New key vault and web app settings

Custom roles/Storage Data Contributor.json

@@ -73,6 +73,7 @@
         "/subscriptions/eec75831-812e-4b06-a7a4-ec28a5126238",
         "/subscriptions/c4b0c496-dbc1-483b-890b-fc46012125d8",
         "/subscriptions/cea89b67-6bfd-47c6-b7fa-9b8006b664ea",
-        "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6"
+        "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6",
+        "/subscriptions/e33c30f7-06c7-4765-86a9-7a8979b6d1cc"
     ]
 }

Custom roles/Storage Data Reader.json

@@ -56,6 +56,7 @@
       "/subscriptions/eec75831-812e-4b06-a7a4-ec28a5126238",
       "/subscriptions/c4b0c496-dbc1-483b-890b-fc46012125d8",
       "/subscriptions/cea89b67-6bfd-47c6-b7fa-9b8006b664ea",
-      "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6"
+      "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6",
+      "/subscriptions/e33c30f7-06c7-4765-86a9-7a8979b6d1cc"
  ]
   }

Powershell/Lists/Azure/AlertRules.ps1

@@ -1,6 +1,6 @@
 #Connect-AzAccount
 
-$access_token = (Get-AzAccessToken).Token
+$access_token = (Get-AzAccessToken -TenantId "e9792fd7-4044-47e7-a40d-3fba46f1cd09").Token
 $ofs = ', '
 
 function GetSmartDetectorActionGroupIds {

Powershell/Lists/Azure/KeyVaults.ps1

@@ -0,0 +1,84 @@
+#Connect-AzAccount
+
+class ResourceCheck {
+    [string] $ResourceId = ""
+    [string] $Location = ""
+    [string] $ResourceName = ""
+    [string] $ResourceGroup = ""
+    [string] $SubscriptionId = ""
+    [string] $SubscriptionName = ""
+    [string] $Tag_Team = ""
+    [string] $Tag_Product = ""
+    [string] $Tag_Environment = ""
+    [string] $Tag_Data = ""
+    [string] $Tag_Deployment = ""
+    [string] $Tag_CreatedOnDate = ""
+    [string] $Prop_EnablePurgeProtection = ""
+    [string] $Prop_EnableRbacAuthorization = ""
+    [string] $Prop_EnableSoftDelete = ""
+    [string] $Prop_PublicNetworkAccess = ""
+}
+
+
+Write-Host "======================================================================================================================================================================"
+Write-Host "Creating key vault resource overview."
+Write-Host "======================================================================================================================================================================"
+
+ $subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled"
+
+ 
+[string] $date = Get-Date -Format "yyyy-MM-dd HHmm"
+$fileName =  ".\$date azure_key_vaults.csv" 
+
+# rm $fileName
+
+foreach ($subscription in $subscriptions) 
+{
+    Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
+
+    Set-AzContext -SubscriptionId $subscription.Id
+
+    Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
+
+    $allResourceGroups = Get-AzResourceGroup
+    [ResourceCheck[]]$Result = @()
+
+    foreach ($group in $allResourceGroups) {
+
+        Write-Host $group.ResourceGroupName
+
+        $allVaults = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName
+        
+        foreach ($vault in $allVaults) {
+
+            $vaultWithAllProps = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName -Name $vault.VaultName
+
+            [ResourceCheck] $resourceCheck = [ResourceCheck]::new()
+            $resourceCheck.ResourceId = $vaultWithAllProps.ResourceId
+            $resourceCheck.Location = $vaultWithAllProps.Location
+            $resourceCheck.ResourceName = $vaultWithAllProps.VaultName
+            $resourceCheck.ResourceGroup = $vaultWithAllProps.ResourceGroupName
+            $resourceCheck.SubscriptionId = $subscription.Id
+            $resourceCheck.SubscriptionName = $subscription.Name
+            $resourceCheck.Tag_Team = $vaultWithAllProps.Tags.team
+            $resourceCheck.Tag_Product = $vaultWithAllProps.Tags.product
+            $resourceCheck.Tag_Environment = $vaultWithAllProps.Tags.environment
+            $resourceCheck.Tag_Data = $vaultWithAllProps.Tags.data
+            $resourceCheck.Tag_CreatedOnDate = $vaultWithAllProps.Tags.CreatedOnDate
+            $resourceCheck.Tag_Deployment = $vaultWithAllProps.Tags.drp_deployment
+            $resourceCheck.Prop_EnablePurgeProtection = $vaultWithAllProps.EnablePurgeProtection
+            $resourceCheck.Prop_EnableRbacAuthorization = $vaultWithAllProps.EnableRbacAuthorization
+            $resourceCheck.Prop_EnableSoftDelete = $vaultWithAllProps.EnableSoftDelete
+            $resourceCheck.Prop_PublicNetworkAccess = $vaultWithAllProps.PublicNetworkAccess
+
+            $Result += $resourceCheck
+
+          
+        }
+    }
+    $Result | Export-Csv -Path $fileName -Append -NoTypeInformation
+}
+
+Write-Host "======================================================================================================================================================================"
+Write-Host "Done."
+

