More Info:

Roles which can be assumed by Network Services

Risk Level

High

Address

Security

Compliance Standards

CBP

Triage and Remediation

Remediation

To remediate the misconfiguration of “Roles Assumable By Network Services” in Azure using the Azure console, follow these steps:

  1. Sign in to the Azure portal (https://portal.azure.com) using your Azure account credentials.

  2. In the Azure portal’s search bar, type “Azure Active Directory” and select the “Azure Active Directory” service from the suggestions.

  3. In the Azure Active Directory blade, click on “Roles and administrators” in the left-hand navigation menu.

  4. On the Roles and administrators page, click on “Roles” tab.

  5. In the Roles tab, you will see a list of built-in roles. Look for roles that are assigned to Network Services, such as “Network Contributor” or “Network Contributor (Classic)”.

  6. Select the Network Service role that you want to remediate by clicking on it.

  7. In the Network Service role’s overview page, click on “Assignments” in the left-hand navigation menu.

  8. Review the list of role assignments for the Network Service role. Identify any inappropriate or unnecessary assignments.

  9. To remove an assignment, select the checkbox next to the assignment and click on the “Remove” button at the top of the page. Confirm the removal when prompted.

  10. Repeat steps 8 and 9 for all inappropriate or unnecessary role assignments.

  11. To prevent future misconfigurations, consider implementing a least privilege access model by creating custom roles with specific permissions for network-related tasks, rather than using the built-in Network Service roles.

  12. Click on “Add assignment” button to assign the appropriate roles to the network services based on their required responsibilities.

  13. In the “Add assignments” page, search for the appropriate role in the “Role” search bar.

  14. Select the desired role from the search results.

  15. In the “Select” section, choose the appropriate scope for the assignment (subscription, resource group, or specific resource).

  16. Specify the user, group, or application that should be assigned the role in the “Members” section.

  17. Click on the “Review + assign” button to review the assignment details.

  18. Review the assignment details and ensure they are correct. If everything looks good, click on the “Assign” button to complete the assignment.

  19. Repeat steps 13-18 for all necessary role assignments for the Network Services.

By following these steps, you can remediate the misconfiguration of “Roles Assumable By Network Services” in Azure using the Azure console.