIM assignments (if API permissions allow)
- Suggests least-privilege roles using a minimal set-cover of required permissions derived from the user’s operations, preferring roles with fewer privileged actions and smaller overall scope
