This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param( | |
[Parameter(HelpMessage="The Azure DevOps organization.")] | |
[string]$adoOrg = "Adatum", | |
[Parameter(Mandatory=$true, HelpMessage="The Azure DevOps team project.")] | |
[string]$adoTeamProject, | |
[Parameter(Mandatory=$true, HelpMessage="The Azure DevOps repository.")] | |
[string]$adoRepo, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
This script retrieves Azure Active Directory (AD) applications with expired secrets and checks their sign-in logs. | |
.DESCRIPTION | |
The script first retrieves all Azure AD applications using the Get-AzADApplication cmdlet. It then filters these applications to only include those where the password credential has expired more than 30 days ago and where there is only one password credential. | |
For each of these applications, the script retrieves the AppId and constructs three queries to check the sign-in logs for the last 30 days. The queries are for service principal sign-ins, non-interactive user sign-ins, and interactive sign-ins. | |
The script then executes these queries using the Invoke-AzOperationalInsightsQuery cmdlet and stores the results in three separate variables: $servicePrincipalSignins, $nonInteractiveSignins, and $interactiveSignins. | |
Finally, the script outputs the results of these queries. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# slack test | |
$slackKey = Get-AzKeyVaultsecret -VaultName "" -Name "" -AsPlainText | |
$azOpenAiKey = Get-AzKeyVaultsecret -VaultName "" -Name "" -AsPlainText | |
$slackChannelId = "" | |
$slackThreadId = "" | |
$openAiUrl = "" | |
$slackUrl = "https://slack.com/api/conversations.replies?channel=$slackChannelId&ts=$slackThreadId&pretty=1" | |
$slackHeaders= @{ | |
"Authorization" = "Bearer $slackKey" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# creates an appregistration in Azure AD and connects it with a github repo | |
# use as an example only | |
[CmdletBinding()] | |
param ( | |
[Parameter(Mandatory)] | |
[string] | |
$gitHubRepoName, | |
[Parameter(Mandatory)] | |
[string] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
param storageAccountName string | |
resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-09-01' = { | |
name: '${storageAccountName}/default/mycontainer' | |
} | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// get latest resource changes based on resource group tag | |
resourcechanges | |
| join kind= inner ( | |
resourcecontainers | |
| where type =~ 'microsoft.resources/subscriptions/resourcegroups' | |
| where isnotempty(tags) | |
| where tags['key'] =~ 'value' | |
| project subscriptionId, resourceGroup) | |
on subscriptionId, resourceGroup | |
| extend changeTime = todatetime(properties.changeAttributes.timestamp), |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$version = get-date -Format yyyy-MM-dd | |
$commit = "$ENV:BUILD_SOURCEVERSION" | |
# get the latest files changed | |
$files = $(git diff HEAD HEAD~ --name-only -- *.bicep modules/) | |
if ($files.count -ge 1) { | |
# copy files to staging | |
copy-item $files -Destination $ENV:BUILD_ARTIFACTSTAGINGDIRECTORY | |
# set a variable and build number |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## connect to storage using SAS | |
$storageName = "" | |
$sasToken = "" | |
$container = "" | |
$ctx = New-AzureStorageContext -StorageAccountName $storageName -SasToken $sasToken | |
# get all the blobs | |
$blobs = Get-AzureStorageBlob -Container $container -Context $ctx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"properties": { | |
"displayName": "PostgreSQL should have Geo replication enabled", | |
"policyType": "Custom", | |
"mode": "Indexed", | |
"description": "This policy checks wheter Geo replication is enabled or not. You can exclude the database from the policy by adding 'noGeo' : 'true' as tag and value", | |
"metadata": { | |
"category": "SQL", | |
"createdBy": "75e5f040-6c35-4bc7-baef-eae05fc48acb", | |
"createdOn": "2021-03-22T12:10:49.814614Z", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## This will use your Azure access token and establish a connection to your Azure SQL instance. | |
## useful when testing network connections or similar | |
$token = Get-AzAccessToken -Resource "https://database.windows.net" | |
# connect to database | |
$dbConn = New-Object System.Data.SqlClient.SqlConnection | |
$dbConn.ConnectionString = "Server=tcp:my-sql-server.database.windows.net,1433;Initial Catalog=myDB;Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;" | |
$dbConn.AccessToken=$token.Token | |
$dbConn.Open() |
NewerOlder