astaykov/tenantdependentresources.sh

## tenantdependentresources.sh
#!/bin/bash
function check_directory_dependencies() {
    echo "Checking for graph extension on Azure CLI..."
    echo "--------------------------------------------"
    PATTERN='resource-graph'
    string=$(az extension list | grep 'resource-graph')
    if [[ $string == *"resource-graph"* ]];
    then
        # az extension update --name resource-graph
        echo 'Graph extension is already installed...'
    else
        echo 'Installing az graph extension. Hold on a second...'
        az extension add --name resource-graph
    fi
    echo " "
    echo "Azure resources with known Azure AD Tenant dependencies:"
    echo "--------------------------------------------------------"
    subscriptionId=$(az account show --query id | sed -e 's/^"//' -e 's/"$//')
    az graph query -q 'resources | where type != "microsoft.azureactivedirectory/b2cdirectories" | where  identity <> "" or properties.tenantId <> "" or properties.encryptionSettingsCollection.enabled == true | project name, type, kind, identity, tenantId, properties.tenantId' --subscriptions $subscriptionId --output table

    echo " "
    echo "Azure SQL Servers with Azrue AD Authentication"
    echo "----------------------------------------------"
    az sql server ad-admin list --ids $(az graph query -q 'resources | where type == "microsoft.sql/servers" | project id' -o tsv | cut -f1)

    # for resourceId in $(az graph query -q 'resources | where type == "microsoft.sql/servers" | project id' -o tsv | cut -f1)
    #   do
    #      az sql server ad-admin list --ids $resourceId -o table
    #   done

    echo "RBAC role assignments:"
    echo "----------------------"
    az role assignment list --all -o table
}

check_directory_dependencies
	#!/bin/bash
	function check_directory_dependencies() {
	echo "Checking for graph extension on Azure CLI..."
	echo "--------------------------------------------"
	PATTERN='resource-graph'
	string=$(az extension list \| grep 'resource-graph')
	if [[ $string == "resource-graph" ]];
	then
	# az extension update --name resource-graph
	echo 'Graph extension is already installed...'
	else
	echo 'Installing az graph extension. Hold on a second...'
	az extension add --name resource-graph
	fi
	echo " "
	echo "Azure resources with known Azure AD Tenant dependencies:"
	echo "--------------------------------------------------------"
	subscriptionId=$(az account show --query id \| sed -e 's/^"//' -e 's/"$//')
	az graph query -q 'resources \| where type != "microsoft.azureactivedirectory/b2cdirectories" \| where identity <> "" or properties.tenantId <> "" or properties.encryptionSettingsCollection.enabled == true \| project name, type, kind, identity, tenantId, properties.tenantId' --subscriptions $subscriptionId --output table

	echo " "
	echo "Azure SQL Servers with Azrue AD Authentication"
	echo "----------------------------------------------"
	az sql server ad-admin list --ids $(az graph query -q 'resources \| where type == "microsoft.sql/servers" \| project id' -o tsv \| cut -f1)

	# for resourceId in $(az graph query -q 'resources \| where type == "microsoft.sql/servers" \| project id' -o tsv \| cut -f1)
	# do
	# az sql server ad-admin list --ids $resourceId -o table
	# done

	echo "RBAC role assignments:"
	echo "----------------------"
	az role assignment list --all -o table
	}

	check_directory_dependencies