Azure Resource Providers registration dictates what types of resources you allow users to provision within your Azure subscription. Although by default, some resource providers are automatically registered, the user must have required permission to register resource providers (https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-supported-services). I had to create a script to bulk-register resource providers for a subscription because normal users have not been given the permissions to do so.
In the following sample script, I am using regular expressions to match the resource provider names, and it is registering all Microsoft resource providers except for the classic (ASM) resource types.
This script requires the following two PowerShell modules:
- AzureRM.Profile (https://www.powershellgallery.com/packages/AzureRM.profile)
- AzureServicePrincipalAccount (https://www.powershellgallery.com/packages/AzureServicePrincipalAccount)
1. Using a Key Based AzureServicePrincipal connection (in Azure Automation as a runbook, explained in my previous post):
Register-AzureResourceProviders.ps1 –AzureConnectionName ‘AzureConnectionName’
2. Using a key-based (not certificate based) Service Principal or an Azure AD user account without Multi-Factor Authentication (MFA) (for key based service principals, use the AAD Application Id as the user name and the key as the password when creating the PSCredential object):
Register-AzureResourceProviders.ps1 –TenantId ‘MyAADTenantID’ –SubscriptionId ‘MyAzureSubscriptionId’ –Credential $Credential
3. Using an AzureAD user account (with or without MFA, you will be prompted to enter the password and may be prompted for MFA if required) – this method only works when you are running this script interactively.
Register-AzureResourceProviders.ps1 –TenantId ‘MyAADTenantID’ –SubscriptionId ‘MyAzureSubscriptionId’ –UserName ‘email@example.com’
Note: For most of scripts I’ve written for Azure, I intentionally avoid using the official AzureRM PowerShell modules (well, this is a topic for another day), but instead, I’m using Azure Resource Manager REST API. The only reason this script requires the AzureRM.Profile module is because my AzureServicePrincipalAccount module requires a DLL from the AzureRM.Profile module in order to obtain the Azure AD oAuth token (for the REST API calls). You may modify the script to suit your requirements by adding / removing the inclusion and exclusion regular expressions (line 103-104).