This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
az webapp list -g tonyco-saas-tenants --query "[].id" -o tsv | az webapp config container set --docker-custom-image-name astaykov/tonysaas:v0.8-beta --ids @- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# first disable HTTP and force HTTPS only | |
az functionapp list --query "[].id" --output tsv | az functionapp update --set httpsOnly=true --ids @- | |
# then disable FTP in general. | |
# depending on your process, you might want to enforce FTPS (FtpsOnly) insted of completely disable it (Disabled). | |
az functionapp list --query "[].id" --output tsv | az functionapp config set --ftps-state Disabled --ids @- | |
# set client cert operation mode to optional | |
az functionapp list --query "[].id" --output tsv | az functionapp update --set clientCertMode=optional --ids @- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# First, get the service principal object of the managed identity | |
# you can directly use the object, as it will be displayed on the managed identity properties | |
$miSP = Get-AzureADServicePrincipal -ObjectId 836955bf-0fe8-4b25-b1af-d1119558eec7 | |
# second discover the service principal for the service you are looking to grant roles upon | |
# EXAMPLE: Microsoft Graph | |
# Note: the special GUID 00000003-0000-0000-c000-000000000000 is the application ID of Microsoft Graph | |
$resourceSP = Get-AzureADServicePrincipal -Filter "appId eq '00000003-0000-0000-c000-000000000000'" | |
# EXAMPLE Microsoft 365 Defender (Security Graph): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# First, get the service principal object of the managed identity | |
# you can directly use the object, as it will be displayed on the managed identity properties | |
$miSP = Get-AzureADServicePrincipal -ObjectId 836955bf-0fe8-4b25-b1af-d1119558eec7 | |
# EXAMPLE: Ge thte Microsoft Graph service principal | |
# Note: the special GUID 00000003-0000-0000-c000-000000000000 is the application ID of Microsoft Graph | |
$graphSP = Get-AzureADServicePrincipal -Filter "appId eq '00000003-0000-0000-c000-000000000000'" | |
# the following command will get all app role assignments that our managed identity has been consented | |
# Note, that since we are talking about managed identity, only application permissions are applicable |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# first disable HTTP and force HTTPS only | |
az webapp list --query "[].id" --output tsv | az webapp update --https-only true --ids @- | |
# then force min-tls version | |
az webapp list --query "[].id" --output tsv | az webapp config set --min-tls-version '1.2' --ids @- | |
# then force FTPS in general. | |
# depending on your process, you might want to enforce FTPS (FtpsOnly) insted of completely disable it (Disabled). | |
az webapp list --query "[].id" --output tsv | az webapp config set --ftps-state FtpsOnly --ids @- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This script is used to clean users' tenants association for a demo environment | |
$extProps = New-Object System.Collections.Generic.Dictionary"[String,String]" | |
$extProps.Add("extension_f7032a421ae74f8b8919f15dad3b290b_TenantsAll","") | |
Get-AzureADUser -all $true | ForEach-Object { Set-AzureADUser -ObjectId $_.ObjectId -ExtensionProperty $extProps } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Connect-MgGraph -Scopes "Directory.AccessAsUser.All" -TenantId b2c.idhero.de | |
Get-MgApplication -Filter "startswith(displayname,'Tonyco SaaS')" | ForEach-Object { Remove-MgApplication -ApplicationId $_.Id } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# First, connect to Azure AD | |
Connect-AzureAD | |
# Make sure there is no same policy already defined | |
# Get your policies and inspect them | |
Get-AzureADPolicy | |
# modify your gorup filter as appropriate | |
# ref: https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-claims-mapping-policy-type#group-filter | |
$PolicyDefinitionString = "{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xmlns:xsd="http://www.w3.org/2001/XMLSchema" | |
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" | |
PolicySchemaVersion="0.3.0.0" | |
TenantId="yourtenant.onmicrosoft.com" | |
PolicyId="B2C_1A_SendgridCustomTemplateId" | |
PublicPolicyUri="http://tonycosite.onmicrosoft.com/B2C_1A_SendgridCustomTemplateId" | |
DeploymentMode="Development" | |
UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using namespace System.Net | |
# Input bindings are passed in via param block. | |
param($Request, $TriggerMetadata) | |
function Parse-JWTtoken { | |
[cmdletbinding()] | |
param([Parameter(Mandatory=$true)][string]$token) | |