Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of not having Azure Active Directory (AD) Admin configured, you can follow these steps:
- Log in to the Azure portal (https://portal.azure.com) using your credentials.
- In the left-hand menu, click on “Azure Active Directory”.
- Click on “Properties” under the “Manage” section in the left-hand menu.
- Scroll down to the “Azure AD admin” section.
- Click on “Set Azure AD admin” button.
- In the “Set administrator” pane, select the user or group that you want to designate as the Azure AD admin.
- Click on the “Select” button.
- Click on the “Save” button to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration “Ensure That Azure Active Directory Admin Is Configured” for AZURE using AZURE CLI, follow the below steps:
-
Open the AZURE CLI and login to your Azure account using the command:
-
Once you are logged in, set your subscription using the command:
Replace
<subscription-id>with the ID of your Azure subscription. -
Next, use the following command to set the Azure Active Directory (Azure AD) admin for your subscription:
Replace
<subscription-id>with the ID of your Azure subscription. -
This command will create a new Azure AD application and assign it the Owner role for your subscription. It will output the following details:
appId: The Application ID of the newly created Azure AD application.displayName: The display name of the Azure AD application.password: The password for the Azure AD application. This is the only time the password will be shown, so make sure to save it in a secure location.tenant: The ID of the Azure AD tenant associated with the subscription.
-
Finally, use the following command to assign the newly created Azure AD application as the subscription admin:
Replace
<appId>with the Application ID of the newly created Azure AD application, and<subscription-id>with the ID of your Azure subscription. -
After running the above command, the Azure AD admin will be configured for your subscription. You can verify this by running the following command:
This command will display the details of your Azure subscription, including the Azure AD admin.
Using Python
Using Python
To remediate the misconfiguration “Ensure that Azure Active Directory Admin is configured” in Azure using Python, you can follow the below steps:Step 1: Install the Azure SDK for Python using the pip command:Step 2: Import the required modules:Step 3: Authenticate and create a client object:Step 4: Get the list of all SQL servers in the subscription:Step 5: For each SQL server, check if the Azure Active Directory Admin is configured:Note: You will need to replace the placeholders
your_subscription_id, your_username, your_password, your_storage_account, your_storage_account_access_key, and your_storage_account_subscription_id with your own values.The above code will enable auditing for the SQL server and ensure that the Azure Active Directory Admin is configured.