Skip to content

Instantly share code, notes, and snippets.

View anwather's full-sized avatar

Anthony Watherston anwather

53 followers · 1 following
  • Microsoft Corporation
  • Australia
View GitHub Profile
@anwather
anwather / updateGraphPermissions.ps1
Created May 26, 2021 02:26
Param($TenantId, $LogicAppName)
# Microsoft Graph App ID (DON'T CHANGE)
$GraphAppId = "00000003-0000-0000-c000-000000000000"
# Check the Microsoft Graph documentation for the permission you need for the operation
switch -Regex ($LogicAppName) {
"group" { $PermissionNames = @("User.Read.All", "GroupMember.ReadWrite.All") }
"licence" { $PermissionNames = @("User.ReadWrite.All") }
}
@anwather
anwather / vwan policy
Created August 13, 2021 03:36
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"input": {
"value": {
"Name": "Deploy-VNET-HubConnection",
"ResourceType": "Microsoft.Authorization/policyDefinitions",
"Properties": {
"Description": "This policy deploys a virtual wan hub network connection",
@anwather
anwather / pol.json
Created August 20, 2021 01:35
Auto provision policy
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions"
}
]
@anwather
anwather / CreatedDatePolicy.json
Created August 30, 2021 23:15
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
@anwather
anwather / pimRemove.ps1
Created September 14, 2021 04:11
$app_id = ""
$tenant_id = ""
$app_key = ""
function Get-GraphToken {
Param([string]$ApplicationId, $TenantName, $AppPassword)
$Url = "https://login.microsoftonline.com/$TenantName/oauth2/v2.0/token"
$Body = @{
@anwather
anwather / pimRemove2.ps1
Created September 15, 2021 01:39
Connect-MgGraph -ClientId $app_id -TenantId $tenant_id -CertificateThumbprint $cert.Thumbprint
Select-MgProfile -Name beta
$roleDefinitionHash = @{}
Get-MgRoleManagementDirectoryRoleDefinition | ForEach-Object {
$roleDefinitionHash.Add($_.Id, $_.DisplayName)
}
@anwather
anwather / CertUsageinDevOps.md
Created September 15, 2021 05:47
Certificate Usage in Azure DevOps

Pre-Requisites

  1. Create a key vault
  2. Generate a self signed certificate in the key vault - ensure that the private key is marked as exportable
  3. Export the certificate as a .cer file
  4. Upload the certificate to the Azure DevOps SPN

Azure DevOps

  1. Create a new variable group
@anwather
anwather / classFeature.psm1
Created September 21, 2021 06:06
enum Ensure {
Absent
Present
}
[DscResource()]
class classFeature {
[DscProperty(Key)]
@anwather
anwather / WAF.json
Created October 11, 2021 00:14
WAF - Security Workbook
{
"version": "Notebook/1.0",
"items": [
{
"type": 1,
"content": {
"json": "# Security assessment recommendations workbook\r\n\r\n![alt text](https://docs.microsoft.com/en-us/learn/modules/azure-well-architected-introduction/media/pillars.png \"Well-architected framework pillars\")\r\n\r\nFor more information visit [Microsoft Azure Well-Architected Framework](https://docs.microsoft.com/en-us/azure/architecture/framework/security/)"
},
"name": "text - 9"
},
@anwather
anwather / GraphAuth.ps1
Created November 15, 2021 04:47
function Get-GraphTokenWithCertificate {
Param([string]$ApplicationId, $TenantName, $CertificatePath)
# Create base64 hash of certificate
$Certificate = Get-Item $CertificatePath
$CertificateBase64Hash = [System.Convert]::ToBase64String($Certificate.GetCertHash())
# Create JWT timestamp for expiration
$StartDate = (Get-Date "1970-01-01T00:00:00Z" ).ToUniversalTime()
$JWTExpirationTimeSpan = (New-TimeSpan -Start $StartDate -End (Get-Date).ToUniversalTime().AddMinutes(2)).TotalSeconds