Azure Security Operations: Difference between revisions
Jump to navigation
Jump to search
(→Login) |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
* [[Azure Operations#Subjects|Azure Operations]] | * [[Azure Operations#Subjects|Azure Operations]] | ||
=Account Operations= | =Account Operations= | ||
==Account | ==Login== | ||
{{External|https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli}} | |||
<syntaxhighlight lang='bash'> | |||
az login | |||
</syntaxhighlight> | |||
The command starts a browser for authentication, and if the login is successful, shows something similar to: | |||
<syntaxhighlight lang='text'> | |||
The default web browser has been opened at https://login.microsoftonline.com/common/oauth2/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`. | |||
You have logged in. Now let us find all the subscriptions to which you have access... | |||
[ | |||
{ | |||
"cloudName": "AzureCloud", | |||
"homeTenantId": "55555555-9999-4444-bbbb-aaaaaaaaaaaa", | |||
"id": "99999999-9999-9999-9999-999999999999", | |||
"isDefault": true, | |||
"managedByTenants": [], | |||
"name": "example.example.az(Converted to EA)", | |||
"state": "Enabled", | |||
"tenantId": "53ad779a-93e7-485c-ba20-ac8290d7252b", | |||
"tenantId": <same-as-homeTenantId>, | |||
"user": { | |||
"name": "some.user@example.com", | |||
"type": "user" | |||
} | |||
} | |||
] | |||
</syntaxhighlight> | |||
<font color=darkgray> | |||
To avoid starting a browser for authentication [...]. TODO: https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli#sign-in-with-a-service-principal | |||
</font> | |||
==Login Status and Account Information== | |||
<syntaxhighlight lang='bash'> | <syntaxhighlight lang='bash'> | ||
az account list | az account list | ||
</syntaxhighlight> | </syntaxhighlight> | ||
==Set Current Subscription== | ==Set Current Subscription== | ||
<syntaxhighlight lang='bash'> | <syntaxhighlight lang='bash'> | ||
SUBSCRIPTION_ID=... | SUBSCRIPTION_ID=... | ||
az account set --subscription ${SUBSCRIPTION_ID} | az account set --subscription ${SUBSCRIPTION_ID} | ||
</syntaxhighlight> | |||
=Role Operations= | |||
==Assign a Role== | |||
<syntaxhighlight lang='bash'> | |||
az role assignment create –-role Contributor -–assignee <service-principal-id> -g <service-principal-resource-group> | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 20:31, 23 April 2021
Internal
Account Operations
Login
az login
The command starts a browser for authentication, and if the login is successful, shows something similar to:
The default web browser has been opened at https://login.microsoftonline.com/common/oauth2/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`.
You have logged in. Now let us find all the subscriptions to which you have access...
[
{
"cloudName": "AzureCloud",
"homeTenantId": "55555555-9999-4444-bbbb-aaaaaaaaaaaa",
"id": "99999999-9999-9999-9999-999999999999",
"isDefault": true,
"managedByTenants": [],
"name": "example.example.az(Converted to EA)",
"state": "Enabled",
"tenantId": "53ad779a-93e7-485c-ba20-ac8290d7252b",
"tenantId": <same-as-homeTenantId>,
"user": {
"name": "some.user@example.com",
"type": "user"
}
}
]
To avoid starting a browser for authentication [...]. TODO: https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli#sign-in-with-a-service-principal
Login Status and Account Information
az account list
Set Current Subscription
SUBSCRIPTION_ID=...
az account set --subscription ${SUBSCRIPTION_ID}
Role Operations
Assign a Role
az role assignment create –-role Contributor -–assignee <service-principal-id> -g <service-principal-resource-group>