Showing posts with label az cli. Show all posts
Showing posts with label az cli. Show all posts

Thursday, December 03, 2020

Hiding Azure Enterprise App from users using az cli or PowerShell

Toggling "Visible to users" setting on portal adds / removes tag called HideApp.

Hide app:
~$ az ad sp update --id f5f6ecff-8661-4726-a83f-8e7db8aa068f --add tags "HideApp"

"Unhide" app:
~$ az ad sp show --id f5f6ecff-8661-4726-a83f-8e7db8aa068f --query tags
[
  "HideApp",
  "WindowsAzureActiveDirectoryIntegratedApp"
]

~$ az ad sp update --id f5f6ecff-8661-4726-a83f-8e7db8aa068f --remove tags 0
[
  "WindowsAzureActiveDirectoryIntegratedApp"
]


For PowerShell example see https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/hide-application-from-user-portal .



Thursday, November 12, 2020

How to get list of Azure service tags and IP ranges using az cli

Microsoft provides weekly updated list of IP addresses used by various Azure features as downloadable JSON file on their webpage. Automating download of it is however not supported and prone to breakage.

Same information is now also available via Azure Service Tag Discovery API. New API is still in public preview state and list of IPs it provides is far less than downloadble file contains. So either list of IPs from API is tailored for your particular subscription or it is incomplete.

Discovery API requires authenticated session to Azure so we need to create service principal and custom RBAC role to keep things secure. See you for more after the break.