Adding/Removing a Tenant to/from Reporting
This will walk you through updating the known/used list of tenants to/from the automated reports. Each time we add/remove a tenant, it is necessary to follow these steps in order for the script to continue functioning properly.
Note: This is strictly for updating the script/runbook and its required permissions, please reference https://soteria365.freshservice.com/a/solutions/articles/52000072406 for updating App Registration secrets.
Adding a New Tenant
Creating the App Registration
- Login to the client's specified azure tenant at portal.azure.com.
- Ensure you have at least Cloud App Administrator permissions or GA.
- Navigate to Azure Active Directory and then App Registrations
- Select New Registrationand fill out the information.
-
Name: App - Soteria - Automation Account
-
Supported Account Types: Accounts in this organizational directory only (Single Tenant)
- Press Register to create the app registration.
- You will now see the app under Owned Applications
Creating/Storing the App Secret
- With the new Application Registration created, we can now create and securely store an app secret.
- Select the app created in the above steps to open up its overview page.
- Select Certificates & Secrets and then New Client Secret
- Set the Description to "Secret - Automation Account" and the Expires to 365 Days (12 Months)
- A new secret will be created with random Value and Secret ID.
-
IMPORTANT! Make sure you record this Value in Bitwarden! Once you leave this page, you'll never be able to see the value again
- Please add the Value to Bitwarden as a Secure Note and ensure you've checked the box for Master password re-prompt.
-
With the value saved, you may now proceed with creating the variables.
Creating the Variables
Each script is written in such a way that these variables are all you need to update in order for the new secrets to work properly.
-
Login to portal.azure.com for Soteria.
- Search for/navigate to Automation Accounts.
-
Find the aa-reports-* Automation Account(s)
- At the time of writing this, there is only a single account, aa-reports-accounts, but we expect more to be created later on.
-
Click into each Automation Account and navigate to Variables
-
Under Variables, you'll see various tenant names and their corresponding App Secret and AppID, and Tenant ID variables.
- Select Add a Variable for each of the 3 necessary variables for the tenant.
- You may find the appID/TenantID from the App Registrations page from earlier.
-
IMPORTANT: Ensure the variable names match the naming scheme, or else the script will break.
Updating the Script
- Finally, the script itself needs a slight update in order to know where/how to access the new variables you just created.
- In portal.azure.com, navigate to Automation Accounts, aa-accounts-reports, then Runbooks.
- For both the Active-User-Report and Stale-User-Report, do the following:
- Select the Runbook you wish to edit.
- Selec the Edit button to open the code editor page.
- Edit the $tenantList variable to add your new tenant.
-
IMPORTANT: Make sure your tenant name in here matches the name you set in the created variables.
-
Save the file and Publish it.
Removing a Tenant
Follow the above procedures in reverse, removing all entries instead of adding.
- Remove the tenant from $tenantList
- Remove the 3 variables in the runbooks.
- Delete the App Secret from Bitwarden.
- Delete the App Registration from the tenant.