Azure Security Operations

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Internal

Account Operations

Login

https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli
az login

The command starts a browser for authentication, and if the login is successful, shows something similar to: 

The default web browser has been opened at https://login.microsoftonline.com/common/oauth2/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`.
You have logged in. Now let us find all the subscriptions to which you have access...
[
  {
    "cloudName": "AzureCloud",
    "homeTenantId": "55555555-9999-4444-bbbb-aaaaaaaaaaaa",
    "id": "99999999-9999-9999-9999-999999999999",
    "isDefault": true,
    "managedByTenants": [],
    "name": "example.example.az(Converted to EA)",
    "state": "Enabled",
    "tenantId": "53ad779a-93e7-485c-ba20-ac8290d7252b",
    "tenantId": <same-as-homeTenantId>,
    "user": {
      "name": "some.user@example.com",
      "type": "user"
    }
  }
]

To avoid starting a browser for authentication [...]. TODO: https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli#sign-in-with-a-service-principal

Login Status and Account Information

az account list

Set Current Subscription

SUBSCRIPTION_ID=...
az account set --subscription ${SUBSCRIPTION_ID}

Role Operations

Assign a Role

az role assignment create –-role Contributor -–assignee <service-principal-id> -g <service-principal-resource-group>
Retrieved from "https://kb.novaordis.com/index.php?title=Azure_Security_Operations&oldid=77634"