When Squared Up meets Windows Admin Center

I have been in the private preview for Project Honolulu (now called Windows Admin Center) for quite long time before it became GA and I am a big fan of it. I have also been a long time Squared Up fan, and I was one of their very first customers at my previous job. I was really excited when Squared Up asked me to test their integration with Windows Admin Center couple of weeks ago. To me, it makes perfect sense if you have already deployed Windows Admin Center and are also using SCOM and Squared Up. Since Windows Admin

OpsMgrExtended PowerShell module is now on GitHub and PSGallery

I developed the OpsMgrExnteded module back in 2015 and it was freely available from my company’s website. I also wrote a 18-post blog series on Automating OpsMgr using this module I was also aware of a bug in the New-OMOverride function in the module since 2015. I never got around to fix it because my focus has been shifted away from System Center. I just had a requirement to use this module so I have spent a little bit time yesterday and updated it to version 1.3. Here’s the change log: Bug fixes in New-OMOverride function Added SCOM 2016 SDK

Managing Azure VM Hybrid Use Benefit Configuration Using Azure Policy

The Azure Policy is a great tool to manage your standards and policies within your Azure subscriptions. In addition to the built-in policies from the Azure Portal, the product team also provides a public GitHub repository to share custom policy definitions to the community. At the time of writing this post, there are already 2 policy definitions in this GitHub repo for managing the Hybrid Use Benefit (BYO license) for Windows VMs: Enforce Hybrid Use Benefit: https://github.com/Azure/azure-policy/tree/master/samples/Compute/enforce-hybrid-use-benefit Deny Hybrid Use Benefit: https://github.com/Azure/azure-policy/tree/master/samples/Compute/deny-hybrid-use-benefit These 2 policy definitions are maturely exclusive. If you apply the Enforce policy, you will not be able

Creating Azure Monitor Alerts using Azure Log Analytics Query Language Based On Azure Automation Runbook Job Output

Well, this post has such a long title – but I’ve tried my best. It is based on an idea I had – We all have many “Health Check” PowerShell scripts in our collections, why not use them in OMS without too much modification and generate meaningful alerts based on the outputs of these scripts? I have been meaning to write this post for at least 4 months, I finally found some spare time this weekend so I can work on this. In the past, when I was still working on System Center Operations Manager, I always get requests from

Log-In to AzureRM PowerShell module using oAuth Tokens

In my last post, I demonstrated how to generate Azure AD oAuth tokens using my AzureServicePrincipalAccount PowerShell module. Although personally, I pretty much use Azure Resource Manager REST API for everything – this is where the oAuth token come in play, but often, I have seen colleagues and customers use a mixture of both ARM REST APIs calls and AzureRM modules within same PowerShell scripts. This could potentially be troublesome because in order to use AzureRM modules, you will need to sign-in to Azure using Add-AzureRMAccount (or it’s alias Login-AzureRMAccount). Luckily, Add-AzureRMAccount also supports signing in using an existing AAD

Generating Azure AD oAuth Token in PowerShell

Recently in a project that I’m currently working on, myself and other colleagues have been spending a lot of time dealing with Azure AD oAuth tokens when developing code for Azure. There are so many scenarios and variations when trying to generate the token, and you have probably seen a lot of samples on the Internet already. I have spent a lot of time trying to develop a common method that the project team can use in all the scenarios. To summarise, you can generate oAuth tokens for the following security principals (and different configurations): Azure AD Application Service Principals

Bulk Register Azure Resource Providers Using PowerShell

Azure Resource Providers registration dictates what types of resources you allow users to provision within your Azure subscription. Although by default, some resource providers are automatically registered, the user must have required permission to register resource providers (https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-supported-services). I had to create a script to bulk-register resource providers for a subscription because normal users have not been given the permissions to do so. In the following sample script, I am using regular expressions to match the resource provider names, and it is registering all Microsoft resource providers except for the classic (ASM) resource types. View the code on Gist. This

Generating Unique GUIDs in Azure Resource Manager Templates

If you have worked on ARM templates, you have probably already faced challenges when you need to use GUIDs within the templates. Currently there are several ways to generate GUID that  I can find on the Internet: Generating GUIDs in PowerShell and then pass them into the ARM templates Using a nested template to generate GUID – https://github.com/davidjrh/azurerm-newguid Using an Azure Function app – https://geeks.ms/davidjrh/2017/08/01/providing-a-guid-function-in-azure-resource-manager-templates-with-azure-functions/ Few weeks ago, I was working on an ARM template, where I need to generate 100+ Azure Automation runbook job schedules. For each job schedule, the ‘name’ property is a GUID, which needed to be

Restricting Public-Facing Azure Storage Accounts Using Azure Resource Policy

Background Back in September 2017, Microsoft has announced Virtual Network Service Endpoints for Azure Storage and Azure SQL at Ignite. This feature prevents Storage Accounts and Azure SQL Databases from being accessed from the public Internet. A customer had a requirement to enforce all storage accounts to be attached to VNets as part of their security policies. The Azure Resource Policy seems to be the logical solution for this requirement. In order to make this possible, I have contacted the Azure Policy product team, and thanks for their prompt response, this is now possible – although at the time of

Getting Azure AD Tenant Common Configuration Such as Tenant ID Using PowerShell

It has been a long time since my last post. I was very busy right until the Christmas eve, and it my to-be-blogged list is getting longer and longer. I had a very good break during the holiday period. My partner and I took our daughter to Sydney on the Christmas day and spent 5 days up there. When we were in Sydney, I visited Hard Rock Cafe for the first time in my life, and also spent 2 days with my buddy and MVP colleague Alex Verkinderen. Now that I’m somewhat recharged, I will start working on the backlog

%d bloggers like this: