Azure Sentinel- Most common Use cases deployment

 Ready to go . Just import them, configure any additional permissions needed. Take advantage of Azure Sentinel right now.

Disable Users from OnPrem Active Directory:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Block-OnPremADUser

Block Azure AD Users:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Block-AADUser

Integrate Azure Sentinel alerts with Service Now:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Close-SentinelIncident-fromSNOW

Add Comments (Guidelines) on Incidents:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Comment-RemediationSteps

Confirm Risks for Azure Active Directory Users:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Confirm-AADRiskyUser

Collect Threat Vulnerability Management report from compromised Machine:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Enrich-SentinelIncident-MDATPTVM

Send all details (Machine Vulnerabilities, Missing KBs, Security Recommendations, Alerts, Software Inventory) from a compromised Machine and send it via Teams:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Get-MachineData-EDR-SOAR-ActionsOnMachine

Send scheduled report focused on Cost Management:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Send-IngestionCostAlert

Start Packet Capture from a compromised Machine:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Run-AzureVMPacketCapture

Send scheduled report focused on Connector Heath:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Send-ConnectorHealthStatus

Restrict App Execution in a compromised Machine:

https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Restrict-MDATPAppExectution

Backup objects into another vault in another subscription

 How to: Backup objects into another vault in another subscription

In this section, I'm getting the secret values and saving them into another vault directly. We want to do this without touching any disk files.

With this approach, we're simply fetching all secrets from Vault1 in Subscription1, and saving them to Vault2 in Subscription2. However, remember that the secrets we fetch now are not encrypted to your subscription, hence it's not a good idea to persist them in memory, sessions or disk. Here I'm not saving it to any variables.

Make sure you have installed Azure CLI for windows in order to run the below script.

Param(

    [parameter(mandatory)] [string] $sourceVaultName,

    [parameter(mandatory)] [string] $sourceSubscriptionId,

    [parameter(mandatory)] [string] $destinationVaultName,

    [parameter(mandatory)] [string] $destinationSubscriptionId,

    [string] $destinationSecretsDisable = $true

)

# 1. Set the source subscription id. 

Write-Host "Setting origin subscription to: $($sourceSubscriptionId)..."

az account set -s $sourceSubscriptionId

# 1.1 Get all secrets

Write-Host "Listing all origin secrets from vault: $($sourceVaultName)"

$originSecretKeys = az keyvault secret list --vault-name $sourceVaultName  -o json --query "[].name"  | ConvertFrom-Json

# 1.3 Loop the secrets, and push the value to the destination vault without instantiating new variables.

$originSecretKeys | ForEach-Object {

    $secretName = $_

    Write-Host " - Getting '$($secretName)' from origin, and setting in destination..."

    az keyvault secret set --name $secretName --vault-name $destinationVaultName -o none --value(az keyvault secret show --name $secretName --vault-name $sourceVaultName -o json --query "value")

}

Write-Host "Secrets restored."

You can call the above script as mentioned below

.\CopySecretsToAnotherVault.ps1 -originVault "vault1-name" -originSubscriptionId "SUBSCRIPTION GUID" -destinationVault "vault2-name" -destinationSubscriptionId "SUBSCRIPTION GUID"

Passing Keyvault certificates to Virtual Machine deployment using ARM template

 

Referencing certificate from keyvault in an ARM template

You need to make sure all parameters are passed

"virtualMachineProfile": {

          "osProfile": {

            "computerNamePrefix": "[variables('compnamepref')]",

            "adminUsername": "[variables('adminUPN')]",

            "adminPassword": "[variables('adminpswd')]",

            "windowsConfiguration": {

              "provisionVMAgent": true,

              "enableAutomaticUpdates": false

            },

            "secrets": [

              {

                "sourceVault": {

                  "id": "[resourceId(parameters('RG'), 'Microsoft.KeyVault/vaults', parameters('vaultName'))]"

                },

                "vaultCertificates": [

                  {

                    "certificateUrl": "[parameters('Cert1')]",

                    "certificateStore": "My"

                  },

                  {

                    "certificateUrl": "[parameters('Cert2')]",

                    "certificateStore": "My"

                  }

                ]

              }

            ]

Purging a soft deleted Azure APIM - API Management

 First you need to run the below script to get all soft deleted apims so that the details can be passed to the delete method which we will run after this. The output printed on powershell window is trimmed and hence I'm writing the response to an output file.