Powershell/Lists/Azure/Resources.ps1

@@ -18,6 +18,8 @@ class ResourceCheck {
     [string] $Tag_Split = ""
     [string] $Tag_CreatedOnDate = ""
     [string] $Tag_Deployment = ""
+    [string] $ManagedIndentity_Name = ""
+    [string] $ManagedIndentity_PrincipalId = ""
 }
 
 Write-Host "========================================================================================================================================================================"
@@ -36,8 +38,8 @@ Set-AzContext -SubscriptionId $subscription.Id
     $allResources = Get-AzResource 
     [ResourceCheck[]]$Result = @()
     
-    foreach ($resource in $allResources) {
-
+    foreach ($resource in $allResources) 
+    {
         [ResourceCheck] $resourceCheck = [ResourceCheck]::new()
         $resourceCheck.ResourceId = $resource.ResourceId
         $resourceCheck.Id = $resource.Id
@@ -56,6 +58,18 @@ Set-AzContext -SubscriptionId $subscription.Id
         $resourceCheck.Tag_Split = $resource.Tags.split
         $resourceCheck.Tag_CreatedOnDate = $resource.Tags.CreatedOnDate
         $resourceCheck.Tag_Deployment = $resource.Tags.drp_deployment
+
+        try {
+            $managedIdentity = $null
+            $managedIdentity = Get-AzSystemAssignedIdentity -Scope $resource.ResourceId -erroraction 'silentlycontinue'
+            $resourceCheck.ManagedIndentity_Name = $managedIdentity.Name
+            $resourceCheck.ManagedIndentity_PrincipalId = $managedIdentity.PrincipalId
+        }
+        catch {
+            $resourceCheck.ManagedIndentity_Name = ""
+            $resourceCheck.ManagedIndentity_PrincipalId = ""
+        }
+
         $Result += $resourceCheck
     }
 

Powershell/Lists/Azure/WebApps.ps1

@@ -1,5 +1,38 @@
 #Connect-AzAccount
 
+function GetDeployment {
+
+    param (
+        [string] $siteName,
+        [string] $resourceGroupName,
+        [string] $subscriptionId,
+        [string] $slotName = ""
+    )
+
+    $access_token = (Get-AzAccessToken -TenantId "e9792fd7-4044-47e7-a40d-3fba46f1cd09").Token
+
+    $url = ""
+    if ($slotName -ne "") {
+        $url = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Web/sites/$siteName/slots/$slotName/deployments?api-version=2022-03-01"
+    }
+    else {
+        $url = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Web/sites/$siteName/deployments?api-version=2022-03-01"
+    }
+    
+  #  GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/slots/{slot}/deploymentStatus/{deploymentStatusId}?api-version=2022-03-01
+    $head = @{ Authorization =" Bearer $access_token" }
+    $response = Invoke-RestMethod -Uri $url -Method GET -Headers $head
+    $response | ForEach-Object { 
+       $responseValue = $_.value
+       if ($responseValue.Length -gt 0) {
+            return $responseValue[0].properties.last_success_end_time
+       }
+       else {
+            return ""
+       }
+    }
+}
+
 class ResourceCheck {
     [string] $ResourceId = ""
     [string] $Kind = ""
@@ -14,12 +47,16 @@ class ResourceCheck {
     [string] $Tag_Product = ""
     [string] $Tag_Environment = ""
     [string] $Tag_Data = ""
+    [string] $Tag_Deployment = ""
     [string] $Tag_CreatedOnDate = ""
     [string] $Prop_HttpsOnly = ""
     [string] $Prop_PhpVersion = ""
     [string] $Prop_RemoteDebuggingEnabled = ""
     [string] $Prop_MinTlsVersion = ""
     [string] $Prop_FtpsState = ""
+    [string] $Prop_Http20Enabled = ""
+    [string] $Prop_Identity = ""
+    [string] $LastDeployDate = ""
 }
 
 
@@ -69,11 +106,15 @@ foreach ($subscription in $subscriptions)
             $resourceCheck.Tag_Environment = $webApp.Tags.environment
             $resourceCheck.Tag_Data = $webApp.Tags.data
             $resourceCheck.Tag_CreatedOnDate = $webApp.Tags.CreatedOnDate
+            $resourceCheck.Tag_Deployment = $webApp.Tags.drp_deployment
             $resourceCheck.Prop_HttpsOnly = $webApp.HttpsOnly
             $resourceCheck.Prop_PhpVersion = $webApp.SiteConfig.PhpVersion
             $resourceCheck.Prop_RemoteDebuggingEnabled = $webApp.SiteConfig.RemoteDebuggingEnabled
             $resourceCheck.Prop_MinTlsVersion = $webApp.SiteConfig.MinTlsVersion
             $resourceCheck.Prop_FtpsState = $webApp.SiteConfig.FtpsState
+            $resourceCheck.Prop_Http20Enabled = $webApp.SiteConfig.Http20Enabled
+            $resourceCheck.Prop_Identity = $webApp.Identity.Type
+            $resourceCheck.LastDeployDate = GetDeployment -siteName $webApp.Name -resourceGroupName $group.ResourceGroupName -subscriptionId $subscription.Id
 
             $Result += $resourceCheck
 
@@ -99,11 +140,16 @@ foreach ($subscription in $subscriptions)
                 $resourceCheck.Tag_Environment = $slot.Tags.environment
                 $resourceCheck.Tag_Data = $slot.Tags.data
                 $resourceCheck.Tag_CreatedOnDate = $slot.Tags.CreatedOnDate
+                $resourceCheck.Tag_Deployment = $slot.Tags.drp_deployment
                 $resourceCheck.Prop_HttpsOnly = $slot.HttpsOnly
                 $resourceCheck.Prop_PhpVersion = $slot.SiteConfig.PhpVersion
                 $resourceCheck.Prop_RemoteDebuggingEnabled = $slot.SiteConfig.RemoteDebuggingEnabled
                 $resourceCheck.Prop_MinTlsVersion = $slot.SiteConfig.MinTlsVersion
                 $resourceCheck.Prop_FtpsState = $slot.SiteConfig.FtpsState
+                $resourceCheck.Prop_Http20Enabled = $slot.SiteConfig.Http20Enabled
+                $resourceCheck.Prop_Identity = $slot.Identity.Type
+    
+                $resourceCheck.LastDeployDate = GetDeployment -siteName $webApp.Name -resourceGroupName $group.ResourceGroupName -subscriptionId $subscription.Id -slotName $slotName
 
                 $Result += $resourceCheck
             }
@@ -114,3 +160,4 @@ foreach ($subscription in $subscriptions)
 
 Write-Host "======================================================================================================================================================================"
 Write-Host "Done."
+

