Catégorie : Divers

AAD | Enabled or not?

Hi,

In this article, I will show you how you can check if an organization uses Azure Activity Directory.

https://login.microsoftonline.com/getuserrealm.srf?login=username@target.onmicrosoft.com&xml=1

In this previous request, you need to replace « target » by the name of the company.

Example with Azure AD enabled:

Example with Azure AD not enabled:

Maxime.

Azure Cloud Shell | Extract Access token

Hi,

Access tokens are used in token-based authentication to allow an application to access an API. The application receives an access token after a user successfully authenticates and authorizes access, then passes the access token as a credential when it calls the target API. The passed token informs the API that the bearer of the token has been authorized to access the API and perform specific actions specified by the scope that was granted during authorization. The Microsoft identity platform uses a variety of access token formats depending on the configuration of the API that accepts the token.

In this article, I will show you how you can extract the access token used in Cloud Shell.

curl http://localhost:50342/oauth2/token --data "resource=https://management.azure.com/" -H Metadata:true -s | jq -r ".access_token"

Now you can use this access token in a bash script to call the Azure API:

#!/bin/bash
subscription='put your Azure subscription ID here'
apiversion='2019-03-01'
authtoken=`curl http://localhost:50342/oauth2/token --data "resource=https://management.azure.com/" -H Metadata:true -s | jq -r .access_token`
curl -H "Authorization: Bearer $authtoken" -X GET "https://management.azure.com/subscriptions/$subscription/resourceGroups?api-version=$apiversion" | jq

Maxime.