This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# First, get the service principal object of the managed identity | |
# you can directly use the object, as it will be displayed on the managed identity properties | |
$miSP = Get-AzureADServicePrincipal -ObjectId 836955bf-0fe8-4b25-b1af-d1119558eec7 | |
# EXAMPLE: Ge thte Microsoft Graph service principal | |
# Note: the special GUID 00000003-0000-0000-c000-000000000000 is the application ID of Microsoft Graph | |
$graphSP = Get-AzureADServicePrincipal -Filter "appId eq '00000003-0000-0000-c000-000000000000'" | |
# the following command will get all app role assignments that our managed identity has been consented | |
# Note, that since we are talking about managed identity, only application permissions are applicable |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# First, get the service principal object of the managed identity | |
# you can directly use the object, as it will be displayed on the managed identity properties | |
$miSP = Get-AzureADServicePrincipal -ObjectId 836955bf-0fe8-4b25-b1af-d1119558eec7 | |
# second discover the service principal for the service you are looking to grant roles upon | |
# EXAMPLE: Microsoft Graph | |
# Note: the special GUID 00000003-0000-0000-c000-000000000000 is the application ID of Microsoft Graph | |
$resourceSP = Get-AzureADServicePrincipal -Filter "appId eq '00000003-0000-0000-c000-000000000000'" | |
# EXAMPLE Microsoft 365 Defender (Security Graph): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# first disable HTTP and force HTTPS only | |
az functionapp list --query "[].id" --output tsv | az functionapp update --set httpsOnly=true --ids @- | |
# then disable FTP in general. | |
# depending on your process, you might want to enforce FTPS (FtpsOnly) insted of completely disable it (Disabled). | |
az functionapp list --query "[].id" --output tsv | az functionapp config set --ftps-state Disabled --ids @- | |
# set client cert operation mode to optional | |
az functionapp list --query "[].id" --output tsv | az functionapp update --set clientCertMode=optional --ids @- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
az webapp list -g tonyco-saas-tenants --query "[].id" -o tsv | az webapp config container set --docker-custom-image-name astaykov/tonysaas:v0.8-beta --ids @- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Connect-AzureAD | |
$roles = Get-AzureADDirectoryRole | |
foreach ($role in $roles) | |
{ | |
$members = Get-AzureADDirectoryRoleMember -ObjectId $role.ObjectId | |
Write-Host "--- Service Principals members of " $role.DisplayName " ---" | |
foreach ($member in $members) | |
{ | |
if($member.ObjectType -eq "ServicePrincipal") | |
{ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Use this script to quickly analyse your current Azure AD B2C Tenant | |
## Please use cloud only user (Global Admin) local to your B2C tenant | |
## This script uses Azure AD PowerShell for MS Graph + Azure AD PowerShell for Graph preview modeules | |
## https://docs.microsoft.com/en-us/powershell/azure/active-directory/overview?view=azureadps-2.0 | |
## https://docs.microsoft.com/en-us/powershell/azure/active-directory/overview?view=azureadps-2.0-preview | |
## You must have both the modules to run this script | |
## The information is based on the Audit Logs of Azure AD B2C, which is only there for 7 days | |
## If you need to query data for more than 7 days, then you must export your Azure AD B2C Audit Logs | |
## Read More about how to export Azure AD B2C Audit Logs to Log Analytics Workspace: | |
## https://docs.microsoft.com/en-us/azure/active-directory-b2c/azure-monitor |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Connect-AzureAD -Confirm | |
Import-Module AzeruADPreview | |
$appID = "...guid-of-the-AppID..." | |
$policyName = "Add email_verified to claims" | |
$sp = Get-AzureADServicePrincipal -Filter "servicePrincipalNames/any(n: n eq '$appID')" | |
$existingPolicies = Get-AzureADServicePrincipalPolicy -Id $sp.ObjectId ` | |
| Where-Object { $_.Type -eq "ClaimsMappingPolicy" } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function computeHttpSignature(config, headerHash) { | |
var template = 'keyId="${keyId}",algorithm="${algorithm}",headers="${headers}",signature="${signature}"', | |
sig = template; | |
// compute sig here | |
var signingBase = ''; | |
config.headers.forEach(function(h){ | |
if (signingBase !== '') { signingBase += '\n'; } | |
signingBase += h.toLowerCase() + ": " + headerHash[h]; | |
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
function check_directory_dependencies() { | |
echo "Checking for graph extension on Azure CLI..." | |
echo "--------------------------------------------" | |
PATTERN='resource-graph' | |
string=$(az extension list | grep 'resource-graph') | |
if [[ $string == *"resource-graph"* ]]; | |
then | |
# az extension update --name resource-graph | |
echo 'Graph extension is already installed...' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// basically gets all data about organization | |
ldapsearch -x -h fqdn.of.the.domain -D "upn" -w "password" -b 'dc=idcxp,dc=site' | |
// get data about single user object | |
// make sure you get the DN correct | |
ldapsearch -x -h fqdn.of.the.domain -D "upn" -w "password" -b 'CN=bdm-user bdmou,OU=AADDC Users,DC=idcxp,DC=site' | |