The cmdlets Get-AzurePublishSettingsFile and Import-AzurePublishSettingsFile setup and configure management certificates in Azure and on the local machine to allow easy authentication to access classic resources in Azure.
I have seen several potential pitfalls with this approach.
- Removing a user as co-admin on a subscription does not remove or invalidate the management certificates. Unless you have really on the ball Azure admins, this can leave users with full access to your classic resources even after they have been removed as subscription admins.
- Management certificates can not be linked to specific users. This makes removing a specific users management certificates very tricky.
- The anonymity of these certificates makes auditing user actions very difficult.
It is for all these reasons that I see the use of these certificates as a very big security risk and it is worth noting that the use of management certificates and publish settings has been deprecated for ARM resources.
In all the Azure environments I have worked in I have enacted a policy to disallow the use of management certificates completely and force all users and applications to authenticate into Azure using different methods (Azure active directory, service principals). The following scripts show how we can automate the auditing of these certificates and potentially automate the removal of unauthorised certificates.