Az Powershell Module
Installation
Install-Module Az
# search for commands
Get-Command *azad*
Get-Command *azvm*
Get-Command -Noun *vm* -Verb GetLogin and Connect
Normal User-Account
# use credentials
$pass = ConvertTo-SecureString '<PASSWORD>' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("<UserPrincipalName>", $pass)
# or interactively ask for credentials
$creds = Get-Credential
# finally connect
Connect-AzAccount -Credential $credsservice principal login
$pass = ConvertTo-SecureString '<SECRET>' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("<CLIENTID>", $pass)
Connect-AzAccount -Credential $cred -ServicePrincipal -Tenant "<TENANTID>"access token
Connect-AzAccount -AccessToken 'eyJ0. . .' -AccountId '<ANYNAME>'List and Disconnect
# get some basic connection information
Get-AzContext
Get-AzContext -ListAvailable # context of not disconnected users can also be used
Get-AzSubscription
# disconnect
Disconnect-AzAccountGet Access/Graph Token
$accessToken = (Get-AzAccessToken).Token
$graphToken = (Get-AzAccessToken -ResourceTypeName MSGraph).Token
(Get-AzAccessToken -ResourceTypeName "https://graph.microsoft.com").Token
Connect-AzAccount -AccountId [email protected] -AccessToken $accessToken -MicrosoftGraphToken $graphToken From az to azuread
az account get-access-token --resource-type aad-graph
Connect-AzureAD -AccountId $accountid -AadAccessToken $token -TenantId $tenantidEnumerate using Az Module
Users and Roles
Get-AzADUser (-UserPrincipalName [email protected])
Get-AzADUser -SearchString "admin" # again begins-with, wildcard not supported
Get-AzADGroupMember -ObjectId uuid
# get roles of a user
Get-AzRoleAssignment (-SignInName [email protected])list resources
# Get Resources
Get-AzResource
# Get Role Assignments
Get-AzRoleAssignment -SignInName [email protected]
# Special Types of Resources
Get-AzVM
Get-AzWebApp
Get-AzWebApp | ?{$_.Kind -notmatch "functionapp"}
Get-AzFunctionApp
Get-AzKeyVault
# Automation Account / Hybrid Workers
Get-AzAutomationHybridWorkerGroup -AutomationAccountName <name> -ResourceGroupName <name>You can add and execute new automation worker tasks:
Import-AzAutomationRunbook -name <name> -type PowerShell -Path <path to script> -AutomationAccountName <name> -ResourceGroupName <rgn> -Force -Verbose
Public-AzAutomationRunbook ..
Start-AzAutomationRunbookYou can also start commands on VM:
Invoke-AzVmRunCommand -vmname <name> -ResourceGroupName <rcg> -Command 'RunPowerShellScript' -ScriptPath 'c:\azad\..\script.ps1'You can enumerate KeyVaults (but note, that you might need a special KeyVault-Token for that):
Get-AzKeyVault
Get-AzKeyVaultSecretResources
# Get Resources
Get-AzResource
# Get Role Assignments
Get-AzRoleAssignment -SignInName [email protected]
# Special Types of Resources
Get-AzVM
Get-AzWebApp
Get-AzWebApp | ?{$_.Kind -notmatch "functionapp"}
Get-AzFunctionApp
Get-AzKeyVault
# Automation Account / Hybrid Workers
Get-AzAutomationHybridWorkerGroup -AutomationAccountName <name> -ResourceGroupName <name>Also check resource groups and deployments
Get-AzResourceGroup
Get-AzResoureGroupDeployment -ResourceGroupName <rgn>
Save-AzResourceGroupTemplateYou can set a new Azure VM Extension too:
Set-AzVMExtension # use this to add new usersApplications
Get-AzADApplication | ?{$_.DisplayName match "app"}
Get-AzADApplication | %{if(Get-AyADAppCredential -ObjectId $_.ObjectId){$_}}
Get-AzAdAppCredential
Get-AzADServicePrincipal
Get-AzWebApp | ?{$_.Kind -notmatch "functionapp"}
Get-AzWebApp -Name vaultfrontend | select -ExpandProperty identity
Get-AzFunctionApp