OID-See is a security analysis tool for Microsoft Entra ID (Azure Active Directory) that maps OAuth application consent, permissions, service principal assignments, and trust signals into a queryable graph — giving defenders a BloodHound-style view of OAuth sprawl and impersonation risk.
What it does
- Maps all third-party OAuth apps and enterprise service principals in your tenant
- Scores each app across multiple risk dimensions: consent grants, assigned roles, ownership, scope abuse potential, and deception signals
- Visualises app-to-user and app-to-resource relationships as a graph
- Surfaces paths that could be leveraged for impersonation or privilege escalation
Why it matters
Legacy CA and CASB tooling sees OAuth tokens, not OAuth relationships. OID-See provides the contextual graph layer that tells you which apps have which trust, so you can prioritise remediation and build evidence-based policies.
Read more
- Announcing OID-See — original research post
- OID-See v1.0.1 release — scoring improvements and sharper accuracy