EntraPass - Passkey Migration Assistant

Before You Start

Three quick steps to connect your tenant. No data leaves your browser at any point.

🔍

What EntraPass does

Reads user profiles, devices, auth methods, and CA policies via Microsoft Graph
Analyses passkey readiness entirely in your browser — no backend involved
Flags toxic combinations, blocking policies, and incompatible apps

🔒

Security & Privacy

Nothing stored on servers — all data lives in browser memory only
Uses a PKCE SPA app registration in your own tenant — no client secrets
Run the cleanup script after scanning to remove the app registration
No external calls beyond Microsoft Graph (AI feature is opt-in)

✅

Prerequisites

A Microsoft Entra ID tenant you are authorised to scan
Application Developer role or higher to create an App Registration
Admin consent for 7 delegated Graph permissions (all read-only)

I understand the above. I am authorised to scan this tenant.

Create the Scanner App Registration

EntraPass needs a PKCE SPA app registration in your tenant. Choose one option:

Option 1: Azure Portal Recommended

Click below to open the App Registration creation blade:

Open Azure Portal →

In the blade configure:
1. Name: entrapass-scanner
2. Accounts: "Only this organizational directory"
3. Redirect URI: SPA → your-portal-url
4. Click Register, then add Microsoft Graph delegated permissions (7 scopes) and grant admin consent

Option 2: Azure Cloud Shell Fastest

Open Azure Cloud Shell (PowerShell)
Run this one-liner:

irm https://raw.githubusercontent.com/arusso-aboutcloud/EntraPass/main/infra/deploy-entrapass.ps1 | iex

Press Enter to accept the default URL (https://entrapass.aboutcloud.io). The script creates the app reg, adds all 7 permissions, grants admin consent, and prints your Client ID and Tenant ID.

Option 3: Manual PowerShell

Connect-MgGraph -Scopes Application.ReadWrite.All
$app = New-MgApplication -DisplayName "entrapass-scanner" -SignInAudience AzureADMyOrg -Spa @{RedirectUris=@("https://entrapass.aboutcloud.io")}

See the installation guide for the full script with all 7 permissions.

Deployed? Come back here and click below.

Configure Your App Registration

Enter the values from the deployment output.

Client ID (Application ID) Tenant ID (Directory ID) Portal URL (redirect URI)

Configuring...

Saving configuration...

Before You Start

What EntraPass does

Security & Privacy

Prerequisites

Create the Scanner App Registration

Option 1: Azure Portal Recommended

Option 2: Azure Cloud Shell Fastest

Option 3: Manual PowerShell

Configure Your App Registration

Configuring...

🔑 EntraPass

Ready to scan your tenant

User Passkey Readiness

App Compatibility

Conditional Access Policy Analysis

AI Assistant