1

Some people on our team have rights to reset MFA on azure, and others do not. I was wondering if powershell had -some- functionality where I could build some kind of server with it that would respond to prompts from those team members.

My controller would basically have my credentials signed in, and based on pings from my team members, it would take their input and perform the MFA reset using my credentials. I already have tools that allow me, personal, to send these requests, but I do not know if Powershell has the capability to act as a controller/server of some form and respond to commands such as this.

Basically: Coworker pings my machine, my machine performs the reset with my credentials via powershell. Everything I have found thus far is about running remote credentials on other machines, and not having powershell itself act as some kind of controller. Is it even possible? Or am I going to have to use something else to do this. Powershell isn't a language I am super familiar with and something I had to learn on the fly

Spook City
  • 45
  • 6
  • Why... why not just grant them the privilege in Azure to begin with? Your current plan creates an accounting gap (all resets will look like they were performed by _you_) – Mathias R. Jessen Mar 23 '20 at 15:55
  • If you really want to set up your own ICMP server: https://stackoverflow.com/questions/626541/listen-for-icmp-packets-in-c-sharp. however this example is rudimentary: ReceiveFrom is blocking so if you want to rcv more than just one icmp packet, you need to set this up in an infinite loop and also change the action on receipt from echoing a message to STDOUT to doing the MFA reset you're talking about. Also keep in mind that if you're MFA reset takes too long, the server will not be in listening state until it loops back around to ReceiveFrom() again. See socket programming problems. – thepip3r Mar 23 '20 at 20:12
  • For Mathias: I am not allowed to enable other users to gain access to Azure To thepip3r: Thanks! I'll give it a go - and, as for numbers, accounting is fine, they know I do this often, as there is only really 7 of us on the service desk here(but only three of us with MFA access, weirdly enough.) No amount of kicking and screaming will change that, I've honestly tried. – Spook City Apr 01 '20 at 15:28

0 Answers0