Azure Security Gather Script Instructions

This guide will walk through the requirements and steps to successfully generate documentation using Documentation as a Service.

Pre-Requesites

  • Powershell version 5.1 or greater (version 7.1 or newer preferred)
  • Powershell modules
    • PowerShellGet version 2.2.0 or greater
    • Az.Resources version 3.4.0 or greater
    • Az.Accounts version 2.2.7 or greater
    • Az.ResourceGraph version 0.8.0 or greater
    • https://docs.microsoft.com/en-us/powershell/azure/install-az-ps
  • Internet Connectivity
  • Read access or higher to an Azure environment
  • Read access of RBAC to scoped Azure subscriptions

Downloading the latest Gather Script

  • Open a Browser and navigate to https://DocumentationAsCode.com
  • Log in with your Softchoice account
  • On the services dashboard, under Documentation as Code, select Azure Security
  • Click the link to download the latest version of the gather script, it will be a zip folder
  • Open your downloads folder and extract the file in the Get-Security.zip to any folder on your computer
    • Make sure to save the gather script somewhere you can find it later on your computer

Running the gather script

  • Browse to where you saved the gather script
  • Right-click on the file and select "Run with Powershell", If you don't have this prompt, open the file with PowerShell ISE and run the script
    • If you get a security warning, click open. Optionally, you can uncheck the "Always ask before opening this file" box to ignore this warning in the future
  • The script will prompt you for credentials, use the Azure account that has access to the environment you want to document
  • The script will start searching for Azure Tenants that you have access to. After a minute, a new GUI window will open asking you to select the tenant that you want documented. Select the tenant and press the "Select Tenant" button.
    • You will get a second authentication pop-up if your identity has access to more than one tenant. This is to refresh your token to see all subscriptions.
  • The GUI will open a second window which will list all the available subscriptions within the selected tenant.
    • Note: You can select all subscriptions by using the checkbox at the top, or limit the scope of the subscriptions with individual checkboxes
  • Once you have selected your subscription(s), click "Go!" in the bottom right corner, closing the GUI.
  • The original PowerShell window will start reading through the environment collecting information from the Azure resources, then save the output JSON file in the standard DaC folder (in your My Documents\DaC folder if it exists or it will use the $home/dac location)
    • Note: The script will remind you where the file is saved at to help find it easier
  • Press Enter when prompted, which will close the PowerShell window
  • Navigate to the standard DaC folder where all of your saved JSON files will exist

    • Note: The name of the JSON file will be "Azure-Security", your tenant ID, along with the timestamp of when the information was gathered.

    GUI

Generating Documentation

  • Return to https://DocumentationAsCode.com
  • Login with your Softchoice account
  • On the services dashboard, under Documentation as Code, select Azure Security
  • Under Generate Reports:
    • Enter the customer's name
    • Enter your name
    • Click the "Browse" button and navigate to the JSON file that the script created.
  • Click Generate Document
  • You'll see a notification that the file has been uploaded and will be delivered shortly
  • Check your email for the documentation, coming from dac@softchoice.com
    • Note: Check your Other or Junk folders if you do not receive your document within 5 minutes
  • Click the Download Document button in the email to download your documentation

Common Errors/Issues

  • Connect-AzAccount is not recognized as the name of a cmdlet
    • Open PowerShell as an Administrator and run "Install-Module Az -force", then select "Yes to All [A]"
  • WARNING: Unable to acquire token for tenant
    • These can be ignored unless one of the tenants is the one you are trying to document.
      1. Open up Powershell and type "Clear-AzContext", and choose "Yes"
    • If that doesn't work:
      1. Open up Powershell and manually log in using "Login-AzAccount -tenantid "
      2. Type cd , press enter
      3. type ".\Get-Security.ps1", press enter
  • Subscription(s) not showing up in the GUI
    • Validate you have at least Reader access to the subscription.
    • Verify in the Powershell terminal that you successfully logged into the customer's tenant and there was no missing tokens for that tenant ID.
  • Not prompting for credentials/frozen/hanging
    • Check to see if the login screen is hidden behind other open windows
    • Try running in a newer version of PowerShell for the best experience (version 7.1 or newer)