Background Back in September 2017, Microsoft has announced Virtual Network Service Endpoints for Azure Storage and Azure SQL at Ignite. This feature prevents Storage Accounts and Azure SQL Databases from being accessed from the public Internet. A customer had a requirement to enforce all storage accounts to be attached to VNets as part of their security policies. The Azure Resource Policy seems to be the logical solution for this requirement. In order to make this possible, I have contacted the Azure Policy product team, and thanks for their prompt response, this is now possible – although at the time ofContinue reading
It has been a long time since my last post. I was very busy right until the Christmas eve, and it my to-be-blogged list is getting longer and longer. I had a very good break during the holiday period. My partner and I took our daughter to Sydney on the Christmas day and spent 5 days up there. When we were in Sydney, I visited Hard Rock Cafe for the first time in my life, and also spent 2 days with my buddy and MVP colleague Alex Verkinderen. Now that I’m somewhat recharged, I will start working on the backlogContinue reading
Savision and NiCE are getting together and delivering a webinar on Office 365 monitoring and dashboard next week. The webinar is taking place on Wednesday 13th December on 16:00 Central European Time / 10:00 Eastern Standard Time. You can find the details registration form here: https://www.savision.com/webinars/online-session-office365-monitoring-scomContinue reading
One of the big challenges when working with OpsMgr is finding all the good community management packs. Although Microsoft has provided a “Partner Solutions” section in the OpsMgr console to publish 3rd party management packs, it was designed to advertise commercial MPs developed by partner ISVs. From what I learned, the bar is too high to get your MP listed there, and for my community MPs, I don’t see myself spending time and effort to try get my MPs listed there since they are free and I don’t make any $$$ from these MPs. Squared Up has recently released aContinue reading
Currently Microsoft is in the process of upgrading all OMS Log Analytics workspaces to the new query language (named Kusto). Once your workspace has been upgraded, you will no longer able to invoke search queries using the Get-AzureRmOperationalInsightsSearchResults cmdlet from the AzureRM.OperationalInsights PowerShell module. Kusto comes with a new set of REST APIs, you can find the documentation site here: https://dev.int.loganalytics.io. According to the documentation, this REST API has the following limitations: Queries cannot return more than 500,000 rows Queries cannot return more than 64,000,000 bytes (~61 MiB total data) Quries cannot run longer than 10 minutes by default. FromContinue reading
I needed to find a way to restrict ALL Azure Service Manager (ASM, aka Classic) resources on the subscription level. Azure Resource Policy seems to be a logical choice. So I quickly developed a very simple Policy Definition: View the code on Gist. Once I have deployed the definition and assigned it to the subscription level (using PowerShell commands listed below), I could no longer deploy ASM resources:
#Set the Subscription ID
$subscriptionId = '7c6bd10f-ab0d-4a8b-9c32-548589e1142b'
Select-AzureRmSubscription -Subscription $subscriptionId
$definition = New-AzureRmPolicyDefinition -Name "restrict-all-asm-resources" -DisplayName "Restrict All ASM Resources" -description "This policy enables you to restrict ALL Azure Service Manager (ASM, aka Classic) resources." -Policy '.\Restrict-ALL-ASM-Resources.json' -Mode All
$assignment = New-AzureRMPolicyAssignment -Name 'Restrict All ASM Resources' -PolicyDefinition $definition -Scope "/subscriptions/$subscriptionId"
i.e. when I tried to create a classic VNet, I could not pass the validation:Continue reading
I’m currently working on a project where there has been a lot of discussion on how to use Azure AD Service Principals in Azure Automation and other solutions that involves any automated processes (i.e. VSTS pipelines). When signing in to Azure using a Service Principal, you can use either a key (password) or a certificate associated to the Service Principal. When using the Add-AzureRMAccount cmdlet, you can use one of the following parameter set: Key (password) based: Azure AD Tenant ID Azure Subscription Name or ID PS Credential object User name: Azure AD Application ID Password: Service Principal key CertificateContinue reading
I have updated the AzureTableEntity PowerShell module few days ago. The latest version is 220.127.116.11 and it is published at: PowerShell Gallery: https://www.powershellgallery.com/packages/AzureTableEntity/18.104.22.168 GitHub: https://github.com/tyconsulting/AzureTableEntity-PowerShell-Module/releases What’s changed? New function Merge-AzureTableEntity Merge one or more entities in a Azure table. Please make sure you understand the difference between Azure table merge and update operations: Update: replace entity fields with the the fields specified in the update operation Merge: update the value of existing fields specified in the merge operation If you want to update the value of an existing field and having the rest of the fields unchanged, make sure youContinue reading
Introduction Lately I have been playing with VSTS and its CI/CD capabilities. Since I have been writing a lot of PowerShell modules and I’m using GitHub and MyGet in this kind of projects, I thought a good scenario to build is to use VSTS CI/CD pipeline to automatically deploy the module from GitHub to my MyGet feed whenever I commit to the master branch for the particular PS module. In summary, this is the process: I commit code changes to master branch VSTS starts the build process (CI) fetch the artefact run pester test making sure the module can beContinue reading
Few days ago, the Inside OMS Book version 2 has been released as a free ebook to the TechNet Gallery: http://bit.ly/InsideOMS A lot has changed since the first release of the book and even when we were writing the version 2, I constantly feel that we are shooting a moving target. Now looking back, we have been working very very hard over the last 10 months. Comparing with version 1, the size of the book increased from ~450 pages and 12 chapters to ~750 pages and 17 chapters. This time, other than the authors, we are fortunate that we haveContinue reading