Operational Groups in Azure: Automating Security with Dynamic Scripts

https://lnkd.in/g8wk6_h2

In this article, Nathan McNulty introduces a series of scripts designed to manage Operational Groups in Azure. These scripts aim to automate the maintenance of security groups based on authentication methods, MFA/passwordless configurations, risk states, and device details. The goal is to enhance security and efficiency by dynamically managing groups and enabling features like passkey enrollment and automated risk reduction.

Practice-Verified Code Snippets

1. Creating a Dynamic Group Based on Authentication Methods

   </li>
   </ol>
   
   <h1>PowerShell script to create a dynamic group in Azure AD</h1>
   
   Connect-AzureAD 
   New-AzureADMSGroup -DisplayName "MFA-Enabled Users" -MailEnabled $false -SecurityEnabled $true -MailNickname "MFAUsers" -GroupTypes "DynamicMembership" 
   $dynamicGroupRule = 'user.userPrincipalName -eq "[email protected]" -and user.mfaEnabled -eq "True"' 
   Set-AzureADMSGroup -Id (Get-AzureADMSGroup -SearchString "MFA-Enabled Users").Id -MembershipRule $dynamicGroupRule 
   

   2. **Automating Risk State Management**

   
   <h1>PowerShell script to automate risk state management</h1>
   
   $riskUsers = Get-AzureADUserRisk -RiskState "High" 
   foreach ($user in $riskUsers) { 
   Set-AzureADUser -ObjectId $user.ObjectId -AccountEnabled $false 
   Write-Output "Disabled account for high-risk user: $($user.UserPrincipalName)" 
   } 
   

   3. **Dynamic Group for Passkey Enrollment**

   
   <h1>PowerShell script to create a dynamic group for passkey enrollment</h1>
   
   New-AzureADMSGroup -DisplayName "Passkey-Enrolled Users" -MailEnabled $false -SecurityEnabled $true -MailNickname "PasskeyUsers" -GroupTypes "DynamicMembership" 
   $passkeyRule = 'user.deviceKeys -contains "passkey"' 
   Set-AzureADMSGroup -Id (Get-AzureADMSGroup -SearchString "Passkey-Enrolled Users").Id -MembershipRule $passkeyRule 
   

   ### What Undercode Say

   Operational Groups in Azure represent a significant step forward in automating and securing identity management. By leveraging dynamic groups, organizations can ensure that security policies are enforced consistently and efficiently. The scripts provided by Nathan McNulty highlight the power of Azure Automation in managing authentication methods, risk states, and device details.

   For Linux users, similar automation can be achieved using tools like awk, grep, and cron. For example, to monitor high-risk users in a Linux environment, you could use:

   
   <h1>Bash script to monitor high-risk users</h1>
   
   grep "High-Risk" /var/log/auth.log | awk '{print $1, $2, $3, $9}' 
   

   Windows users can also benefit from PowerShell commands like `Get-ADUser` and `Set-ADUser` to manage Active Directory users dynamically. For instance:

   
   <h1>PowerShell script to disable inactive users in AD</h1>
   
   Get-ADUser -Filter {LastLogonDate -lt (Get-Date).AddDays(-30)} | Set-ADUser -Enabled $false 
   

   In conclusion, the integration of dynamic groups and automation scripts in Azure provides a robust framework for enhancing security and operational efficiency. By adopting these practices, organizations can stay ahead of emerging threats and ensure compliance with security policies. For further reading, refer to the Azure Automation documentation.

   References:

   Hackers Feeds, Undercode AI