I'm looking for a way to find all the rights that have set within Azure for a specific SPN.
I'd like to have either through the GUI/AZ CLI/Powershell/Graph explorer a single result with all the rights set for this SPN.
Is it possible ?
Thanks in advance.
I have tried many things but couldn't find anything so far.
Related
Suggest any azure service which
can connect customer azure active directory
can query customer azure active directory
keep my application azure active directory in sync with any future change (add/remove user) on customer azure active directory ?
Service to connect/query Azure AD : Microsoft Graph API can help you query Azure AD
Sync changes between two different Azure AD tenants: AFAIK there isn't any service that will do this for you, you need to write something custom yourself that can make use of Microsoft Graph API
Notification on changes: Microsoft Graph API supports change notifications for some scenarios.. User and Group resource types are supported.. see if this covers what you're looking for Use the Microsoft Graph API to get change notifications
Incremental changes: Microsoft Graph API also supports delta queries for some operations, which could help in figuring out incremental changes.
Authentication: Most probably client credentials grant flow using Application permissions, with a daemon app would make sense for such scenario. Although, this is something you'll need to decide based on how you finally implement.
Permissions required: Microsoft Graph API permissions reference
Function or WebJob or something else: it's a little subjective I guess. I don't have a clear single recommendation. WebJob might be better if it turns out to be long running, but I'm not sure. You may need a separate question or find some already answered good questions about this.
In response to Rohit's answer: -
I agree there isn't any Microsoft service as of now that sync changes between two different Azure AD tenants.
Not here to brag or promote but to give a direction, the company where I work has a product which solves exactly this problem and we have few customers who are using it to keep their partner tenants in sync. In case you are looking for a pre-made product feel free to reach out to me.
Other wise if you need any help on creating your own then what Rohit mentioned are quite good steps to follow, if you still need help with that direction let me know.
Does anyone know where I can find my Azure Active Directory Graph Client ID in Azure?
I have searched everywhere within Azure itself and still no luck. Or if anyone know the powershell command to get the information?
Hopefully someone could point me in the right direction.
Many thanks.
You also could get it on Azure Portal.
You could register a new application using the Azure portal, more information about this please refer to this link.
Client Id is your app's application id.
You also need grant Graph permission to your app, you also could check the link I provided.
No worries I managed to find it. Had to create B2C tenant through the use of powershell using this link:
https://github.com/blumu/azure-content/blob/master/articles/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.md#register-a-service-application-in-your-tenant
From there it will generate your Client ID. Ensure to make a copy and paste it somewhere for future use.
I was going through the Powershell support to the Azure, and while looking into the cmdlets provided by Azure PowerShell i did not found any reference for the command by which i can create new directory under my subscription.
May be I am missing something.
Can anyone tell me the exact way to achieve this programmatically (using pwoershell)?
Thanks.
We do not expose the ability to create new directories via our REST APIs or PowerShell Module.
I believe this ability is only available through our Portals, in a non-automated fashion.
Can you go into more details about your scenario, where you would need to create multiple directories in an automated fashion?
I've created several Apps in Azure Active Directory and some of them I don't need anymore. I want to remove them but the remove icon at the bottom is greyed out.
Does anyone know what the reason for this could be or if there is another way to remove the Apps I don't need?
If the applications are multi tenant, first thing you would need to do is to change that so that they are not multi tenant. Then you should be able to remove the applications from your Azure AD.
This helped me when I had similar problems, check it out:
https://samlman.wordpress.com/2015/02/27/how-to-delete-an-app-you-consented-to-in-azure-ad/
We're using Azure to maintain our development and QA servers.
One of the needs we have now, is to provide our QA members access to update web.config file on the server, which can be achieved via Visual Studio Server's Explorer (with the right configuration).
The problem is that you need a user with a subscription as a co-administrator within Azure (at least as far as I managed to understand), but obviously we'd like to allow our QA members only to maintain the files, with limited access via Visual Studio.
Is there any way to do it?
Following Brendan advice, I've granted the QA members FTP access. This should do the job for now, until Microsoft will come up with something better :)
Thanks Brendan!