Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Azure Security Assessments ====== * [[azure:Azure Security Assessments Exploration]] * [[azure:Azure Powerpipe]] * [[azure:azure_resource_graph_explorer|Azure Resource Graph Explorer]] * [[https://github.com/microsoft/ARI]] ====== Methodology ====== To begin an assessment list all resources that are in all subscriptions that are in scope to get a sense of the environment. ====== List All Resources ====== <code powershell> $subs = Get-AzSubscription foreach ($sub in $subs) { Set-AzContext -Subscription $sub.id $resources += Get-AzResource } $resources | convert-to-json | out-file " . \resources.json" -encoding utf8 </code> == List All Resource Types == Output a unique list of resource types <code> jq 'map(.ResourceType) | unique' resources.json </code> <code> jq '. | unique_by(.ResourceType) | .[] | .ResourceType' .\resources.json </code> ====== List Directory Roles ====== <code powershell> $DirectoryRoles = Get-AzureADDirectoryRole ObjectId DisplayName Description -------- ----------- ----------- 02bb6e8b-bb42-4f30-a527-0cfe44d1a902 Reports Reader Can read sign-in and audit reports. ... </code> ====== Get Privileged Roles ====== <code powershell> $PrivilegedRoles = $DirectoryRoles | Where-Object { $_.DisplayName -like "*Administrator*" -or $_.DisplayName -eq "Global Reader" } </code> ====== List Privilege User Accounts ====== <code powershell> $PrivilegedUsers = $PrivilegedRoles | ForEach-Object { Get-MgDirectoryRoleMember -DirectoryRoleId $_.ObjectId } | Select-Object Id -Unique </code> ====== List Global Admins ====== <code powershell> </code> ====== List Azure Role Assignments ====== <code powershell> Get-AzRoleAssignment </code> <code> az role assignment list --role "User Access Administrator" --scope "/providers/Microsoft.Management/managementGroups/<id guid>" </code> ====== Tools ====== * [[https://github.com/microsoft/ARI]], inventory tool azure/azure_security_assessments.txt Last modified: 2025/06/25 18:59by mmuze