Full MI InventorySystem-assigned and User-assigned Managed Identities, ARM path, assignment counts
Risk ClassificationCritical · Elevated · Normal — based on permission sensitivity (ReadWrite.All, RoleManagement, etc.)
Assignment AuditAll existing appRoleAssignments per MI, resource names resolved, timestamps shown
Interactive AssignmentAssign new Graph API or custom resource permissions directly from the browser — no PowerShell required
HTML Report ExportStandalone interactive report with search, filter by risk/type, and per-MI accordion view
Browser-OnlyAll Graph calls made client-side — tenant data never touches any whennotif.io server
How it works
01
OAuth2 Delegated Auth
Choose Audit or Audit+Assign. You authenticate with your Entra ID account — MIRA never sees your credentials. Assign mode additionally requests AppRoleAssignment.ReadWrite.All (requires admin consent).
02
Tenant-wide MI Enumeration
MIRA fetches all Managed Identities via Application.Read.All, then batch-fetches their existing app role assignments and resolves resource service principal details.
03
Interactive Assignment Wizard
In Assign mode, select a MI, choose a resource (Graph, Defender, SharePoint, or custom), pick roles by name with risk indicators, and confirm — MIRA posts the assignment directly to Graph API from your browser.
04
Standalone HTML Report
The audit generates a self-contained HTML file with full search, filter by risk level or MI type, and expandable assignment details — no backend, no data retention.