Skip to content

Instantly share code, notes, and snippets.

View astaykov's full-sized avatar

Anton Staykov astaykov

  • Microsoft (former Microsoft Azure MVP)
  • Berlin, Germany
  • X @astaykov
View GitHub Profile
@astaykov
astaykov / update-az-webapp-container.sh
Created March 15, 2021 16:17
Update app setting value for all Web Apps in particular resource group to
#!/usr/bin/env bash
az webapp list -g tonyco-saas-tenants --query "[].id" -o tsv | az webapp config container set --docker-custom-image-name astaykov/tonysaas:v0.8-beta --ids @-
#!/usr/bin/env bash
# first disable HTTP and force HTTPS only
az functionapp list --query "[].id" --output tsv | az functionapp update --set httpsOnly=true --ids @-
# then disable FTP in general.
# depending on your process, you might want to enforce FTPS (FtpsOnly) insted of completely disable it (Disabled).
az functionapp list --query "[].id" --output tsv | az functionapp config set --ftps-state Disabled --ids @-
# set client cert operation mode to optional
az functionapp list --query "[].id" --output tsv | az functionapp update --set clientCertMode=optional --ids @-
# First, get the service principal object of the managed identity
# you can directly use the object, as it will be displayed on the managed identity properties
$miSP = Get-AzureADServicePrincipal -ObjectId 836955bf-0fe8-4b25-b1af-d1119558eec7
# second discover the service principal for the service you are looking to grant roles upon
# EXAMPLE: Microsoft Graph
# Note: the special GUID 00000003-0000-0000-c000-000000000000 is the application ID of Microsoft Graph
$resourceSP = Get-AzureADServicePrincipal -Filter "appId eq '00000003-0000-0000-c000-000000000000'"
# EXAMPLE Microsoft 365 Defender (Security Graph):
@astaykov
astaykov / AzureAD-ManagedIdentity-AssignedPermissions.ps1
Created February 16, 2022 14:08
Check application permissions assigned on a managed identity
# First, get the service principal object of the managed identity
# you can directly use the object, as it will be displayed on the managed identity properties
$miSP = Get-AzureADServicePrincipal -ObjectId 836955bf-0fe8-4b25-b1af-d1119558eec7
# EXAMPLE: Ge thte Microsoft Graph service principal
# Note: the special GUID 00000003-0000-0000-c000-000000000000 is the application ID of Microsoft Graph
$graphSP = Get-AzureADServicePrincipal -Filter "appId eq '00000003-0000-0000-c000-000000000000'"
# the following command will get all app role assignments that our managed identity has been consented
# Note, that since we are talking about managed identity, only application permissions are applicable
@astaykov
astaykov / az-webapp-config-set-tls.sh
Last active August 26, 2022 13:20
Update all web apps to TLS 1.2
#!/usr/bin/env bash
# first disable HTTP and force HTTPS only
az webapp list --query "[].id" --output tsv | az webapp update --https-only true --ids @-
# then force min-tls version
az webapp list --query "[].id" --output tsv | az webapp config set --min-tls-version '1.2' --ids @-
# then force FTPS in general.
# depending on your process, you might want to enforce FTPS (FtpsOnly) insted of completely disable it (Disabled).
az webapp list --query "[].id" --output tsv | az webapp config set --ftps-state FtpsOnly --ids @-
@astaykov
astaykov / UpdateAllUsers.ps1
Created August 31, 2022 06:06
Update all users in Azure AD
# This script is used to clean users' tenants association for a demo environment
$extProps = New-Object System.Collections.Generic.Dictionary"[String,String]"
$extProps.Add("extension_f7032a421ae74f8b8919f15dad3b290b_TenantsAll","")
Get-AzureADUser -all $true | ForEach-Object { Set-AzureADUser -ObjectId $_.ObjectId -ExtensionProperty $extProps }
Connect-MgGraph -Scopes "Directory.AccessAsUser.All" -TenantId b2c.idhero.de
Get-MgApplication -Filter "startswith(displayname,'Tonyco SaaS')" | ForEach-Object { Remove-MgApplication -ApplicationId $_.Id }
# First, connect to Azure AD
Connect-AzureAD
# Make sure there is no same policy already defined
# Get your policies and inspect them
Get-AzureADPolicy
# modify your gorup filter as appropriate
# ref: https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-claims-mapping-policy-type#group-filter
$PolicyDefinitionString = "{
@astaykov
astaykov / SendgridCustomTemplateId.xml
Created November 18, 2022 09:25
Azure AD B2C custom e-mail with SendGrid - custom template id per locale
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06"
PolicySchemaVersion="0.3.0.0"
TenantId="yourtenant.onmicrosoft.com"
PolicyId="B2C_1A_SendgridCustomTemplateId"
PublicPolicyUri="http://tonycosite.onmicrosoft.com/B2C_1A_SendgridCustomTemplateId"
DeploymentMode="Development"
UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights">
using namespace System.Net
# Input bindings are passed in via param block.
param($Request, $TriggerMetadata)
function Parse-JWTtoken {
[cmdletbinding()]
param([Parameter(Mandatory=$true)][string]$token)