Az - Permissions for a Pentest

Tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Learn & practice Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

To start a white box hardening review of some Entra ID tenats you need to ask for Global Reader role on each tenant. Moreover, to perform a hardening review of different Azure subscriptions you would need at least the Readerrole over all the subscriptions.

Note that if those roles aren’t enough to access all the info you need, you could also ask the client for roles with the permissions you need. Just try to minimize the amount of not read-only permissions you ask for!

Another option is to ask for Security Reader role instead of Reader if the client complaints to reduce the granted privileges. However, this increases the possibility of the pentester asking for more read roles later as the Reader role grants "*/read" while the Security Reader role grants:

"actions": [
    "Microsoft.Authorization/*/read",
    "Microsoft.Insights/alertRules/read",
    "Microsoft.operationalInsights/workspaces/*/read",
    "Microsoft.Resources/deployments/*/read",
    "Microsoft.Resources/subscriptions/resourceGroups/read",
    "Microsoft.Security/*/read",
    "Microsoft.IoTSecurity/*/read",
    "Microsoft.Support/*/read",
    "Microsoft.Security/iotDefenderSettings/packageDownloads/action",
    "Microsoft.Security/iotDefenderSettings/downloadManagerActivation/action",
    "Microsoft.Security/iotSensors/downloadResetPassword/action",
    "Microsoft.IoTSecurity/defenderSettings/packageDownloads/action",
    "Microsoft.IoTSecurity/defenderSettings/downloadManagerActivation/action",
    "Microsoft.Management/managementGroups/read"
]

Tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Learn & practice Az Hacking: HackTricks Training Azure Red Team Expert (AzRTE)

Support HackTricks

• Check the subscription plans!
• Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
• Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.