Watch video on YouTube here: https://youtu.be/Kbj40Xf1shg by Johnny Netsec
Deploy Fortigate Firewall VM Using Azure Marketplace and From A VHD File with VM Size (1vCPU1G RAM)1/8/2022
Continue working on my Fortigate lab. This video is to show how to deploy a Fortigate single VM into Azure from either Marketplace or a VHD file. Using VHD file, you can deploy it using a non-pay-as-you-go subscription and you can directly use a 1vCPU and 1GB ram size VM. Related videos: ?Download and Deploy Fortigate Firewall into VMWare Workstation Lab - https://youtu.be/Ny6IQFTPeFI ?Fortinet Fortigate Next-Generation Firewall VM Test Drive in Azure - https://youtu.be/w8nacYGiAbM ?Deploy Fortigate Firewall VM Using Azure Marketplace and From A VHD File with VM Size (1vCPU,1G RAM) - https://youtu.be/Kbj40Xf1shg ==================================================================== If you found this video has some useful information✍, please give me a thumb up ✅ and subscribe this channel ?to get more updates?: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ⚡Resource Collection and Bookmarks: https://sites.51sec.org/ Learning and Sharing - 海内存知己,天涯若比邻 - ⚡https://51sec.org ?https://itprosec.com
Watch video on YouTube here: https://youtu.be/Kbj40Xf1shg by Johnny Netsec
0 Comments
Advanced Windows Software List
My previous list for basic windows system and software is only covering some fundamental software for everyone to use. This list is going to cover more advanced windows software which might not fit into everyone's needs. Screenshot Capture
Automation WorkflowPDF Tools
NotesNetwork Drive
Remote Control
KVMvia Blogger http://blog.51sec.org/2022/01/advanced-windows-software-list.html January 06, 2022 at 10:28AM Software
Basic Windows System OS and Software List
There are always some questions asking where to find out system OS image and tools to install on a computer. In this post, I am summarizing all tools I am using to install on my computers. Most are already very commonly used. This post is for basic tools. I will keep updating with some alternatives for those tools. The tools are mostly open source or free for personal use. If there is no better one found, I might put some business software here. Usually you can follow the link to original website to download or you might find a link from other online storage disk to download. If there is any better suggestion, please leave a comment and I will give it a try to see if I should replace it in this list. This list will be constantly updated.OS Image
PE ImagePartition ToolDriversFile ManagerDownload
System Cleanup
Zip/Unzip Tools
Video Player
Image Viewer / Processer
Browser
Email Clientvia Blogger http://blog.51sec.org/2022/01/basic-windows-system-os-and-software.html January 06, 2022 at 10:26AM Software
Fortigate VM product in Azure's marketplace provides free test drive to experience how this next generation firewall to control resources and application in Microsoft Azure environment. This test drive provides a simple use case with step by step guide. In this video, you will find out how this test drive looks like and how to configure Fortigate VM to finish the requirements of a simple use case, which is to allow DMZ subnet machine to access Internet and allow Internet to access DMZ machine's http service. Related post: ?Download and Deploy Fortigate Firewall into VMWare Workstation Lab - https://youtu.be/Ny6IQFTPeFI ==================================================================== If you found this video has some useful information✍, please give me a thumb up ✅ and subscribe this channel ?to get more updates?: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ⚡Resource Collection and Bookmarks: https://sites.51sec.org/ Learning and Sharing - 海内存知己,天涯若比邻 - ⚡https://51sec.org ?https://itprosec.com
Watch video on YouTube here: https://youtu.be/w8nacYGiAbM by Johnny Netsec
Azure Fortigate VM Test Drive
This Azure FortiGate Test Drive is a simple use case that enables hosts in a protected subnet the ability to access the Internet via the FortiGate and allow external clients access to resources in a protected subnet via the FortiGate. It is a good practice if you would like to learn how Fortigate firewall working in the cloud. It has two interfaces configured by default. DMZ network is on the same network as LAN network but using Azure routing table to send traffic to Fortigate LAN port. In this post, all steps recorded with more explanation how this lab is working, especially on routing table part, and logging part. Start Azure Fortigate Test Drive1 Go to https://azuremarketplace.microsoft.com/en-us/marketplace/apps/fortinet.fortinet-fortigate?ocid=FortiGate_202105_landingpage_en-us or https://www.fortigate-azure.com/ 2 After system complete the provisioning, you will get a page to tell you Your Test Drive is ready. It will last for three hours. 3 After three hours if you have not completed the test drive use case, you still have a chance to repeat test drive to try it again. 4 When the Test Drive is ready click on the FortiGate link to open the GUI.
