You’re encrypting sensitive data with RSA encryption, great start! But how do you protect your certificates from being extracted? You get hacked and they steal your encrypted data, no problem, it’s encrypted! If they hack you, are you sure they can’t also steal the certificate? This series covers several risks of Certificate Extraction and what you can do about it.
You have this multi-tenant application that is protected with Azure AD, great! How about the certificate you’re using as a client credential? If you followed the Microsoft samples it’s probably stored in the Azure Key Vault. This seems really secure, but there is one thing no one thought about Certificate Extraction.
Powershell is pretty powerful for all kind of administrative tasks, especially if you load some extra modules. We use the AzureAD module for a lot of tasks that can be (semi-)automated with the use of some script. In this post I described how to extract all users from Azure AD as a regular user, and what you should do about it.
Extracting users isn’t the only thing you can do with Azure AD powershell and this page shows how to export all Azure AD global admins (which can be executed by ANY user in your tenant unless you take action against that.)
Powershell is pretty powerful for all kind of administrative tasks, especially if you load some extra modules. We use the AzureAD module for a lot of tasks that can be (semi-)automated with the use of some script.
My github repositories, last edited first.
Sonos control library, use this library in your own appliction. Sonos mqtt controller. Control your speakers from your mqtt server. mqtt-smarthome insprired.