Skip to content

Instantly share code, notes, and snippets.

@bgelens

bgelens/Get-AzureSecurityCenterComplianceReport.ps1

Created May 28, 2020 11:14
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save bgelens/58c7854b9a111a46363deccf13ea7937 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save bgelens/58c7854b9a111a46363deccf13ea7937 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Get-AzureSecurityCenterComplianceReport.ps1
$tenantId = ''
$context = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext
$token = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate(
$context.Account,
$context.Environment,
$context.Tenant.Id.ToString(),
$null,
[Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never,
$null,
'https://management.azure.com/'
)
$subscriptions = Get-AzSubscription -TenantId $tenantId
$body = @{
subscriptionId = @(
$subscriptions.SubscriptionId
)
subscriptionName = @(
$subscriptions.Name
)
} | ConvertTo-Json
@(
'Azure CIS 1.1.0'
'PCI DSS 3.2.1'
'SOC TSP'
'ISO 27001'
) | ForEach-Object -Process {
$escapedReportName = [uri]::EscapeDataString($_)
irm "https://s2.security.ext.azure.com/api/regulatoryCompliance/reports/executiveSummary?standardName=$escapedReportName" -Headers @{
Authorization = "Bearer $($token.AccessToken)"
} -Method Post -Body $body -OutFile "/Users/bengelens/Desktop/$_.pdf"
}
@scarytoon
Copy link

scarytoon commented Aug 12, 2020

@scarytoon I guess they changed their API (it's undocumented afaik). If I have some time this week I'll look into it

Great. Thank you. These reports seem to be useful for "higher Management." Or the other options would be to explore getting the compliance/recommendations and outputting these into a HTML format.

@scarytoon
Copy link

scarytoon commented Aug 21, 2020

HI, did you have any luck of getting it to work ?

@bgelens
Copy link
Author

bgelens commented Aug 21, 2020

TBH, I did not think about it until now :( Too busy with non azure things past couple of weeks. Maybe during the weekend (no promises)

@bgelens
Copy link
Author

bgelens commented Sep 6, 2020
edited
Loading

@scarytoon I investigated a little bit and found that it's the tokens that are not working anymore. When copying a token used in the portal and passing it in as the bearer token for the PowerShell script, things work fine.

I diffed the tokens and found a couple of noticeable differences.

  1. The resource used in the portal is https://management.core.windows.net/
  2. The application in the jwt token is of appidacr type 2 (certifcate auth) with app id c44b4083-3bb0-49c1-b47d-974e53cbdf3c (portal app)

They might have constrained access to this app id. There is no way to know :(

@bgelens
Copy link
Author

bgelens commented Sep 14, 2020

@scarytoon I just noticed @JustinGrote created a function that can fetch a token as the portal app. I did not check it out yet but it might be usable for this scenario as well.

https://github.com/JustinGrote/AzSpotPricing/blob/main/Modules/Az.SpotPricing/Get-AzPortalToken.ps1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment