gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2025-12-28 05:33:10 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Carlos Polop
2025-02-08 19:54:20 +01:00
parent f5c7490026
commit 7162236a6b
1 changed files with 1 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/pentesting-cloud/azure-security/az-basic-information/README.md
View File

@@ -314,16 +314,7 @@ This elevation can be done at the end of the page: [https://portal.azure.com/#vi
### Assignments Conditions & MFA
Its possible to **establish some conditions when a role is assigned** to a principal. A common condition to add is to require MFA to access some role permissions:
```bash
az role assignment create \
--assignee <user-or-service-principal-id> \
--role <custom-role-id-or-name> \
--scope "/subscriptions/9291ff6e-6afb-430e-82a4-6f04b2d05c7f" \
--condition "PrincipalClaims['amr'] contains 'mfa'" \
--condition-version 2.0
```
According to **[the docs](https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-portal)**: Currently, conditions can be added to built-in or custom role assignments that have **blob storage data actions or queue storage data actions**.
### Deny Assignments