Skip to main content
Jorge Bernhardt Jorge Bernhardt
  1. Posts/

How to Install the Secure DevOps Kit for Azure

·513 words·3 mins· 100 views · 5 likes ·
AzSK Azure PowerShell Connect-AzAccount Get-AzSKAzureServicesSecurityStatus

This quick blog post shows how to install the Secure DevOps Kit for Azure (AzSK). The Secure DevOps for Azure kit offers tools and best practices for creating and maintaining a secure architecture in the Microsoft cloud. Requirements:

  • PowerShell 5.0 or higher.
  • Windows OS

Important: If you have installed Az PowerShell using Azure SDK on your machine. You need to remove the Azure PowerShell modules installed through Azure SDK completely. You could also take backup in case you need it. The AzSK also needs Az modules but it would download from PSGallery.

Check the PowerShell version installed>

Check the PowerShell version installed #

If you want to check the version of PowerShell running on your machine, run the following command:

$PSVersionTable.PSVersion

PSversion

Install the Secure DevOps Kit for Azure>

Install the Secure DevOps Kit for Azure #

Once the checks have been made, you can start the installation of the AzSK. To do this, run the PowerShell console as an administrator and then type:

Install-Module AzSK `
    -Scope CurrentUser `
    -AllowClobber

Install-module

Check the version of the AzSK module installed>

Check the version of the AzSK module installed #

If you want to check or verify that the module is installed, use the following command:

 Get-InstalledModule `
    -Name AzSK
get-module
>

get-module
#

Scan an Azure Resource Group for security vulnerabilities>

Scan an Azure Resource Group for security vulnerabilities #

The use of this tool I will explain in the next post but as a check, we will use the tool to analyze the current status of an Azure resource group of my subscription. The simplest way to get started is to sign in interactively at the command line.

Connect-AzAccount

This cmdlet will bring up a dialog box prompting you for your email address and password associated with your Azure account. If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task, we will use the following commands:

Get-AzSubscription
Select-AzSubscription `
    -Subscription "My Subscription"

Set the variables First, we define the variables that we will use.

$subscriptionID = (Get-AzSubscription).Id
$resourceGroupName = "RG-DEMO"

and then, we perform the analysis of an Azure resource group, using the Get-AzSKAzureServicesSecurityStatus cmdlet with the following syntax:

Get-AzSKAzureServicesSecurityStatus `
    -SubscriptionId $subscriptionID `
    -ResourceGroupNames $resourceGroupName

AzSK
The duration of this process depends on the number of resources contained in the resource group.
Get-AzSKAzureServicesSecurityStatus
Once the verification of the Resource Group is completed, you will see the results folder open. There you will find the following information generated by the AzSK cmdlet:

  • The summary CSV file listing all applicable controls and their evaluation status.
  • The folder with the name of the resource group or the subscription that has been evaluated and within it will find a log file for each type of resource evaluated.

Summary AzSK
The files and folder generated by the AzSK cmdlet are described in more depth in the ReadMe.txt file present in the root output folder.

Thanks for reading my post. I hope you find it useful.

If you want to know more about the Secure DevOps Kit for Azure, check out this link.