-
-
Save bgelens/58c7854b9a111a46363deccf13ea7937 to your computer and use it in GitHub Desktop.
$tenantId = '' | |
$context = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext | |
$token = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate( | |
$context.Account, | |
$context.Environment, | |
$context.Tenant.Id.ToString(), | |
$null, | |
[Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, | |
$null, | |
'https://management.azure.com/' | |
) | |
$subscriptions = Get-AzSubscription -TenantId $tenantId | |
$body = @{ | |
subscriptionId = @( | |
$subscriptions.SubscriptionId | |
) | |
subscriptionName = @( | |
$subscriptions.Name | |
) | |
} | ConvertTo-Json | |
@( | |
'Azure CIS 1.1.0' | |
'PCI DSS 3.2.1' | |
'SOC TSP' | |
'ISO 27001' | |
) | ForEach-Object -Process { | |
$escapedReportName = [uri]::EscapeDataString($_) | |
irm "https://s2.security.ext.azure.com/api/regulatoryCompliance/reports/executiveSummary?standardName=$escapedReportName" -Headers @{ | |
Authorization = "Bearer $($token.AccessToken)" | |
} -Method Post -Body $body -OutFile "/Users/bengelens/Desktop/$_.pdf" | |
} |
TBH, I did not think about it until now :( Too busy with non azure things past couple of weeks. Maybe during the weekend (no promises)
@scarytoon I investigated a little bit and found that it's the tokens that are not working anymore. When copying a token used in the portal and passing it in as the bearer token for the PowerShell script, things work fine.
I diffed the tokens and found a couple of noticeable differences.
- The resource used in the portal is
https://management.core.windows.net/
- The application in the jwt token is of appidacr type 2 (certifcate auth) with app id c44b4083-3bb0-49c1-b47d-974e53cbdf3c (portal app)
They might have constrained access to this app id. There is no way to know :(
@scarytoon I just noticed @JustinGrote created a function that can fetch a token as the portal app. I did not check it out yet but it might be usable for this scenario as well.
https://github.com/JustinGrote/AzSpotPricing/blob/main/Modules/Az.SpotPricing/Get-AzPortalToken.ps1
HI, did you have any luck of getting it to work ?