0 votes

Hi, what is the correct way to create Adaxes Report that will show all explicit Azure role OWNER assignments?

I know how to do it in PowerShell so just to be sure, there is no builtin Adaxes feature.

$CurrentContext = Get-AzContext
$Subscriptions = Get-AzSubscription -TenantId $CurrentContext.Tenant.Id
foreach ($Subscription in $Subscriptions) {
    $Context = Set-AzContext -TenantId $Subscription.TenantId -SubscriptionId $Subscription.Id -Force

    Get-AzRoleAssignment | ? RoleDefinitionName -eq 'owner'
}

Thanks!

by (520 points)

1 Answer

0 votes
by (220k points)

Hello,

Unfortunately, there is no built-in function in Adaxes to make the desired output. You can try using the script in an Adaxes custom command and output the results into the execution log using method $Context.Logmessage. The following SDK article should be helpful: https://adaxes.com/sdk/CloudServicesScriptContextClass. Should you have issues updating your script accordingly, please, provide all the possible details regarding the desired output with live examples.

0

OK I've solved tis by creating custom columns and fill them using $Context.Items.Add().

Btw does Adaxes support anything like cached reports? So users don't have to run the report over and over again and instead have the possibility to see some cached older version?

0

Hello,

OK I've solved tis by creating custom columns and fill them using $Context.Items.Add().

Thank you for the confirmation, it is much appreciated.

Btw does Adaxes support anything like cached reports?

Unfortunately, there is no such thing as cached reports. The thing is that reports are generated based on the permissions of the logged on user. As such, caching might result in a user seeing something they should not see and vice versa.

0

But for sime kind of reports this could be an option (static reports without any user input).

It would be super useful mainly for cloud reports, because Azure can be slow (throttling) which can make such Report unusable. And unfortunately more and more tasks are managed from Azure these days.

Also you could generate one cache per possible group of permissions to avoid any security concerns.

Think about it :)

0

Hello,

Thank you for the suggestion. We have forwarded it to the corresponding department for consideration.

For your information, we have Azure AD management in our roadmap. The feature will be available in the next major release.

Related questions

0 votes
1 answer

For example, if the scope is a specified OU, running the report will list management history for every object in the OU even if it has had no management operations ... so objects that have not had any recent modifications are excluded from the report results?

asked Aug 13, 2021 by ryan741 (120 points)
0 votes
1 answer

For security purposes, we need to audit the objects that are capable of replicating the directory. As we have a number of individuals that need this report, I would like to ... four domains and would like to see any objects with this permission in any of them

asked May 20 by jiambor (1.2k points)
0 votes
1 answer

I have been searching your site, but could not find a list of access rights needed. --- Morten A. Steien

asked Feb 23, 2021 by Morten A. Steien (150 points)
0 votes
1 answer

I gone throught Adaxes License is based and its based on user. I wanted to understand, does the license user count is on technical assistance user or AD objects?

asked Jan 23, 2020 by subbu (20 points)
0 votes
1 answer

Is it possible to get a report created that would show us the last X days of the specified users' Azure sign-ins? The data I'd love to see is found at Home ... would help our Helpdesk get a better grasp on why some lockouts are occurring. Thanks in advance!

asked Jul 19, 2021 by mikek (80 points)
2,740 questions
2,474 answers
6,475 comments
1,374,979 users