#GET Request- To list all soft deleted apims in a specific subscription

$token = Get-AzAccessToken

$request = @{

    Method = 'GET'

    Uri    = "https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.ApiManagement/deletedservices?api-version=2020-06-01-preview"

    Headers = @{

        Authorization = "Bearer $($token.Token)"

    }

}

Invoke-RestMethod @request  -OutFile c:\apimoutput.txt

#DELETE Request- This will purge the soft deleted apim 

$token = Get-AzAccessToken

$request = @{

    Method = 'DELETE'

    Uri    = "https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.ApiManagement/locations/{Location}/deletedservices/{APIMName}?api-version=2020-06-01-preview"

    Headers = @{

        Authorization = "Bearer $($token.Token)"

    }

}

Invoke-RestMethod @request

Version an API in Azure API Management using Azure Resource Manager

When creating a new API in an Azure API Management Service using the portal, you can specify whether you would like the API to be versioned

To achieve this through ARM scripts you'll need to create an ApiVersionSet resource first:

{
    "name": "[concat(variables('ManagementServiceName'), '/', variables('VersionSetName'))]",
    "type": "Microsoft.ApiManagement/service/api-version-sets",
    "apiVersion": "2017-03-01",
    "properties": {
        "description": "Api Description",
        "displayName": "Api Name",
        "versioningScheme": "Segment"
    }
}

Then update the apiVersionSetId property on the Microsoft.ApiManagement/service/apis resource:

{
        "type": "Microsoft.ApiManagement/service/apis",
        "name": "[concat(variables('ManagementServiceName'), '/', variables('ApiName'))]",
        "apiVersion": "2017-03-01",
        "dependsOn": [
            "[resourceId('Microsoft.ApiManagement/service/api-version-sets', variables('ManagementServiceName'), variables('VersionSetName'))]"
        ],
        "properties": {
            "displayName": "string",
            "apiRevision": "1",
            "description": "",
            "serviceUrl": "string",
            "path": "string",
            "protocols": [
                "https"
            ],
            "isCurrent": true,
            "apiVersion": "v1",
            "apiVersionName": "v1",
            "apiVersionDescription": "string",
            "apiVersionSetId": "[concat('/api-version-sets', variables('VersionSetName'))]"
        }
    }

Cloud Maker- Allowing all azure services to access resources

 Cloud Maker- Allowing all azure services to access resources. While creating SQL Server droplet or other resources, if you would like to enable all azure services to access your resource then you can achieve that through firewall rules as shown in the below screenshot.

Format view using json in SharePoint Online Modern Asset Library

 You can use view formatting to customize how items in SharePoint lists and libraries are displayed. To do this, you construct a JSON object that describes the elements that are displayed when an item is loaded in a view and any styles to be applied to those elements. View formatting does not change the data in list items; it only changes how they're displayed to users who browse the list. Anyone who can create and manage views in a list can use view formatting to configure how views are displayed

To open the view formatting pane, open the view dropdown and choose Format current view.