Log in to Web GUI Console using following credential:
username: ftnt-testdrive
password: Fortinet@123
Fortigate Dashboard Status Page:
Interface Page:
Static Routes:
Since there is a route for 10.0.0.0/16 (Both 10.0.2.0/24 and 10.0.3.0/24 are in this /16 segment), Fortigate firewall is able to reach both 10.0.2.0/24 and 10.0.3.0/24 segments.
Manual for this test drive is @ https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWQXpD
DiagramLog Into Ubuntu Apache Server @10.0.3.4Start CLI console from the right top corner of FortiGate Dashboard Status page, then execute following command to enter into Ubuntu Apache Server @ ip address 10.0.3.4. It is running in different network from Fortigate LAN interface 10.0.2.x/24 network. With Azure routing table, it is reachable from 10.0.2.4 ip, In Azure Routing table, it should has two similar route table created for network 10.0.3.0/24 and 10.0.2.0/24. Following is for network 10.0.3.0/24. There should have another similar one for 10.0.2.0/24 with same next hop.
exec ssh [email protected]
password: Fortinet@123
FortiGate # exec ssh [email protected]
[email protected]'s password:
Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 5.4.0-1064-azure x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Sun Jan 2 21:33:27 UTC 2022
System load: 0.0 Processes: 113
Usage of /: 6.2% of 28.90GB Users logged in: 1
Memory usage: 24% IP address for eth0: 10.0.3.4
Swap usage: 0%
0 updates can be applied immediately.
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings
Last login: Sun Jan 2 21:13:31 2022 from 10.0.2.4
ftnt-testdrive@UbuntuServer:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3064ms
ftnt-testdrive@UbuntuServer:~$ sudo -i
root@UbuntuServer:~# apt update
Err:1 http://azure.archive.ubuntu.com/ubuntu bionic InRelease
Could not connect to azure.archive.ubuntu.com:80 (40.81.13.82), connection timed out
Err:2 http://azure.archive.ubuntu.com/ubuntu bionic-updates InRelease
Unable to connect to azure.archive.ubuntu.com:http:
Err:3 http://azure.archive.ubuntu.com/ubuntu bionic-backports InRelease
Unable to connect to azure.archive.ubuntu.com:http:
Err:4 http://security.ubuntu.com/ubuntu bionic-security InRelease
Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1360:8001::24). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1562::15). - connect (101: Network is unreachable) Could not connect to security.ubuntu.com:80 (91.189.91.38), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.39), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.152), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.142), connection timed out
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/dists/bionic/InRelease Could not connect to azure.archive.ubuntu.com:80 (40.81.13.82), connection timed out
W: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease Unable to connect to azure.archive.ubuntu.com:http:
W: Failed to fetch http://azure.archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease Unable to connect to azure.archive.ubuntu.com:http:
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1360:8001::24). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable) Cannot initiate the connection to security.ubuntu.com:80 (2001:67c:1562::15). - connect (101: Network is unreachable) Could not connect to security.ubuntu.com:80 (91.189.91.38), connection timed out Could not connect to security.ubuntu.com:80 (91.189.91.39), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.152), connection timed out Could not connect to security.ubuntu.com:80 (91.189.88.142), connection timed out
W: Some index files failed to download. They have been ignored, or old ones used instead.
root@UbuntuServer:~#
The webserver host 10.0.3.4 cannot connect to the Internet and will stall attempting to update the apt package repositories. This is because an Azure route table with a User Defined Route has been added to the VNET to force the webserver host’s outbound communication through the FortiGate, and the FortiGate does not have a policy to allow internet connectivity.
