az-cli

Login and Connect

az login -u [email protected] -p ItW!llN0tAnEasyPassw0rdY0UCantGu3ss1t
 
# search for popular commands
az find "vm"

Getting Access Tokens

az account get-access-token
 
# also look in c:\users\*\.Azure\accessToken.json
# also look in c:\users\*\.Azure\azureProfile.json

Enumeration using az-cli

Tenant and Session Details

az account tenant list
az account subscription list
az ad signed-in-user show

Listing Users and Roles

az ad user list --output table
az ad user list --query '[].[userPrincipalName, displayName]' --output table
az ad user show --id [email protected]
 
# search for 'admin' users
az ad user list --query "[?contains(displayName, 'admin')].displayName"
az ad user list | ConvertFrom-Json | %{$_.displayName -match "admin" }
 
# list on-prem users
az ad user list --query "[?onPremisesSecurityIdentifier!=null].displayName"
 
# list groups
az ad group list
az ad group show -g "VM Admins"
 
# get group members
az ad group member list -g "VM admins" --query "[].[displayName]"
az ad group member check --group "VM Admins" --member-id uuid
az group get-member-groups -g "VM Admins"

Listing Resources

az vm list
az vm list --query "[].[name]" -o table
az webapp list
az functionapp list
az functionapp list --query "[].{hostName: defaultHostName, state: state}" -o table
az storage account list
az keyvault list
az automation account list

Listing Applications / Service-Principals

# show app registration
az ad app list
az ad app owner list --id appid
az ad app list --query "[?passwordCredentials != null].displayName"
az ad app list --query "[?keyCredentials != null].displayName"
 
# show service principals (enterprise apps)
az ad sp list --all
az ad sp owner list -all
az ad sp list --show-mine
az ad sp list --query "[?passwordCredentials != null].displayName"
az ad sp list --query "[?keyCredentials != null].displayName"