microsoft / aad-app-credential-tools Goto Github PK
View Code? Open in Web Editor NEWTooling for application credentials
License: MIT License
Tooling for application credentials
License: MIT License
Hello team. I have Azure Migrate running in some Tenants, in all of them I get "No appliances registered under Migrate project PROJECTNAME details..Aborting..." for the Mitigration-Script, although the assessment script shows one affected App (Azure Migrate). What should I do? I guess it is because of multiple Subscriptions where the Azure Migrate project is in a different Subscription then the default one.
Hi there,
I am working with multiple Azure tenants and trying to run this module. For the tenants without multiple subscriptions, it works great. For the tenant with the multiples it throws an error:
PS C:\WINDOWS\system32> Get-AffectedKeyCredentials -tenantID -ObjectClass application -ScanAll
WARNING: Are you sure you want to run the commandlet for all applications in your tenant? The commandlet may take a
long time to run, and requests for a large number of applications could be throttled.
Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): A
WARNING: This script requires the powershell module 'Az.Accounts' to installed.
WARNING: If this is not installed, you will be asked to install the module.
WARNING: Please refer: https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-6.5.0
Connecting to AAD tenant...
WARNING: TenantId '' contains more than one active subscription. First one will be
selected for further use. To select another subscription, use Set-AzContext.
Connected to
Invoke-RestMethod : The remote server returned an error: (401) Unauthorized.
At C:\Program Files\WindowsPowerShell\Modules\AffectedKeyCredentials\0.2\AffectedKeyCredentials.psm1:139 char:29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Do you know of any issues when working with this scenario?
The script (https://github.com/microsoft/aad-app-credential-tools/blob/main/azure-automation/CVE-2021-42306-AutomationAssessAndMitigate.ps1) used to determine if Automation accounts are vulnerable to CVE-2021-42306 and mitigate the issue appears to be Windows only.
Running it with PowerShell 7.2 and PowerShell Core gives the error below.
./CVE-2021-42306-AutomationAssessAndMitigate.ps1: The script 'CVE-2021-42306-AutomationAssessAndMitigate.ps1' cannot be run because it contained a "#requires" statement for PowerShell editions 'Desktop'. The edition of PowerShell that is required by the script does not match the currently running PowerShell Core edition.
Please can a cross-platform version of the script be provided.
Line 569 reads as follows:
Import-PFXCertificate -CertStoreLocation Cert:\localmachine\My �Exportable -FilePath $newPFXCertLocation
Note that there is an unrecognized character before the Exportable parameter flag.
It should be
Import-PFXCertificate -CertStoreLocation Cert:\localmachine\My -Exportable -FilePath $newPFXCertLocation
(A dash before Exportable)
This was breaking the script code execution and hence halting the rollover process.
When authenticating to an Azure AD tenant with Continuous Access Evaluation enabled, an "InvalidAuthenticationToken" error occurs. This makes it impossible to see the affected apps.
Since I am not a native English speaker, I use a machine translation tool. I apologize if the text is difficult to understand.
For users with multiple AAD-tenants the scripts are very noisy (lots of warnings when trying to iterate over stuff not in the currently authenticated tenant) or do not work properly at all. Adding a parameter to enforce using a specific tenant should mitigate this.
Hi Team,
From this cmdlet example: https://github.com/microsoft/aad-app-credential-tools/blob/main/azuread/azuread-application-credential-assessment-powershell-guide.md#examples
I always get prompted with the 'Sign-in to your account' when I loop through the command for each of my Azure subscriptions.
Is this a bug or am I missing something here to make the code loop through multiple Azure subscriptions without a prompt?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.