Open GeorgeMansoMSFT opened 2 weeks ago
Hi @GeorgeMansoMSFT , We are looking into this. Will provide update soon.
@GeorgeMansoMSFT We have identified the issue and working to fix it. We would get it released as part of the next cycle as cadence for this month is completed. Meanwhile we would provide you with adhoc steps while we are fixing it.
The Invalid AAD Object Role script here: https://github.com/azsk/AzTS-docs/blob/main/Scripts/RemediationScripts/Remediate-InvalidAADObjectRoleAssignments.ps1
Appears to use a deprecated security assessment:
$mdcUri = "https://management.azure.com/subscriptions/$($subscriptionId)/providers/Microsoft.Security/assessments/00c6d40b-e990-6acf-d4f3-471e747a27c4?api-version=2020-01-01"
Returns a 404:
PS C:\Users\ski\Documents\scripts> $mdcUri = "https://management.azure.com/subscriptions//providers/Microsoft.Security/assessments/00c6d40b-e990-6acf-d4f3-471e747a27c4?api-version=2020-01-01" $method = [Microsoft.PowerShell.Commands.WebRequestMethod]::Get $classicAssignments = [ClassicRoleAssignments]::new() $headers = $classicAssignments.GetAuthHeader() $mdcDeprecated = [MDCDeprecatedAccounts]::new() $response = $mdcDeprecated.GetMDCDeprecatedAccounts([string] $mdcUri, [string] $method, [psobject] $headers) Error occurred while fetching deprecated account role assignments. ErrorMessage [The remote server returned an error: (404) Not Found.]
Listing assessments via:
https://management.azure.com/{scope}/providers/Microsoft.Security/assessments?api-version=2020-01-01
does not show assessment "00c6d40b-e990-6acf-d4f3-471e747a27c4" either.This finally results in the following output when running the script:
`Step 2 of 5: Fetching all the role assignments for subscription [... Error occurred while fetching deprecated account role assignments. ErrorMessage [The remote server returned an error: (404) Not Found.] You cannot call a method on a null-valued expression. At C:\Users\ski\Documents\scripts\Remediate-InvalidAADObjectRoleAssignments.ps1:262 char:13 $mdcDeprecatedAccountResponseAsString = $response.propert ...