azure-security

来源： https://stackoverflow.com/questions/63960502/azure-associating-network-interfaces-to-an-application-security-group

来源： https://stackoverflow.com/questions/63960502/azure-associating-network-interfaces-to-an-application-security-group

问题 I am currently helping investigate adopting Azure for my organization's public cloud. One of the tasks I have been assigned is locking down accounts to prevent users from being able to elevate their permissions within a subscription. One of the things in particular I am interested in is denying the creation of Custom Roles, as we don't want people to go and start creating their own roles until the need for the role has been vetted by security. I have been trying to do this via an Azure policy

问题 To run applications in Azure, I need to create an Application in Azure AD and a corresponding Service Principal. Then my application authenticates against this App/Principal pair. To authenticate, I can create an application key in the App registration, or I can create a password in the Service Principal (among other options). What's the difference from a practial standpoint? For example, this code runs exactly the same (from the outside) whether the $key is the App's key or the Service

问题 I am trying to access a Data Lake from a .Net client application using this example I have registered the Client App in AAD Tenant and using the Client Id and Client secret from there (as what i believe is service-to-service authentication.) The Data Lake is in a different subscription but belongs to the same Tenant/AAD The App has Read/Write/Execute permission under 'Owner' and 'Assigned Permissions' for the specific folder (two hierarchies down the root folder) in the datalake. The parent

问题 I have around 100 Azure Web Apps and Azure Functions which I created using Azure PowerShell and CLI, now I need to assign Owner Access to these Web Apps to users (Separate users for each Web Apps) I am unable to find any sample for this, most sample are pointing to Assigning Resource Group Level Access, but not to the Specific Resource. The task is achievable in the Azure Portal, just need the PowerShell or CLI command to assign users owner or contributor rights to these specific resources.

问题 For part of a project, I need to be able to display security center recommendations for a given resource group on a webpage. To be clear, I'm looking to access the data on the Recommendations blade of Azure Security Center and filter that information by a resource group, only displaying the recommendations relevant to those resources. I've been looking at two ways to implement this: Security Resource API seems to be a good starting place, however I can't find any API endpoint that will allow

问题 I've got a service principal in Azure which was created when i turned on Managed Service Identity for one of my Azure assets. I'd like to grant permissions to this SP using the App Registrations area in the portal (I know I can do it with New-AzureADServiceAppRoleAssignment, but I'd like to create an application in this case). The Service Principal has an associated application whose guid is visible in the Enterprise Applications section of the AAD blade, but that application id isn't visible

问题 I am trying to integrate WS-Federation in my Asp.Net MVC app using OWIN. I followed the github samples and it is working as expected. Now I want to take this one step further and call an external WebApi hosted on different Azure web app from within my website. I couldn't find any WS-Fed samples for this scenario. WebApi needs an access token to provide access to protected resources. In one of my MVC controllers I tried using ADAL.Net code to acquire the access token but i get timeout error.

问题 I am trying to connect to my azure vault from a console application with using MSI For this vault i have added my user as the Selected Principle the code i am using to connect is var azureServiceTokenProvider = new AzureServiceTokenProvider(); var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); var secret = await keyVaultClient.GetSecretAsync("https://<vaultname>.vault.azure.net/secrets/<SecretName>")