SCOM Self Maintenance Management Pack for SCOM 2019 now available

Good news! OpsMgr Self Maintenance MP v3.1 is now available from cookdown.com https://cookdown.com/scom-essentials/self-maintenance/ Whats New? SCOM 2016, 1801/1807 and 2019 support Retired the 2007 version of the MP Completely re-written the MP with a new name Several new monitors Various bug fixes decommissioned OMS add-on MP Additional quick start override MP Self Maintenance MP now owned/maintained by Cookdown Who are Cookdown? Cookdown are a new company span out from Squared Up (known for awesome HTML 5 dashboards for SCOM + Azure). Cookdown where setup specifically to solve the challenges SCOM faces today – SCOM continues to be used in large

Continue reading

Configuring Azure Management Group Hierarchy Using Azure DevOps

Previously, I have published a 3-part blog series on deploying Azure Policy Definitions via Azure DevOps (Part 1, Part 2, Part 3). It covered one aspect of implementing Azure Governance using code and pipelines. There are at least 2 additional areas I haven’t covered: Configuring Management Group hierarchy Policy & Initiative assignments In this post, I’ll cover how I managed to implement the management group hierarchy using Azure DevOps. I will cover policy & initiative assignment in a future blog post. Problem Statement Before I dive into the technical details, I’d like to firstly explain why is this required? In

Continue reading

Cross-Blog: How to Create Azure Monitor Alerts for Non-Compliant Azure Policies

Recently, I have been asked to contribute to Microsoft’s ITOps Talk blog. My first article “How to Create Azure Monitor Alerts for Non-Compliant Azure Policies” have just been published. You can read it here: https://techcommunity.microsoft.com/t5/ITOps-Talk-Blog/How-to-Create-Azure-Monitor-Alerts-for-Non-Compliant-Azure/ba-p/713466

Continue reading

Deploying Management Group Level Custom RBAC Role Using ARM Templates

Although custom RBAC roles can be deployed using subscription-level ARM templates, they are actually tenant level resources. When you deploy a custom RBAC role using a subscription-level template for the first time, it will work, but if you deploy the same custom role again to another subscription within the same tenant, the deployment will fail because the role already exists. To make the role available in additional subscriptions, you must modify the assignment scope of the role definition, making it available to other subscriptions. Recently, Microsoft has made custom RBAC roles available on Management Groups level. This greatly simplified the

Continue reading

Azure Automation Runbook to Export Data From Multiple Log Analytics Workspaces

I wrote a runbook a while back to export data from Azure Log Analytics workspaces using it’s search API https://dev.loganalytics.io/documentation/Using-the-API because a customer had a requirement to ingest the logs and metrics from Azure Log Analytics to other 3rd party systems. Recently, I updated this runbook to support searching all workspaces from all subscriptions in one or more management groups. For example, you can use this runbook to extract data from all log analytics workspaces in your AAD tenant if you pass in the root management group name to the runbook. You can find the runbook source code here: https://gist.github.com/tyconsulting/81cd2b80d8b151e38d5b52b80b4c6ee3

Continue reading

A Simple Dynamic DNS Solution Based on Azure PaaS Services

Background Many of us have used some kind of dynamic DNS services in the past. It is particularly useful for home network since it is very rare that ISPs provide static IP addresses free of charge nowadays. Most of the home broadband modem and routers support some kind of dynamic DNS services. I’ve used a popular dynamic DNS provider many years ago. Back then, it was free. Then they started charging people for using their service. I think having to pay $50+ per year is too much for such simple service. Luckily my home broadband plan came with a static

Continue reading

Updated Azure Policy for Azure Diagnostic Settings

Few months ago, I published a set of Azure Policy definitions to configure Azure resources diagnostic settings. You can find the original post here: https://blog.tyang.org/2018/11/19/configuring-azure-resources-diagnostic-log-settings-using-azure-policy/. The definitions were offered in the form of an ARM template. Since then, I have updated these policies, with the following updates: Additional policies for connecting Diagnostic Settings to Azure Event Hub In addition to policies to connect diagnostic settings to Log Analytics, I have added another set of policies to connect diagnostic settings of applicable resources to Azure Event Hubs Added ExistenceCondition in policy definitions ExistenceCondition detects if the resource you are trying to

Continue reading

New Azure Policy Definition: Deploy Microsoft IaaSAntimalware extension with custom configurations

Microsoft provides a built-in Azure Policy definition for deploying Windows Defender VM Extension. The name of this policy definition is Deploy default Microsoft IaaSAntimalware extension for Windows Server (id: /providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc) This policy definition has many limitations: It does not support Windows 10 VMs It does not support custom VM images It does not support customization of the Windows Defender configurations (i.e. scan exclusions, etc.) I had a requirement to automatically deploy this VM extension with customised configuration. So I have re-written this policy, addressed all the limitations listed above. You can find it at my Azure Policy GitHub repo: https://github.com/tyconsulting/azurepolicy/tree/master/policy-definitions/deploy-windows-defender-vm-extension-custom-config.

Continue reading

New Azure Policy Definition: Deploy VM Shutdown Schedule

I wrote an Azure Policy definition few days ago, it deploys VM shutdown schedule together with VMs using deployIfNotExists effect. You can find it at my Azure Policy GitHub repo: https://github.com/tyconsulting/azurepolicy/tree/master/policy-definitions/deploy-vm-shutdown-schedule. This policy will be very useful when managing non-production workload. Input parameters: Deployed schedule:

Continue reading

Deploying Azure Policy Definitions via Azure DevOps (Part 3)

This is the 3rd and final installment of the 3-part blog series. You can find the other parts here: Part 1: Custom deployment scripts for policy and initiative definitions Part 2: Pester-test policy and initiative definitions in the build pipeline Part 3: Configuring build (CI) and release (CD) pipelines in Azure DevOps In this part, I will walk through how I configured the build and release pipelines for deploying policy and initiative definitions at scale. Pre-requisites The following pre-requisistes are required before start creating the pipelines: 1. Creating Azure AD Service Principals We need to create service principals in each

Continue reading
%d bloggers like this: