Microsoft.AAD.domainServices.delete
Event Information
- The Microsoft.AAD.domainServices.delete event in Azure for Azure Identity Management refers to the deletion of an Azure Active Directory (AAD) Domain Service.
- This event indicates that the AAD Domain Service, which provides managed domain services such as domain join, LDAP, and Kerberos authentication, has been deleted.
- The event signifies that any associated resources and configurations related to the AAD Domain Service have been removed, and any dependent services or applications may be affected.
Examples
-
Unauthorized deletion of Azure Active Directory (AAD) domain services can lead to a loss of control over user authentication and authorization, potentially allowing unauthorized access to resources within the Azure environment.
-
Deleting AAD domain services without proper backup and recovery mechanisms in place can result in permanent data loss, including user accounts, group memberships, and access control configurations.
-
In a multi-tenant environment, accidental or malicious deletion of AAD domain services can impact other tenants sharing the same Azure Active Directory, leading to disruptions in their authentication and authorization processes.
Remediation
Using Console
To remediate AzureIdentityManagement issues using the Azure console, you can follow these step-by-step instructions:
-
Enable Multi-Factor Authentication (MFA):
- Sign in to the Azure portal using your administrator account.
- Navigate to Azure Active Directory.
- Select “Users” and then “Multi-Factor Authentication.”
- Enable MFA for all users or specific users based on your requirements.
- Configure the MFA settings according to your organization’s security policies.
-
Implement Role-Based Access Control (RBAC):
- Sign in to the Azure portal using your administrator account.
- Navigate to the resource group or specific resource you want to secure.
- Select “Access control (IAM)” from the left-hand menu.
- Click on “Add” and select the appropriate role for the user or group.
- Specify the user or group you want to grant access to and save the changes.
-
Enable Azure AD Privileged Identity Management (PIM):
- Sign in to the Azure portal using your administrator account.
- Navigate to Azure Active Directory.
- Select “Privileged Identity Management” from the left-hand menu.
- Click on “Azure resources” and then “Azure AD roles.”
- Enable PIM for the required roles and assign eligible users.
- Configure the activation and approval settings as per your organization’s requirements.
Note: These steps are general guidelines and may vary based on your specific Azure setup and requirements. It is recommended to refer to the official Azure documentation for detailed instructions.
Using CLI
To remediate Azure Identity Management issues using Azure CLI, you can follow these steps:
-
Grant appropriate permissions to Azure AD users or groups:
- Use the
az ad group createcommand to create a new Azure AD group. - Use the
az role assignment createcommand to assign a role to the Azure AD group or user.
- Use the
-
Enable Multi-Factor Authentication (MFA) for Azure AD users:
- Use the
az ad user updatecommand to update the user’s MFA settings. - Use the
az ad user showcommand to verify the MFA status.
- Use the
-
Monitor and review Azure AD sign-ins:
- Use the
az monitor activity-log listcommand to retrieve Azure AD sign-in logs. - Use the
az monitor activity-log alert createcommand to create an alert for suspicious sign-in activities.
- Use the
Please note that the specific CLI commands may vary depending on your Azure CLI version and the specific requirements of your Azure environment.
Using Python
To remediate Azure AzureIdentityManagement issues using Python, you can utilize the Azure SDK for Python. Here are three examples of how you can approach this:
- Example 1: Assigning a Role to a User
from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
# Authenticate using DefaultAzureCredential
credential = DefaultAzureCredential()
# Create an instance of the AuthorizationManagementClient
authorization_client = AuthorizationManagementClient(credential, "<subscription_id>")
# Assign a role to a user
authorization_client.role_assignments.create(
"<scope>",
"<role_assignment_name>",
{
"properties": {
"role_definition_id": "<role_definition_id>",
"principal_id": "<principal_id>"
}
}
)
- Example 2: Creating a Custom Role
from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
# Authenticate using DefaultAzureCredential
credential = DefaultAzureCredential()
# Create an instance of the AuthorizationManagementClient
authorization_client = AuthorizationManagementClient(credential, "<subscription_id>")
# Create a custom role
authorization_client.role_definitions.create_or_update(
"<scope>",
"<role_definition_name>",
{
"properties": {
"role_name": "<role_name>",
"description": "<role_description>",
"assignable_scopes": ["<assignable_scope>"],
"permissions": [
{
"actions": ["<action_1>", "<action_2>"],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
)
- Example 3: Removing a Role Assignment
from azure.identity import DefaultAzureCredential
from azure.mgmt.authorization import AuthorizationManagementClient
# Authenticate using DefaultAzureCredential
credential = DefaultAzureCredential()
# Create an instance of the AuthorizationManagementClient
authorization_client = AuthorizationManagementClient(credential, "<subscription_id>")
# Remove a role assignment
authorization_client.role_assignments.delete("<role_assignment_id>")
Please note that you need to replace the placeholders (<subscription_id>, <scope>, <role_assignment_name>, etc.) with the actual values specific to your Azure environment.