I need to use REST APIs to create, publish and assign Azure Blueprints on a Subscription level. I went through the documentation
https://learn.microsoft.com/en-us/azure/governance/blueprints/create-blueprint-rest-api#:~:text=as%20v20180622%2D135541.-,Assign%20a%20blueprint,be%20assigned%20to%20that%20subscription.
This documentation only has APIs to create, publish and assign from Management Group level. I however changed the API calls from
PUT https://management.azure.com/providers/Microsoft.Management/managementGroups/{YourMG}/providers/Microsoft.Blueprint/blueprints/MyBlueprint?api-version=2018-11-01-preview
to
PUT https://management.azure.com/subscriptions/{{subscriptionId}}/providers/Microsoft.Blueprint/blueprints/MyBlueprint?api-version=2018-11-01-preview
and it worked fine. I could even create artifacts using a similar way, but I'm not able to run assign command. I get 403 Forbidden The problem is, since blueprint is already defined at Subscription level, there is some change in the assign request too. Can anyone please help? Thanks
Related
I am working on an automation to remove devices from InTune and Azure for single users when the laptop or device is being retired. I am trying to make DELETE requests via the graph API to remove the device from AutoPilot, InTune, and Azure Active Directory (AAD).
Currently, this is working for everything except AAD. I am attempting to use the API: https://graph.microsoft.com/beta/admin/windows/updates/updatableAssets based on information from https://learn.microsoft.com/en-us/graph/api/windowsupdates-updatableasset-delete?view=graph-rest-beta&tabs=http.
There doesn't seem to be an equivalent that I can find outside of beta. I am able to make a GET request to list items but trying to retrieve or delete a single item keeps giving me a 404.
Does anyone have any solutions for removing an Azure AD Device via API?
Have to tried Version selector as shown in the MSDN?
although i don't have similar scenario to test, but URl might be like
https://graph.microsoft.com/v1.0/admin/windows/updates/updatableAssets/{updatableAssetId}
One more way, if you have the option of using GraphServiceClient, then you can use this
https://learn.microsoft.com/en-us/graph/api/windowsupdates-updatableasset-delete?view=graph-rest-beta&tabs=csharp
Best part of the GraphServiceClient is default it will prepare a General Release version Api to call.
MSDN:-Microsoft Graph SDKs use the v1.0 version of the API by default, and do not support all the types, properties, and APIs available in the beta version
Please check at your end, if the GA is providing the operation you are looking for.
I have tried to set up this repo: https://github.com/xtreamsrl/clockify-nlp-bot but for different reasons, this seemed to be too complex for me to start. So I have decided to follow this tutorial: https://learn.microsoft.com/en-us/azure/bot-service/abs-quickstart?view=azure-bot-service-4.0&tabs=userassigned
Now there is a problem when I create the bot. If I follow the guide 1:1 my bot isn't starting as expected. I always get the following message:
Unfortunately, nearly every tutorial you can find on youtube uses the deprecated "Web app bot" service instead of the "Azure bot".
Do you have an idea what is going wrong there? Or how to further troubleshoot? Thanks.
The issue seems related to permissions. Probably you don't have required permission to deploy the resources.
If you are deploying resource as Azure AD user or group member, make sure you have relevant permissions. Make sure you have required permission at Subscription level and resource group level.
For me it deployed successfully.
I have an Azure webapp and normally if I want to block an IP address, I go to Azure dashboard panel and under networking>Configure Access Restrictions, I add a rule to do so. This picture shows which menu item I mean:
However, I would like to do this programmatically. I see that the documentation shows how you can do this through Powershell.
I have also managed to find the API documentation for WebApp. But I can't find the last piece of the puzzle which is the API that does what I need.
Can someone please tell me if it is possible and which API I should use? Thank you in advance.
According to the doc: Use an Azure REST API PUT operation on the app configuration in Azure Resource Manager. The location for this information in Azure Resource Manager is:
management.azure.com/subscriptions/subscription ID/resourceGroups/resource groups/providers/Microsoft.Web/sites/web app name/config/web?api-version=2020-06-01
Then I searched the Azure Rest API and found this:
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/config/web?api-version=2019-08-01
We could update the field properties.ipSecurityRestrictions to update the value of Access Restrictions.
In addition, you could also check this blog: Bulk add IP Access Restrictions to Azure App Service using Az PowerShell
There does not appear to be a one-to-one match between powershell commands and api.
The closest I could find is:
https://learn.microsoft.com/en-us/rest/api/appservice/webapps/putprivateaccessvnet
This allows you to define which vnet has access to your web app. By controlling access to your vnet, you can control access to your app.
I have been looking at this issue for days and I know from experience that I usually work these things out but this time I have hit a brick wall.
Scenario
I have a python app that gets instantiated inside an Azure DevOps YAML pipeline.
The app calls the Azure DevOps REST API to create a repository
The app uses a PAT (personal access token) to authenticate
Firstly issue is, a personal access token is connected to me as a human user. If I leave the company the PAT will be revoked which is not good for an app that needs to run in a non-user context.
So now I want to setup my Python app to authenticate to the Azure DevOps REST API using client credentials flow.
My issue is, I can't find consistent information about this.
I have created an app in Azure DevOps:
My plan would be to get this all working in Postman and then port my finding to Python code.
So really, I am looking for help with the setup I do in Postman and I can work the rest out myself in Python.
Many posts talk about Azure DevOps and Azure AAD (Azure Active Directory) together but, seeing as I create my app registration in Azure DevOps, as shown in the picture, I don't see why I would do anything in AAD.
(Note, my Azure DevOps instance was created outside Azure. Azure knows nothing about my Azure DevOps instance)
Any pointers to the CORRECT information about how to do this would be good. And remember, I definitely need the client credentials type flow. There is no human interaction between my app and the Azure DevOps REST API.
Update
Here is what I have in Postman right now:
Note:
You can see the check boxes which I am using to toggle application/x-www-form-urlencoded key / value pairs on and off
the resource - 499b84ac-1321-427f-aa17-267ca6975798 is apparently the GUID for Azure DevOps and doesn't change
If I look inside the HTML from the 500 error I see this: Could not find partition for hostId: 499b84ac-1321-427f-aa17-267ca6975798 which is the DevOps resource GUID mentioned above.
And here is the 500 error I get from Azure Devops:
It's all very confusing but I am sure I just need to tweak one or two things to get it working.
I want to use client_credential flow in Azure DevOps for the same reasons as you! Last time I spoke to support they told me it was planned for Q3 2020. Reviewing the roadmap I can't see it on there at the moment. I also couldn't see any feature requests currently raised on Dev Community so you could consider trying to raise the profile of this issue on there.
Scenario:
One team had built one application, and application is running on azure.
maintenance is taken care by same team, we don't want to give full access of production instance to developer team, but want to give read permission, like - monitoring of logs, cpu usages etc.
Solution according to me is build an application which will get dashboard data and log data from azure via api and that data will be displayed to development team.
I am referring these 2 links
https://msdn.microsoft.com/en-us/library/azure/dn722415.aspx
https://azure.microsoft.com/en-in/documentation/articles/api-management-get-started/
Question:
Still I am not able to find api which will give the dashboard data. if anyone know api for the same, please help.
Is there any alternative solution for this scenario.
If you deploy your app using the new Azure Resource Manager mode, it provides a Role Based Access Control to your resources. You can deploy your app inside a Resource Group and provide read access to your developers. They will be able to view the information about the services that your app are made of but without the option to change anything.
This session from Build 2015 can help you to understand what ARM is and what you can do with it: https://channel9.msdn.com/Events/Build/2015/2-659