Posts

Documenting Azure resources access (AIM)

Image
There are many situations when you want to know the access structure for all your Azure resources. Examples could be: Documentation Cleaning out permission given to individuals instead of groups Safe screening (groups/individuals that should not have access) Deleted identities still visible in the AIM list Preparing for features like Privileged identity management (PIM) Comparing changes in access since the last audit Etc  And the portal built in GUI works but is not particularly flexible or easy to use when you have multiple subscriptions

Change owner for App registration and Enterprise Apps in Azure

Image
 I got a long list of Azure AD App Registration/Enterprise Apps that needed to get a new owner. This is a quite common task since the original owner might have quit or changed role.  So knowing that this is a task that might appear every now and then I wrote two short and quick PowerShell script to fix this. One for App registration and one for Enterprise Apps, you can, of course, combine them and add lots of error checks and so on but I like KISS

PowerShell script to get some AzureAD logins stats

Image
 The information you get in the Azure portal about logins are decent, but some time you need some statistic or insight fast and don't want to use the graphic interface or down load csv/json files. I have created som script and favourite lines and uploaded it to my Github repo

Unused Azure AD Connect accounts "On-Premises Directory Synchronization Service Account"

Image
Playing with #Azure Privileged Identity Management‎ made me aware of two active accounts from old or failed AAD connector installations from way back. And we don't want to leave something with that potential for misusage laying available in our AAD. 

Requesting access with Azure AD Privileged Identity Management from PowerShell

Image
Using Azure AD Privileged Identity Management (PIM for short) as a method to control access to Azure resource are nice security feature. It makes it more trackable and gives the granted roles for a defined time period.  You can add approval as a necessary add-on security feature, use MFA or other adjustments. Read more about PIM here. BUT! it can also feel like a pain in the... if you use it a lot. So I created a small and simple PowerShell script to request the access for me.

Finding empty resource groups in Azure

Image
Not easy to have control over your Azure resource groups, but maybe find all those whiteout any content could help? I have created a PowerShell script helping me in my environment. Should be easy to adjust it to different needs. Got valuable help from VidarW

Cheat for PowerShell connecting to remote machine

Yes I know, it's quite easy to connect against a remote machine to run PowerShell. But I am not doing it on a regular basis so I always forget: Enter-PSSession -ComputerName COMPUTER -Credential USER