Hello, @Ali Yahia-Cherif ! We received your feedback and want to make sure that your question is answered.
Can I perform penetration tests from Azure resources?
The Azure penetration testing documentation does not include testing on external resources from Azure resources as an allowed action which is the extent of an official answer to this question:
The Azure Universal License Terms does include an Acceptable Use Policy which prohibits using Azure:
- in a way prohibited by law, regulation, governmental order or decree;
- to violate the rights of others;
- to try to gain unauthorized access to or disrupt any service, device, data, account or network, including by intentionally evading or disrupting restrictions in Metaprompts;
- to spam or distribute malware;
- in a way that could harm the Online Service or impair anyone else’s use of it;
This creates a problem because it would take a verification process to ensure that the owner of the external website (you in this case) authorizes the activity. It would also require some very specific and granular exceptions (authorized types of penetration tests from your Azure resource that is limited to a verified external site during a specific time window).
As a result, I would not perform penetration testing from Azure resources on non-Azure resources. I realize this is not a black and white answer but hopefully it has provided the clarity you need.
I hope this has been helpful! Your feedback is important so please take a moment to accept answers to verify that your question has been addressed. Thank you for helping to improve Microsoft Q&A!