Checking routing table and ip address on the Ubuntu server.
ftnt-testdrive@UbuntuServer:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.3.1 0.0.0.0 UG 100 0 0 eth0
10.0.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
168.63.129.16 10.0.3.1 255.255.255.255 UGH 100 0 0 eth0
169.254.169.254 10.0.3.1 255.255.255.255 UGH 100 0 0 eth0
ftnt-testdrive@UbuntuServer:~$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.3.4 netmask 255.255.255.0 broadcast 10.0.3.255
inet6 fe80::222:48ff:fe08:702c prefixlen 64 scopeid 0x20<link>
ether 00:22:48:08:70:2c txqueuelen 1000 (Ethernet)
RX packets 1162004 bytes 399526773 (399.5 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1336114 bytes 489421711 (489.4 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 974 bytes 97870 (97.8 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 974 bytes 97870 (97.8 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Enable Log and Check LogEnable Logging: Check Logs: There are lots of deny logs from 10.0.3.4 to Internet ip addresses. Create Outbout Rules from LAN to Internet1 Select “Policy & Objects” -> “Firewall Policy”
2 Click the “+ Create New” button
3 Configure the Policy
• Name: AllowOutBound
• Incoming Interface: port2
• Outgoing Interface: port1
• Source: all
• Destination: all
• Schedule: always
• Service: HTTP & HTTPS &ALL_ICMP
• Enable: NAT
• Click OK
root@UbuntuServer:~# apt update
Hit:1 http://azure.archive.ubuntu.com/ubuntu bionic InRelease
Get:2 http://azure.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:3 http://azure.archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:4 http://azure.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages [8570 kB]
Get:5 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:6 http://azure.archive.ubuntu.com/ubuntu bionic/universe Translation-en [4941 kB]
Get:7 http://azure.archive.ubuntu.com/ubuntu bionic/multiverse amd64 Packages [151 kB]
Get:8 http://azure.archive.ubuntu.com/ubuntu bionic/multiverse Translation-en [108 kB]
Get:9 http://azure.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [2328 kB]
Get:10 http://azure.archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [559 kB]
Get:11 http://azure.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1772 kB]
Get:12 http://azure.archive.ubuntu.com/ubuntu bionic-updates/universe Translation-en [384 kB]
Get:13 http://azure.archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [27.3 kB]
Get:14 http://azure.archive.ubuntu.com/ubuntu bionic-updates/multiverse Translation-en [6808 B]
Get:15 http://azure.archive.ubuntu.com/ubuntu bionic-backports/main amd64 Packages [10.3 kB]
Get:16 http://azure.archive.ubuntu.com/ubuntu bionic-backports/main Translation-en [4824 B]
Get:17 http://azure.archive.ubuntu.com/ubuntu bionic-backports/universe amd64 Packages [11.3 kB]
Get:18 http://azure.archive.ubuntu.com/ubuntu bionic-backports/universe Translation-en [5772 B]
Get:19 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [1983 kB]
Get:20 http://security.ubuntu.com/ubuntu bionic-security/main Translation-en [355 kB]
Get:21 http://security.ubuntu.com/ubuntu bionic-security/restricted amd64 Packages [535 kB]
Get:22 http://security.ubuntu.com/ubuntu bionic-security/restricted Translation-en [72.4 kB]
Get:23 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [1158 kB]
Get:24 http://security.ubuntu.com/ubuntu bionic-security/universe Translation-en [266 kB]
Get:25 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [20.9 kB]
Get:26 http://security.ubuntu.com/ubuntu bionic-security/multiverse Translation-en [4732 B]
Fetched 23.5 MB in 5s (4648 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
18 packages can be upgraded. Run 'apt list --upgradable' to see them.
root@UbuntuServer:~#
Install the Apache2 webserver
sudo apt-get install apache2 -y
It should running well and apache will be successfully installed in 5 minutes. This time apt-get should update and the Webserver should install successfully, because the outbound traffic was allowed to pass through the FortiGate.
Configure Fortigate for DMZ Web Server's HTTP Traffic1 In a new tab in your web browser, attempt to connect via http to the same public IP as the FortiGate.This will not be successful because the FortiGate is not configured to respond to port 80. 2 In the FortiGate GUI select “Policy & Objects” -> “Virtual IPs”
3 Click the “+ Create New” button and select “Virtual IP”
4 Create a new virtual IP to forward traffic for interface “port1”
• Name: WebTrafficToWebserver
• Interface: port1
• External IP Address/Range: 10.0.1.4
• Mapped IP Address/Range: 10.0.3.4
• Enable Port Forwarding
• External Service Port: 80
• Map to Port: 80 • Click OK
5 . Select “Policy & Objects” -> “Firewall Policy” You should see the AllowOutBound policy that was previously created. Click the “+ Create New” button. 6 .The new policy will allow all traffic in port1 and out port2 (the reverse of the previous policy).
