Deploying Management Group Level Custom RBAC Role Using ARM Templates

Although custom RBAC roles can be deployed using subscription-level ARM templates, they are actually tenant level resources. When you deploy a custom RBAC role using a subscription-level template for the first time, it will work, but if you deploy the same custom role again to another subscription within the same tenant, the deployment will fail because the role already exists. To make the role available in additional subscriptions, you must modify the assignment scope of the role definition, making it available to other subscriptions. Recently, Microsoft has made custom RBAC roles available on Management Groups level. This greatly simplified the

Continue reading

Azure Automation Runbook to Export Data From Multiple Log Analytics Workspaces

I wrote a runbook a while back to export data from Azure Log Analytics workspaces using it’s search API https://dev.loganalytics.io/documentation/Using-the-API because a customer had a requirement to ingest the logs and metrics from Azure Log Analytics to other 3rd party systems. Recently, I updated this runbook to support searching all workspaces from all subscriptions in one or more management groups. For example, you can use this runbook to extract data from all log analytics workspaces in your AAD tenant if you pass in the root management group name to the runbook. You can find the runbook source code here: https://gist.github.com/tyconsulting/81cd2b80d8b151e38d5b52b80b4c6ee3

Continue reading
%d bloggers like this: