Azure Security Operations: Difference between revisions
Jump to navigation
Jump to search
(→Login) |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 30: | Line 30: | ||
] | ] | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<font color=darkgray> | |||
To avoid starting a browser for authentication [...]. TODO: https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli#sign-in-with-a-service-principal | |||
</font> | |||
==Login Status and Account Information== | ==Login Status and Account Information== | ||
Line 43: | Line 47: | ||
=Role Operations= | =Role Operations= | ||
==Assign a Role== | |||
<syntaxhighlight lang='bash'> | |||
az role assignment create –-role Contributor -–assignee <service-principal-id> -g <service-principal-resource-group> | |||
</syntaxhighlight> |
Latest revision as of 20:31, 23 April 2021
Internal
Account Operations
Login
az login
The command starts a browser for authentication, and if the login is successful, shows something similar to:
The default web browser has been opened at https://login.microsoftonline.com/common/oauth2/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`.
You have logged in. Now let us find all the subscriptions to which you have access...
[
{
"cloudName": "AzureCloud",
"homeTenantId": "55555555-9999-4444-bbbb-aaaaaaaaaaaa",
"id": "99999999-9999-9999-9999-999999999999",
"isDefault": true,
"managedByTenants": [],
"name": "example.example.az(Converted to EA)",
"state": "Enabled",
"tenantId": "53ad779a-93e7-485c-ba20-ac8290d7252b",
"tenantId": <same-as-homeTenantId>,
"user": {
"name": "some.user@example.com",
"type": "user"
}
}
]
To avoid starting a browser for authentication [...]. TODO: https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli#sign-in-with-a-service-principal
Login Status and Account Information
az account list
Set Current Subscription
SUBSCRIPTION_ID=...
az account set --subscription ${SUBSCRIPTION_ID}
Role Operations
Assign a Role
az role assignment create –-role Contributor -–assignee <service-principal-id> -g <service-principal-resource-group>