====== Azure Security Assessments ======
  * [[azure:Azure Security Assessments Exploration]]
  * [[azure:Azure Powerpipe]]
  * [[azure:azure_resource_graph_explorer|Azure Resource Graph Explorer]]
  * [[https://github.com/microsoft/ARI]]

====== Methodology ======
To begin an assessment list all resources that are in all subscriptions that are in scope to get a sense of the environment.


====== List All Resources ======

<code powershell>
$subs = Get-AzSubscription

foreach ($sub in $subs) {
  Set-AzContext -Subscription $sub.id
  $resources += Get-AzResource
}

$resources | convert-to-json | out-file " . \resources.json" -encoding utf8
</code>

== List All Resource Types ==
Output a unique list of resource types
<code>
jq 'map(.ResourceType) | unique' resources.json
</code>

<code>
jq '. | unique_by(.ResourceType) | .[] | .ResourceType' .\resources.json
</code>

====== List Directory Roles ======

<code powershell>
$DirectoryRoles = Get-AzureADDirectoryRole

ObjectId                             DisplayName                                Description
--------                             -----------                                -----------
02bb6e8b-bb42-4f30-a527-0cfe44d1a902 Reports Reader                             Can read sign-in and audit reports.
...
</code>

====== Get Privileged Roles ======

<code powershell>
$PrivilegedRoles = $DirectoryRoles | Where-Object {
 $_.DisplayName -like "*Administrator*" -or $_.DisplayName -eq "Global 
Reader"
}

</code>

====== List Privilege User Accounts ======
<code powershell>
$PrivilegedUsers = $PrivilegedRoles | ForEach-Object { Get-MgDirectoryRoleMember -DirectoryRoleId $_.ObjectId } | Select-Object Id -Unique
</code>


====== List Global Admins ======
<code powershell>

</code>

====== List Azure Role Assignments ======
<code powershell>
Get-AzRoleAssignment
</code>

<code>
 az role assignment list --role "User Access Administrator" --scope "/providers/Microsoft.Management/managementGroups/<id guid>"
</code>
====== Tools ======
  * [[https://github.com/microsoft/ARI]], inventory tool