|
|
@@ -0,0 +1,51 @@
|
|
|
+# Azure Application API Access Notes.md
|
|
|
+Created: 8/12/2021
|
|
|
+
|
|
|
+Notes related to creating an application and service principle in Azure Gov for accessing Azure resources via the REST API
|
|
|
+
|
|
|
+All instructions will be done via portal.azure.us
|
|
|
+
|
|
|
+## Create an Application
|
|
|
+1. Navigate to `Enterprise Applications`
|
|
|
+2. Click on `New application`
|
|
|
+3. Click on `Create your own application`
|
|
|
+4. Input the name of the application and select `Register an application to integrate with Azure AD (App you're developing)`
|
|
|
+
|
|
|
+## Register a Client Secret
|
|
|
+1. Navigate to `Azure Active Directory`
|
|
|
+2. Click on `App registrations`
|
|
|
+3. Click on your app
|
|
|
+4. Record the `Application (client) ID` and `Directory (tenant) ID` while you're here on the `Overview` page
|
|
|
+5. Click on `Certifcates & secrets`
|
|
|
+6. Click on `New client secret`
|
|
|
+7. Input a description and expiry time
|
|
|
+8. Record the secret string for later (grab it now because you won't be able to view it later)
|
|
|
+
|
|
|
+## Give the application proper permissions
|
|
|
+1. Navigate to `Resource Groups`
|
|
|
+2. Click the proper resource group
|
|
|
+3. Click `Access control (IAM)`
|
|
|
+4. Click `Add role assignment` under `Grant access to this resource`
|
|
|
+5. Select the appropriate roles (least privilege)
|
|
|
+6. Click `Next`
|
|
|
+7. Click `+ Select members`
|
|
|
+8. Search for your app name and click `Select`
|
|
|
+9. Click `Next`
|
|
|
+10. Click `Review + assign`
|
|
|
+
|
|
|
+## Get a bearer token
|
|
|
+1. Send a POST request to `https://login.microsoftonline.us/{Tenant ID we got earlier}/oauth2/token` with the following data
|
|
|
+ 1. grant_type: client_credentials
|
|
|
+ 2. client_id: {Client ID we got earlier}
|
|
|
+ 3. client_secret: {Client Secret we created earlier}
|
|
|
+ 4. resource: https://management.usgovcloudapi.net
|
|
|
+2. Grab the value of the `access_token` field of the response.
|
|
|
+
|
|
|
+## Access the API Endpoint
|
|
|
+1. Find your API endpoints at https://docs.microsoft.com/en-us/rest/api/. I will use https://docs.microsoft.com/en-us/rest/api/securityinsights/incidents/list as an example
|
|
|
+2. Fill in the neccessary values in the URL. It will look something like `https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/incidents?api-version=2021-04-01`
|
|
|
+3. Replace `management.azure.com` with `management.usgovcloudapi.net`
|
|
|
+4. Add your bearer token to the request (instructions are dependant on what client you're using)
|
|
|
+5. Send the request
|
|
|
+6. Get your data
|
|
|
+7. Profit
|
Ryan Plas