azure:qnd:azure_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:qnd:azure_security [2022/10/21 15:13] mguptonazure:qnd:azure_security [2022/11/08 14:41] (current) – [Tools] mgupton
Line 8: Line 8:
  
 ====== Assessments ====== ====== Assessments ======
-  * The minimum ARM roles/permissions needed to do an Azure assessment are //Reader// and //Security Reader//. The //Global Reader// role is needed on Azure AD.+  * The minimum ARM roles/permissions needed to do an Azure security assessment are //Reader// and //Security Reader//. The //Global Reader// role is needed on Azure AD.
  
 In addition, a custom role with the following permission is needed for certain storage account checks. In addition, a custom role with the following permission is needed for certain storage account checks.
Line 25: Line 25:
     "NotDataActions": []     "NotDataActions": []
 } }
 +</code>
 +
 +====== General Checks ======
 +  * Are endpoints hybrid domain joined?
 +
 +====== Getting Inventory ======
 +Get list of all resources in the current subscription.
 +<code powershell>
 +Get-AzResource | select Name,Type,ResourceGroupName,SubscriptionId | Export-Csv resources.csv
 </code> </code>
  
 ====== Tools ====== ====== Tools ======
   * [[https://github.com/turbot/steampipe-mod-azure-compliance]]   * [[https://github.com/turbot/steampipe-mod-azure-compliance]]
 +  * [[https://github.com/AzureAD/AzureADAssessment]]
  
 ====== Best Practices ====== ====== Best Practices ======
  • azure/qnd/azure_security.1666365220.txt.gz
  • Last modified: 2022/10/21 15:13
  • by mgupton