Created
May 4, 2022 05:19
-
-
Save wipash/49d76b4c244eeed51a417b49095dfc09 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Azure AD Config Backup | |
on: | |
workflow_dispatch: | |
# Runs daily at 4pm UTC | |
schedule: | |
- cron: "0 16 * * *" | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
backup-aad-config: | |
name: Backup Azure AD Config | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Azure Login using OIDC | |
uses: azure/login@v1 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
enable-AzPSSession: true | |
allow-no-subscriptions: true | |
- name: Log in to MS Graph and back up Azure AD | |
uses: Azure/powershell@v1 | |
with: | |
azPSVersion: "latest" | |
inlineScript: | | |
## Install MS Graph auth module, and log in to MS Graph | |
Install-Module Microsoft.Graph.Authentication -Scope CurrentUser -Force | |
$token = Get-AzAccessToken -ResourceTypeName MSGraph | |
Connect-MgGraph -AccessToken $token.Token | |
Get-MgContext | |
$global:TenantID = (Get-MgContext).TenantId | |
## Ensure output folder exists, and remove existing output files | |
Write-Host '## Cleaning out output folder' | |
$OutputPath = Join-Path $env:GITHUB_WORKSPACE -ChildPath 'AAD Config' | |
[System.IO.Directory]::CreateDirectory($OutputPath) | Out-Null | |
Get-ChildItem $OutputPath | Remove-Item -Recurse -Force | |
## Install AzureADExporter | |
Write-Host '## Installing AzureADExporter' | |
# Install-Module AzureADExporter -Scope CurrentUser -Force | |
#### Temporary fix #### | |
git clone https://github.com/wipash/azureadexporter --branch recursion-fix ../azureadexporter | |
Import-Module ../azureadexporter/src/AzureADExporter.psd1 -Force | |
####################### | |
## Export AAD Config | |
Write-Host '## Exporting Azure AD config' | |
Write-Host "# Export-AzureAD -Path $OutputPath -Type 'AccessReviews', 'ConditionalAccess', 'Groups', 'Applications', 'B2C', 'B2B', 'AppProxy', 'Organization', 'Domains', 'EntitlementManagement', 'Policies', 'AdministrativeUnits', 'SKUs', 'Identity', 'Roles', 'Governance'" | |
Export-AzureAD -Path $OutputPath -Type 'AccessReviews', 'ConditionalAccess', 'Groups', 'Applications', 'B2C', 'B2B', 'AppProxy', 'Organization', 'Domains', 'EntitlementManagement', 'Policies', 'AdministrativeUnits', 'SKUs', 'Identity', 'Roles', 'Governance' | |
- name: Commit changes | |
uses: EndBug/add-and-commit@v9 | |
with: | |
message: Update Azure AD configuration | |
default_author: github_actions |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment