Azure Requirements

Pentest Requirements

Users and roles: * Global Reader and Security Reader roles in Azure AD * Reader permission over the subscription

Subscriptions: * Azure Dev/Test subscription. * Visual Studio subscription determines the monthly Azure credits you receive * Visual Studio Enterprise: $150/month * MSDN Platforms: $100 * Visual Studio Professional: $50 * Visual Studio Test Professional: $50

Powershell and Native Modules

• Microsoft Graph: Install-Module Microsoft.Graph -Scope CurrentUser
• Azure AD: Install-Module AzureAD
• Azure AD Preview: Install-Module AzureADPreview
• Azure CLI: winget install -e --id Microsoft.AzureCLI

Terminology

• Tenant: An instance of Azure AD and represents a single organization.
• Azure AD Directory: Each tenant has a dedicated Directory. This is used to perform identity and access management functions for resources.
• Subscriptions: It is used to pay for services. There can be multiple subscriptions in a Directory.
• Core Domain: The initial domain name .onmicrosoft.com is the core domain. It is possible to define custom domain names too.

References

• Az - Permissions for a Pentest - HackTricks
• An introduction to penetration testing Azure - HollyGraceful - 06 August 2021

Share this content