-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathtool_s360_sp.py
42 lines (29 loc) · 1.32 KB
/
tool_s360_sp.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
"""
S360 reports overprivileged service principals that have been given role
assignments to your subscriptions.
This generally means that they have been assigned but not used for some time.
The report in s360 for this brings you to Lens. From lens with the report you
export the contents using the upper right hand corner
Actions > Export > CSV All Columns
This creates a JSON on your machine with the entries. Put in the file path below
and the tool will remove the specific role assignments from your subscription.
YOU MUST BE LOGGED IN WITH RIGHTS TO THE SUBS OR HAVE AN SP TO DO SO
Output is to the command line only and dumps out number of entries recieved, roles
removed and for each sub how many roles were removed. If the total vs removed differ
it is because the assignment has been cleared before running the tool.
"""
import json
from microsoft.submaintenance import AzIdentities
from microsoft.submaintenance.utils import AzLoginUtils
CREDENTIALS_FILE = "./credentials.json"
CONFIGURATION_FILE = "./configuration.json"
# Ensure a login and switch to SP if requested
try:
AzLoginUtils.validate_login(CREDENTIALS_FILE)
except Exception as ex:
print(str(ex))
quit()
az_id = AzIdentities()
s360report = "C:\\...\\your_principals.csv"
res = az_id.clear_s360_principals(s360report)
print(json.dumps(res, indent=4))