Catégorie : Divers

20 mai 2021

Disable SAS Key for a Storage Account

Hi,

In this article, I will show you how can disable the SAS Key feature for a Storage Account. When you disallow Shared Key authorization for a storage account, requests from clients that are using the account access keys for Shared Key authorization will fail.

When you are confident that you can safely reject requests that are authorized with Shared Key, you can set the AllowSharedKeyAccess property for the storage account to false.

The AllowSharedKeyAccess property is not set by default and does not return a value until you explicitly set it. The storage account permits requests that are authorized with Shared Key when the property value is null or when it is true.

Azure CLI:

az storage account update \
     --name  \
     --resource-group  \
     --allow-shared-key-access false

Azure Portal:

To check the Shared Key access setting across a set of storage accounts with optimal performance, you can use the Azure Resource Graph Explorer in the Azure portal.

resources 
| where type =~ 'Microsoft.Storage/storageAccounts' 
| extend allowSharedKeyAccess = parse_json(properties).allowSharedKeyAccess 
| project subscriptionId, resourceGroup, name, allowSharedKeyAccess

Maxime.

12 mai 202127 février 2022

AAD | Enabled or not?

Hi,

In this article, I will show you how you can check if an organization uses Azure Activity Directory.

https://login.microsoftonline.com/getuserrealm.srf?login=username@target.onmicrosoft.com&xml=1

In this previous request, you need to replace « target » by the name of the company.

Example with Azure AD enabled:

Example with Azure AD not enabled:

Maxime.

27 avril 202130 avril 2021

Azure Cloud Shell | Extract Access token

Hi,

Access tokens are used in token-based authentication to allow an application to access an API. The application receives an access token after a user successfully authenticates and authorizes access, then passes the access token as a credential when it calls the target API. The passed token informs the API that the bearer of the token has been authorized to access the API and perform specific actions specified by the scope that was granted during authorization. The Microsoft identity platform uses a variety of access token formats depending on the configuration of the API that accepts the token.

In this article, I will show you how you can extract the access token used in Cloud Shell.

curl http://localhost:50342/oauth2/token --data "resource=https://management.azure.com/" -H Metadata:true -s | jq -r ".access_token"

Now you can use this access token in a bash script to call the Azure API:

#!/bin/bash
subscription='put your Azure subscription ID here'
apiversion='2019-03-01'
authtoken=`curl http://localhost:50342/oauth2/token --data "resource=https://management.azure.com/" -H Metadata:true -s | jq -r .access_token`
curl -H "Authorization: Bearer $authtoken" -X GET "https://management.azure.com/subscriptions/$subscription/resourceGroups?api-version=$apiversion" | jq

Maxime.