azure:azure_security_assessments

This is an old revision of the document!

Azure Security Assessments

List All Resources

$subs = Get-AzSubscription
 
foreach ($sub in $subs) {
  Set-AzContext -Subscription $sub.id
  $resources += Get-AzResource
}
 
$resources | convert-to-json | out-file " . \resources.json"
List All Resource Types
jq.exe 'map(.Type) | unique' resources.json

List Directory Roles

$DirectoryRoles = Get-AzureADDirectoryRole
 
ObjectId                             DisplayName                                Description
--------                             -----------                                -----------
02bb6e8b-bb42-4f30-a527-0cfe44d1a902 Reports Reader                             Can read sign-in and audit reports.
...

Get Privileged Roles

$PrivilegedRoles = $DirectoryRoles | Where-Object {
 $_.DisplayName -like "*Administrator*" -or $_.DisplayName -eq "Global 
Reader"
}

List Privilege User Accounts

$PrivilegedUsers = $PrivilegedRoles | ForEach-Object { Get-MgDirectoryRoleMember -DirectoryRoleId $_.ObjectId } | Select-Object Id -Unique

List Global Admins

 

List Azure Role Assignments

Get-AzRoleAssignment

Tools

  • azure/azure_security_assessments.1746718063.txt.gz
  • Last modified: 2025/05/08 15:27
  • by mmuze