• Name: WebTrafficToWebserverVIP
• Incoming Interface: port1 • Outgoing Interface: port2 • Source: all • Destination: WebTrafficToWebserver • Service: HTTP • Click OK
Check Logs
Check logs for visiting Web Server 10.0.1.4's public ip address on http port 80: via Blogger http://blog.51sec.org/2022/01/azure-fortigate-vm-test-drive.html January 02, 2022 at 05:48PM Fortigate
This video shows how to download Fortigate VM from Fortinet support website and deploy it into your VMWare workstation lab environment. Basic configuration has been shown in this lab includes: 1. Configure Interface from Command line 2. Configure Topology based on Diagram 3. Configure static route 4. Configure Internet Access Firewall Rule including NAT 5. Configure Zone to Zone firewall rule ==================================================================== If you found this video has some useful information✍, please give me a thumb up ✅ and subscribe this channel ?to get more updates?: ⚡https://www.youtube.com/c/Netsec?sub_confirmation=1 ⚡Resource Collection and Bookmarks: https://sites.51sec.org/ Learning and Sharing - 海内存知己,天涯若比邻 - ⚡https://51sec.org ?https://itprosec.com ----------------------------------------------------------------------------------------------------------------------------------------- Music Credits: ► Ronnifess: Instagram : https://instagram.com/ronniefss17 Facebook : https://facebook.com/ronniefss/ SoundCloud : https://soundcloud.com/ronnie-fss ► Free Music Download Channel https://www.youtube.com/channel/UC_l59BueBNMqXCNZpte_jlA
Watch video on YouTube here: https://youtu.be/Ny6IQFTPeFI by Johnny Netsec
Download and Launch Fortigate Virtual Machine in VMWare WorkStation
This post is to summarize the steps to download and install Fortigate Firewall VM into your VMware workstation for your lab testing. Related Post: DiagramDownload VM
Support site: https://support.fortinet.com/Download/VMImages.aspx
You will need to create your own account for Fortinet website to continue downloading VM images.Please download VM start with FGT and not start with FOS. FOS-VMs are meant to work only in closed environments without Internet access. FOS-VMs license validation process is exclusively taken care of by the FortiMeter module of FortiManager, not by FortiGuard. Upon instantiation, a FOS-VM is provided with a permanent Serial Number. The FOS-VM license status is “Valid”, and is set with a “FortiMeter grace period” value of 1 hour. (From: FOS-VM License management, validation, and troubleshooting) Launch VM into VMWare Workstation
Configuration Port 1 (Mgmt) InterfaceAfter VM complete loaded, it might need to reboot it once then you will be prompted to login:Default username : admin
Password: none
It will require you to change password right away after log in.
Initial Configuration for Port1 (Mgmt) interface. From command line, set por1 a static ip to connect from your browser:
config system interface
edit port1
set mode static
set ip 192.168.2.18 255.255.255.0
append allowaccess http
end
Some commands to check interface and system status
Web GUI Dashboard:
via Blogger http://blog.51sec.org/2022/01/download-and-launch-fortigate-virtual.html January 01, 2022 at 05:31PM Fortigate
How to Manage Azure Resources Effectively
Organize your cloud-based resources to secure, manage, and track costs related to your workloads. To organize your resources, define a management group hierarchy, consider and follow a naming convention, and apply resource tagging.
Understand scopeAzure provides four levels of scope: management groups, subscriptions, resource groups, and resources. The following image shows an example of these layers. You apply management settings at any of these levels of scope. The level you select determines how widely the setting is applied. Lower levels inherit settings from higher levels. For example, when you apply a policy to the subscription, the policy is applied to all resource groups and resources in your subscription. When you apply a policy on the resource group, that policy is applied to the resource group and all its resources. However, another resource group doesn't have that policy assignment. Note: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview Management GroupIf your organization has many subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called "management groups" and apply your governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group. Management groups give you enterprise-grade management at a large scale no matter what type of subscriptions you might have. All subscriptions within a single management group must trust the same Azure Active Directory tenant. You can organize your resource groups for securing, managing, and tracking the costs related to your workflows and applications. For example, you can apply policies to a management group that limits the regions available for virtual machine (VM) creation. This policy would be applied to all management groups, subscriptions, and resources under that management group by only allowing VMs to be created in that region. Hierarchy of management groups and subscriptions You can build a flexible structure of management groups and subscriptions to organize your resources into a hierarchy for unified policy and access management. The following diagram shows an example of creating a hierarchy for governance using management groups. Diagram of a root management group holding both management groups and subscriptions. Some child management groups hold management groups, some hold subscriptions, and some hold both. One of the examples in the sample hierarchy is four levels of management groups with the child level being all subscriptions. You can create a hierarchy that applies a policy, for example, which limits VM locations to the US West Region in the group called "Production". This policy will inherit onto all the Enterprise Agreement (EA) subscriptions that are descendants of that management group and will apply to all VMs under those subscriptions. This security policy cannot be altered by the resource or subscription owner allowing for improved governance. Another scenario where you would use management groups is to provide user access to multiple subscriptions. By moving multiple subscriptions under that management group, you can create one Azure role assignment on the management group, which will inherit that access to all the subscriptions. One assignment on the management group can enable users to have access to everything they need instead of scripting Azure RBAC over different subscriptions. Important facts about management groups
Note: https://docs.microsoft.com/en-us/azure/governance/management-groups/overview Management group accessAzure management groups support Azure role-based access control (Azure RBAC) for all resource accesses and role definitions. These permissions are inherited to child resources that exist in the hierarchy. Any Azure role can be assigned to a management group that will inherit down the hierarchy to the resources. For example, the Azure role VM contributor can be assigned to a management group. This role has no action on the management group, but will inherit to all VMs under that management group. The following chart shows the list of roles and the supported actions on management groups.
Azure custom role support for management groups is currently in preview with some limitations. You can define the management group scope in the Role Definition's assignable scope. That Azure custom role will then be available for assignment on that management group and any management group, subscription, resource group, or resource under it. This custom role will inherit down the hierarchy like any built-in role. Resource groupsThere are some important factors to consider when defining your resource group:
Ways to Create an Azure Resource GroupThere are several ways to create an Azure Resource Group:
Best Practices:
Azure Resource Manager (ARM)
Azure Resource Manager (ARM) is an Azure service you can use to manage and deploy resources using an infrastructure as code paradigm. It enables you to provision, modify, and delete resources using a variety of features including access controls, tags, and locks.
When using Azure Resource Manager, there is some specific terminology you should be aware of. The most common terms include:
Templates combine the benefits of the underlying Azure Resource Manager with the adaptability and readability of JavaScript Object Notation (JSON). Using templates, you can:
Recommendations and Best Practices
Naming ConventionAn effective naming convention composes resource names from important information about each resource. A well-chosen name helps you quickly identify the resource's type, its associated workload, its deployment environment, and the Azure region hosting it. For example, a public IP resource for a production SharePoint workload residing in the West US region might be Keep the length of naming components short to prevent exceeding resource name length limits.
Abbreviations for Azure Resource Types:
Tagging StrategyWhen you apply metadata tags to your cloud resources, you can include information about those assets that couldn't be included in the resource name. You can use that information to perform more sophisticated filtering and reporting on resources. You want these tags to include context about the resource's associated workload or application, operational requirements, and ownership information. This information can be used by IT or business teams to find resources or generate reports about resource usage and billing. Minimum suggested tagsThe following tags will guide implementation and processes in all subsequent Cloud Adoption Framework methodologies. Many of the best practices in those methodologies demonstrate automation of cloud operations and governance based on the following tags.
Manage AccessWhen you plan your access control methodology, we recommend that you work with people in your organizations with the following roles: security and compliance, IT administration, and enterprise architect. The Cloud Adoption Framework offers additional guidance on using Azure role-based access control in your cloud adoption efforts. https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-setup-guide/manage-access When you plan your access control strategy, grant users the least privilege required to get their work done. The following image shows a suggested pattern for assigning Azure RBAC.
Define each role based on apps, business units, or resource groups, etc E.g. dev-reader, dev-contributor, dev-owner Grant resource group accessTo grant a user access to a resource group:
Grant subscription accessTo grant a user access to a subscription:
References
via Blogger http://blog.51sec.org/2022/01/how-to-manage-azure-resources.html January 01, 2022 at 01:37PM Cloud |
|