The pane will look like the following depending on the current layout:

Sample schema for asset library is below

{

"$schema": "https://developer.microsoft.com/json-schemas/sp/view-formatting.schema.json",

"tileProps": {

"hideSelection": true,

"height": "300",

"width": "300",

"formatter": {

"elmType": "div",

"style": {

"align-items": "stretch",

"margin": "2px 2px",

"background-color": "#fbfbfb",

"height": "380px",

"overflow": "inherit",

"border-radius": "2px",

"box-shadow": "0px 1.6px 3.6px 0 #00000024, 0px 0.3px 0.9px 0 #00000024"

},

"children": [

{

"elmType": "div",

"style": {

"display": "flex",

"flex-wrap": "wrap",

"position": "relative",

"padding-bottom": "5px",

"width": "100%"

},

"children": [

{

"elmType": "div",

"style": {

"margin-top": "0px",

"height": "200px",

"display": "block",

"align-items": "center",

"justify-content": "center",

"position": "relative",

"border-bottom": "1px solid #EEE",

"overflow": "hidden",

"border-radius": "2px 2px 0 0"

},

"children": [

{

"elmType": "button",

"style": {

"position": "absolute",

"height": "100%",

"width": "100%",

"opacity": "0",

"cursor": "pointer"

},

"customRowAction": {

"action": "defaultClick"

}

},

{

"elmType": "div",

"style": {

"width": "=if([$File_x0020_Type] == '', '100px', '100%')",

"height": "=if([$File_x0020_Type] == '', '100px', '100%')",

"oveflow": "=if([$File_x0020_Type] == '', 'auto', 'hidden')",

"text-align": "center",

"overflow": "hidden"

},

"children": [

{

"elmType": "img",

"style": {

"height": "=if([$File_x0020_Type] == '', '100%', '0'"

},

"attributes": {

"src": "=if([$File_x0020_Type] == '', 'https://spoprod-a.akamaihd.net/files/fabric/office-ui-fabric-react-assets/foldericons-fluent/folder-large_frontplate_nopreview.svg', '')"

}

},

{

"elmType": "img",

"style": {

"display": "=if([$File_x0020_Type] == '', 'none', '')"

},

"attributes": {

"src": "@thumbnail.383x383"

}

}

]

}

]

},

{

"elmType": "div",

"style": {

"margin": "25px 0 0 0",

"position": "absolute",

"top": "153px",

"width": "100%",

"color": "#333333"

},

"attributes": {

"class": "ms-fontSize-14 ms-fontWeight-semibold"

},

"children": [

{

"elmType": "img",

"attributes": {

"src": "=if([$File_x0020_Type] == 'docx', 'https://spoprod-a.akamaihd.net/files/fabric/assets/item-types-fluent/20/docx.svg?v6', if([$File_x0020_Type] == 'xlsx', 'https://spoprod-a.akamaihd.net/files/fabric/assets/item-types-fluent/20/xlsx.svg?v6', if([$File_x0020_Type] == 'pptx', 'https://spoprod-a.akamaihd.net/files/fabric/assets/item-types-fluent/20/pptx.svg?v6', if([$File_x0020_Type] == 'pdf', 'https://spoprod-a.akamaihd.net/files/fabric/assets/item-types-fluent/20/pdf.svg?v6', if([$File_x0020_Type] == 'jpg' || [$File_x0020_Type] == 'png' || [$File_x0020_Type] == 'gif','https://spoprod-a.akamaihd.net/files/fabric/assets/item-types-fluent/20/photo.svg?v6', if([$File_x0020_Type] == 'mp4' || [$File_x0020_Type] == 'avi' || [$File_x0020_Type] == 'mov', 'https://spoprod-a.akamaihd.net/files/fabric/assets/item-types-fluent/20/video.svg?v6', if([$File_x0020_Type] == 'zip', 'https://spoprod-a.akamaihd.net/files/fabric/assets/item-types-fluent/20/zip.svg?v6','Unknown')))))))"

},

"style": {

"flex": "none",

"line-height": "100%",

"font-weight": "normal",

"font-size": "2rem",

"margin": "5px 5px 5px 10px",

"height": "25px"

}

},

{

"elmType": "div",

"txtContent": "[$VideoTitle]",

"style": {

"padding": "0 0 0 16px",

"font-weight": "bold",

"font-size": "1rem"

}

},

{

"elmType": "div",

"txtContent": "[$VideoSummary]",

"style": {

"padding": "0 0 0 16px"

}

}

]

}

]

}

]

}

}

}

You can modify this based on your needs.