Invoke-SelfSearch -Mailbox <MAIL>
Search for open mailboxes
Azure Transparent Data Encryption (TDE) is enabled by default
Encrypts data at rest to prevent offline attacks (unless you export it…)
Azure SQL servers get a DNS name at .database.windows.net
Can run SQL queries in portal
Azure SQL BACPAC backup files are not encrypted… even when Transparent Data Encryption is enabled
Can restore BACPAC database backup to another Azure SQL Server
Search for bacpac’s on disk and in blob storage then restore in another Azure account to analyze
Get-AzSqlDatabase -ServerName <Server Name> -ResourceGroupName <Resource Group Name>
Check allow list to database
Get-AzSqlServerFirewallRule –ServerName <ServerName> -ResourceGroupName <ResourceGroupName>
List out SQL server AD Admins
Get-AzSqlServerActiveDirectoryAdminstrator -ServerName <ServerName> -ResourceGroupName <ResourceGroupName>
Get BACPAC backup file of database
Get-AzSqlDatabaseTransparentDataEncryption -ServerName <ServerName> -DatabaseName <DatabaseName> -ResourceGroupName <ResourceGroupName>
Must be a member of “eDiscovery Manager” role group in Security & Compliance Center (Administrator, compliance officer, or eDiscover manager)
https://protection.office.com
Search through almost all office365 services
http://169.254.169.254/metadata
Get access tokens from the metadata service
GET 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/' HTTP/1.1 Metadata: true