Azure Resource Graph APIM With Basic Auth Enabled

//https://github.com/bountyyfi/Azure-APIM-Cross-Tenant-Signup-Bypass //Remove Basic authentication from APIM developer portals ASAP, insecure default! resources | where type == "microsoft.apimanagement/service/identityproviders" | where name endswith "/basic" | project apimInstance=tostring(split(id, "/providers/Microsoft.ApiManagement/service/")[1]), resourceGroup, subscriptionId

Explanation

This query is designed to identify Azure API Management (APIM) instances that are using Basic authentication in their developer portals, which is considered insecure. Here's a simple breakdown of what the query does:

Target Resource Type: It looks at resources of the type microsoft.apimanagement/service/identityproviders. These are related to identity providers configured for API Management services.
Filter for Basic Authentication: It filters these resources to find those whose names end with "/basic", indicating they are using Basic authentication.
Extract Information: For each of these resources, it extracts and displays:
- The name of the APIM instance (apimInstance).
- The resource group it belongs to (resourceGroup).
- The subscription ID associated with it (subscriptionId).

The overall goal is to quickly identify and address any APIM instances that are using Basic authentication, which should be removed or replaced with a more secure method.

KQL Search

Azure Resource Graph APIM With Basic Auth Enabled

Query

Explanation

Details

Actions