Powershell/Lists/DevOps/RepositoriesWithTestAccept.ps1

@@ -0,0 +1,92 @@
+
+class Repository {
+    [string] $Id = ""
+    [string] $Name = ""
+    [string] $DefaultBranch = ""
+    [string] $IsDisabled = ""
+    [string] $WebUrl = ""
+    [string] $LastDefaultChange = ""
+    [string] $HasTest = ""
+    [string] $LastTestChange = ""
+    [string] $HasAccept = ""
+    [string] $LastAcceptChange = ""
+}
+
+[string] $url = ""
+[string] $repositoryId = ""
+[string] $branchName = ""
+[string] $date = Get-Date -Format "yyyy-MM-dd HHmm"
+$fileName =  ".\$date repositories with test and accept.csv" 
+
+[string] $token = "yixqmupncd3b72zij4y5lfsenepak5rtvlba3sj33tvxvc4s7a6q" #"{INSERT_PERSONAL_ACCESS_TOKEN}"
+$token = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($token)"))
+$head = @{ Authorization =" Basic $token" }
+[string] $organization = "effectory"
+[string] $project = "Survey%20Software"
+
+Write-Host "========================================================================================================================================================================"
+Write-Host "Creating repository overview."
+Write-Host "========================================================================================================================================================================"
+
+$repos = az repos list  --organization "https://dev.azure.com/$organization/" --project "survey software" | ConvertFrom-Json | Select-Object
+
+[Repository[]]$Result = @()
+
+foreach ($repo in $repos) 
+{
+    Write-Host $repo.name
+
+    [Repository] $repository = [Repository]::new()
+    $repository.Id = $repo.id
+    $repository.Name = $repo.name
+    $repository.DefaultBranch = $repo.defaultBranch
+    $repository.IsDisabled = $repo.isDisabled
+    $repository.WebUrl = $repo.webUrl
+
+    if ($true -ne $repo.isDisabled) 
+    {
+        $repositoryId = $repo.id
+        $branchName = $repo.defaultBranch
+        $branchName = $branchName.Replace("refs/heads/", "")
+
+        try {
+            $url="https://dev.azure.com/$organization/$project/_apis/git/repositories/$repositoryId/commits?searchCriteria.itemVersion.version=$branchName&searchCriteria.`$top=1&api-version=6.0"
+            $response = Invoke-RestMethod -Uri $url -Method GET -Headers $head
+            $repository.LastDefaultChange = $response.value[0].committer.date
+        } 
+        catch {
+            $repository.LastDefaultChange = ""
+        }
+
+        try {
+            $branchName = "test"
+            $url="https://dev.azure.com/$organization/$project/_apis/git/repositories/$repositoryId/commits?searchCriteria.itemVersion.version=$branchName&searchCriteria.`$top=1&api-version=6.0"
+            $response = Invoke-RestMethod -Uri $url -Method GET -Headers $head
+            $repository.HasTest = "True"
+            $repository.LastTestChange = $response.value[0].committer.date
+        }
+        catch {
+            $repository.HasTest = "False"
+            $repository.LastTestChange = ""
+        }
+
+        try {
+            $branchName = "accept"
+            $url="https://dev.azure.com/$organization/$project/_apis/git/repositories/$repositoryId/commits?searchCriteria.itemVersion.version=$branchName&searchCriteria.`$top=1&api-version=6.0"
+            $response = Invoke-RestMethod -Uri $url -Method GET -Headers $head
+            $repository.HasAccept = "True"
+            $repository.LastAcceptChange = $response.value[0].committer.date
+        }
+        catch {
+            $repository.HasAccept = "False"
+            $repository.LastAcceptChange = ""
+        }
+    }
+
+    $Result += $repository 
+}
+
+$Result | Export-Csv -Path $fileName -Append -NoTypeInformation
+
+Write-Host "========================================================================================================================================================================"
+Write-Host "Done."

