search

azsk / AzTS-docs

MIT License
267 stars 82 forks source link

Deprecated Account Remediation Script uses deprecated Security Assessment #456

Open GeorgeMansoMSFT opened 2 weeks ago

GeorgeMansoMSFT commented 2 weeks ago

The Invalid AAD Object Role script here: https://github.com/azsk/AzTS-docs/blob/main/Scripts/RemediationScripts/Remediate-InvalidAADObjectRoleAssignments.ps1

Appears to use a deprecated security assessment:

$mdcUri = "https://management.azure.com/subscriptions/$($subscriptionId)/providers/Microsoft.Security/assessments/00c6d40b-e990-6acf-d4f3-471e747a27c4?api-version=2020-01-01"

Returns a 404:

PS C:\Users\ski\Documents\scripts> $mdcUri = "https://management.azure.com/subscriptions//providers/Microsoft.Security/assessments/00c6d40b-e990-6acf-d4f3-471e747a27c4?api-version=2020-01-01" $method = [Microsoft.PowerShell.Commands.WebRequestMethod]::Get $classicAssignments = [ClassicRoleAssignments]::new() $headers = $classicAssignments.GetAuthHeader() $mdcDeprecated = [MDCDeprecatedAccounts]::new() $response = $mdcDeprecated.GetMDCDeprecatedAccounts([string] $mdcUri, [string] $method, [psobject] $headers) Error occurred while fetching deprecated account role assignments. ErrorMessage [The remote server returned an error: (404) Not Found.]

Listing assessments via:

https://management.azure.com/{scope}/providers/Microsoft.Security/assessments?api-version=2020-01-01 does not show assessment "00c6d40b-e990-6acf-d4f3-471e747a27c4" either.

This finally results in the following output when running the script:

`Step 2 of 5: Fetching all the role assignments for subscription [... Error occurred while fetching deprecated account role assignments. ErrorMessage [The remote server returned an error: (404) Not Found.] You cannot call a method on a null-valued expression. At C:\Users\ski\Documents\scripts\Remediate-InvalidAADObjectRoleAssignments.ps1:262 char:13 $mdcDeprecatedAccountResponseAsString = $response.propert ...


     CategoryInfo          : InvalidOperation: (:) [], RuntimeException
     FullyQualifiedErrorId : InvokeMethodOnNull`
Aboli-msft commented 2 weeks ago

Hi @GeorgeMansoMSFT , We are looking into this. Will provide update soon.

vaishnavipulluri commented 6 days ago

@GeorgeMansoMSFT We have identified the issue and working to fix it. We would get it released as part of the next cycle as cadence for this month is completed. Meanwhile we would provide you with adhoc steps while we are fixing it.