Does anyone know where I can find my Azure Active Directory Graph Client ID in Azure?
I have searched everywhere within Azure itself and still no luck. Or if anyone know the powershell command to get the information?
Hopefully someone could point me in the right direction.
Many thanks.
You also could get it on Azure Portal.
You could register a new application using the Azure portal, more information about this please refer to this link.
Client Id is your app's application id.
You also need grant Graph permission to your app, you also could check the link I provided.
No worries I managed to find it. Had to create B2C tenant through the use of powershell using this link:
https://github.com/blumu/azure-content/blob/master/articles/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.md#register-a-service-application-in-your-tenant
From there it will generate your Client ID. Ensure to make a copy and paste it somewhere for future use.
Related
I have an Azure webapp and normally if I want to block an IP address, I go to Azure dashboard panel and under networking>Configure Access Restrictions, I add a rule to do so. This picture shows which menu item I mean:
However, I would like to do this programmatically. I see that the documentation shows how you can do this through Powershell.
I have also managed to find the API documentation for WebApp. But I can't find the last piece of the puzzle which is the API that does what I need.
Can someone please tell me if it is possible and which API I should use? Thank you in advance.
According to the doc: Use an Azure REST API PUT operation on the app configuration in Azure Resource Manager. The location for this information in Azure Resource Manager is:
management.azure.com/subscriptions/subscription ID/resourceGroups/resource groups/providers/Microsoft.Web/sites/web app name/config/web?api-version=2020-06-01
Then I searched the Azure Rest API and found this:
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/config/web?api-version=2019-08-01
We could update the field properties.ipSecurityRestrictions to update the value of Access Restrictions.
In addition, you could also check this blog: Bulk add IP Access Restrictions to Azure App Service using Az PowerShell
There does not appear to be a one-to-one match between powershell commands and api.
The closest I could find is:
https://learn.microsoft.com/en-us/rest/api/appservice/webapps/putprivateaccessvnet
This allows you to define which vnet has access to your web app. By controlling access to your vnet, you can control access to your app.
Suggest any azure service which
can connect customer azure active directory
can query customer azure active directory
keep my application azure active directory in sync with any future change (add/remove user) on customer azure active directory ?
Service to connect/query Azure AD : Microsoft Graph API can help you query Azure AD
Sync changes between two different Azure AD tenants: AFAIK there isn't any service that will do this for you, you need to write something custom yourself that can make use of Microsoft Graph API
Notification on changes: Microsoft Graph API supports change notifications for some scenarios.. User and Group resource types are supported.. see if this covers what you're looking for Use the Microsoft Graph API to get change notifications
Incremental changes: Microsoft Graph API also supports delta queries for some operations, which could help in figuring out incremental changes.
Authentication: Most probably client credentials grant flow using Application permissions, with a daemon app would make sense for such scenario. Although, this is something you'll need to decide based on how you finally implement.
Permissions required: Microsoft Graph API permissions reference
Function or WebJob or something else: it's a little subjective I guess. I don't have a clear single recommendation. WebJob might be better if it turns out to be long running, but I'm not sure. You may need a separate question or find some already answered good questions about this.
In response to Rohit's answer: -
I agree there isn't any Microsoft service as of now that sync changes between two different Azure AD tenants.
Not here to brag or promote but to give a direction, the company where I work has a product which solves exactly this problem and we have few customers who are using it to keep their partner tenants in sync. In case you are looking for a pre-made product feel free to reach out to me.
Other wise if you need any help on creating your own then what Rohit mentioned are quite good steps to follow, if you still need help with that direction let me know.
Since yesterday I can't add and application to my tenant or look at the properties of an already added application.
Also if I try to delete the directory I can't because it says I have to delete all the applications in the directory first, when I click to view the applications.... there are none...
Is there a problem going on with the service? Is there somewhere else I can find about this?
#Martin. It was a service issue. You can use B2C service blog
https://blogs.msdn.microsoft.com/azureadb2c/2018/11/28/investigating-administrators-are-unable-to-create-new-b2c-applications-or-modify-the-permissions-for-existing-b2c-applications/
Please confirm the issue was fixed for you.
For user who has access to multiple directories (see screen shot below)
For azure web app I can generate link like below:
https://ms.portal.azure.com/#resource/{resourceId}/DeploymentSource
If the resource is in my default Directory, I can paste the link to the browser and it will open the right blade.
If I paste a link to a resource that is not in the default directory for the user, then I get the following:
However, If I first got to the root of portal.azure.com and switch directory to the targt webapp, then paste the link to the blade, then it works.
Is this possible to tell azure portal to switch directory based on the resource in question. Btw, this is for code that we are writing that is running outside the azure portal hosting frame (hence the desire to open specific blade for a given web app)
Thanks
This is now possible by adding #directory-domain.com/ after the hash. For example, https://portal.azure.com/#resource/{resourceId}/DeploymentSource under a directory with the stackoverflow.com domain becomes https://portal.azure.com/##stackoverflow.com/resource/{resourceId}/DeploymentSource.
Unfortunately, Azure does not support this at this time.
You could give your feedback to this link, all of the feedback you share in this link will be monitored and reviewed by the Microsoft engineering teams.
Also I have vote this feedback. Your understanding and support will be highly appreciated.
I have recently updated my azure subscription and after that I am unable to see my content or resources on the Azure portal and unable to download the publish profile.
So please help me to find the latest subscription in the new azure portal.
From the top right end, you will have your profile. There you will be able to see the Active Directories available for you. Click on that and it will show a page containing info on "Directories+ Subscriptions". In case you are not able to see the respective subscription in any of those directories, it is requested to raise a Support ticket in the portal itself.
You should ask azure support to help you with this. They can see what you have registered in the portal and if something when wrong. One thing you can try is to open the portal in a private browser session to see if anything is cached or not.