Powershell/Tools/KeyVault Settings.ps1

@@ -0,0 +1,48 @@
+#Connect-AzAccount
+
+# Set alias for az exe
+Set-Alias -Name az -Value "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd"
+
+
+Write-Host "======================================================================================================================================================================"
+Write-Host "Updating key vault resource settings."
+Write-Host "======================================================================================================================================================================"
+
+$subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled" | Where Name -NotLike "Visual Studio*"  | Where Name -NotLike "*test*"
+
+foreach ($subscription in $subscriptions) 
+{
+    Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
+
+    Set-AzContext -SubscriptionId $subscription.Id
+    az account set --subscription $subscription.Id
+
+    Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
+
+    $allResourceGroups = Get-AzResourceGroup
+
+    foreach ($group in $allResourceGroups) {
+
+        $allVaults = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName
+        
+        foreach ($vault in $allVaults) {
+            Write-Host "Checking vault $($vault.VaultName)..."
+
+            $vaultWithAllProps = Get-AzKeyVault -ResourceGroupName $group.ResourceGroupName -Name $vault.VaultName
+
+            if ($vaultWithAllProps.EnableSoftDelete -ne "TRUE") {
+                Write-Host "Enable Soft Delete $($vault.VaultName)"
+                az keyvault update --name $vault.VaultName --resource-group $group.ResourceGroupName --set properties.enableSoftDelete=true | out-null
+            }
+            if ($vaultWithAllProps.EnablePurgeProtection -ne "TRUE") {
+                Write-Host "Enable purge protection $($vault.VaultName)"
+                az keyvault update --name $vault.VaultName --resource-group $group.ResourceGroupName --enable-purge-protection | out-null
+            }
+        }
+    }
+}
+
+Write-Host "======================================================================================================================================================================"
+Write-Host "Done."
+
+

Powershell/Tools/WebApp Settings.ps1

@@ -1,41 +1,21 @@
 #Connect-AzAccount
 
-class ResourceCheck {
-    [string] $ResourceId = ""
-    [string] $Kind = ""
-    [string] $Location = ""
-    [string] $ResourceName = ""
-    [string] $ResourceGroup = ""
-    [string] $ResourceType = ""
-    [string] $State = ""
-    [string] $SubscriptionId = ""
-    [string] $SubscriptionName = ""
-    [string] $Tag_Team = ""
-    [string] $Tag_Product = ""
-    [string] $Tag_Environment = ""
-    [string] $Tag_Data = ""
-    [string] $Tag_CreatedOnDate = ""
-    [string] $Prop_HttpsOnly = ""
-    [string] $Prop_PhpVersion = ""
-    [string] $Prop_NetFrameworkVersion = ""
-    [string] $Prop_WindowsFxVersion = ""
-    [string] $Prop_RemoteDebuggingEnabled = ""
-    [string] $Prop_MinTlsVersion = ""
-    [string] $Prop_FtpsState = ""
-}
+# Set alias for az exe
+Set-Alias -Name az -Value "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd"
 
 
 Write-Host "======================================================================================================================================================================"
-Write-Host "Creating webapp resource overview."
+Write-Host "Updating webapp resource settings."
 Write-Host "======================================================================================================================================================================"
 
-$subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled"
+$subscriptions = Get-AzSubscription | Where-Object State -eq "Enabled" | Where Name -NotLike "Visual Studio*"  | Where Name -NotLike "*test*"
 
 foreach ($subscription in $subscriptions) 
 {
     Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
 
     Set-AzContext -SubscriptionId $subscription.Id
+    az account set --subscription $subscription.Id
 
     Write-Host "----------------------------------------------------------------------------------------------------------------------------------------------------------------------"
 
@@ -57,6 +37,10 @@ foreach ($subscription in $subscriptions)
                 Write-Host "Disable PHP $($webApp.Name)"
                 $x = Set-AzWebApp -Name $webApp.Name -ResourceGroupName $group.ResourceGroupName -PhpVersion "off"
             }
+            if ($webApp.SiteConfig.Http20Enabled -ne "TRUE") {
+                Write-Host "Enable HTTP/2 $($webApp.Name)"
+                az webapp config set -g $group.ResourceGroupName -n $webApp.Name --http20-enabled true | out-null
+            }
 
             $allSlots = Get-AzWebAppSlot -Name $webApp.Name -ResourceGroupName $webApp.ResourceGroup
 
@@ -73,6 +57,10 @@ foreach ($subscription in $subscriptions)
                     Write-Host "Disable PHP $($webApp.Name) - $($slotName)"
                     $y = Set-AzWebAppSlot -Name $webApp.Name -Slot $slotName -ResourceGroupName $group.ResourceGroupName -PhpVersion "off"
                 }
+                if ($slot.SiteConfig.Http20Enabled -ne "TRUE") {
+                    Write-Host "Enable HTTP/2 $($webApp.Name)"
+                    az webapp config set -g $group.ResourceGroupName -n $webApp.Name --slot $slotName --http20-enabled true | out-null
+                }
             }
         }
     }