miniguide

Azure Auth & AuthZ Cheatsheet: Manage Authentication and Authorization

Introduction

This cheatsheet provides commands to manage authentication and authorization in Azure. It covers role assignments, identity provider configurations, and security policies. Designed for DevOps, it assists in creation, management, and troubleshooting of Azure AUTH and AUTHZ.

Table of Contents

• Azure Auth \& AuthZ Cheatsheet: Manage Authentication and Authorization
  • Introduction
  • Table of Contents
    • 1. List Current User Roles
    • 2. Assign Role to User
    • 3. Remove Role from User
    • 4. List Role Assignments
    • 5. Configure Conditional Access
    • 6. Get Azure AD Policies
    • 7. Create Custom Role
    • 8. Update Custom Role
    • 9. Delete Custom Role
    • 10. Audit Auth Events

1. List Current User Roles

az role assignment list --assignee $(az ad signed-in-user show --query objectId -o tsv) --output table

2. Assign Role to User

az role assignment create --assignee <userId> --role Contributor --scope /subscriptions/<subscriptionId>

3. Remove Role from User

az role assignment delete --assignee <userId> --role Contributor --scope /subscriptions/<subscriptionId>

4. List Role Assignments

az role assignment list --output table

5. Configure Conditional Access

Note: Conditional Access policies are mostly configured via portal, but you can export/import policies.

az rest --method GET --uri "https://graph.microsoft.com/v1.0/identity/conditionalAccess/policies"

6. Get Azure AD Policies

az ad policy list --output table

7. Create Custom Role

az role definition create --role-definition @custom-role.json

8. Update Custom Role

az role definition update --role-definition @updated-role.json

9. Delete Custom Role

az role definition delete --name <roleName>

10. Audit Auth Events

az monitor activity-log list --resource-group <rg> --query "[?contains(operationName.value, 'SignIn')]" --output table