New PowerShell Module For Azure Automation: AzureServicePrincipalAccount

I’m currently working on a project where there has been a lot of discussion on how to use Azure AD Service Principals in Azure Automation and other solutions that involves any automated processes (i.e. VSTS pipelines). When signing in to Azure using a Service Principal, you can use either a key (password) or a certificate associated to the Service Principal. When using the Add-AzureRMAccount cmdlet, you can use one of the following parameter set: Key (password) based: Azure AD Tenant ID Azure Subscription Name or ID PS Credential object User name: Azure AD Application ID Password: Service Principal key Certificate

AzureTableEntity PowerShell Module Updated

I have updated the AzureTableEntity PowerShell module few days ago. The latest version is 1.0.3.0 and it is published at: PowerShell Gallery: https://www.powershellgallery.com/packages/AzureTableEntity/1.0.3.0 GitHub: https://github.com/tyconsulting/AzureTableEntity-PowerShell-Module/releases What’s changed? New function Merge-AzureTableEntity Merge one or more entities in a Azure table. Please make sure you understand the difference between Azure table merge and update operations: Update: replace entity fields with the the fields specified in the update operation Merge: update the value of existing fields specified in the merge operation If you want to update the value of an existing field and having the rest of the fields unchanged, make sure you

Azure Functions Demo: Voting App

Back in April this year, Pete Zerger (@pzerger) and I delivered two sessions in Experts Live Australia. One of which is titled “Cloud Automation Overview”. During this session, we have showed off a pretty cool voting demo app that is made up with Azure Functions, Key Vault, Azure SQL DB and Power BI. As shown above, this demo app allows attendees in our session to vote on a topic that we have chosen by scanning QR codes using mobile devices. In this case, since we were delivering the session in Melbourne Australia, we have decided to let people to vote

Preventing Azure Automation Concurrent Jobs In the Runbook

Recently when I was writing an Azure Automation PowerShell runbook, I had an requirement that I need to make sure there should be only one job running at any given time. Since this runbook will be triggered by a webhook from external systems, there was no way for me to control when and how the webhook would be triggered. So I had to add some logic in the runbook that only execute the core code block if there are no other jobs running. The key for this technique is to use the built-in variable that is available in any Azure

Programmatically Creating Azure Automation Runbook Webhooks Targeting Hybrid Worker Groups

In Azure Automation, you can create a webhook for a runbook and target it to a Hybrid Worker group (as opposed to run on Azure). In the Azure portal, it is pretty easy to configure this ‘RunOn’ property when you are creating the webhook. However, at the time of writing this blog post, it is STILL not possible to specify where the webhook should target when creating it using the Azure Automation PowerShell module AzureRM.Automation (version 3.1.0 at the time of writing). The cmdlet New-AzureRMAutomationWebhook does not provide a parameter where you can specify the webhook “RunOn” target: there are

PowerShell Function to Get Azure AD Token

When making Azure Resource Manager REST API calls, you will firstly need to obtain an Azure AD authorization token and use it to construct the authorization header for your HTTP requests. My good friend Stanislav Zhelyazkov (@StanZhelyazkov) has written a PowerShell function call Get-AADToken as part of the OMSSearch PowerShell module for this purpose. You can find it in the OMSSearch project’s GitHub repo: https://github.com/slavizh/OMSSearch/blob/master/OMSSearch.psm1 I have been using this functions in many projects in the past and it served me well. However, the limitation for Stan’s function is that it only works with user principals – you can only generate

Deploying ARM Templates with Artifacts Located in a Private GitHub Repository

Background I have spent the last few days authoring an Azure Resource Manager (ARM) template. The template is stored in a private GitHub repository. It contains several nested templates, one of which deploys an Azure Automation account with several runbooks. For the nested templates and automation runbooks, the location must be a URI. Therefore the nested templates and the Azure Automation runbooks that I wish to deploy in the ARM templates must be located in location that is accessible by Azure Resource Manager. There are many good examples in the Azure Quickstart Template GitHub repository, for example, in the oms-all-deploy

Using Postman Invoking Azure Resource Management APIs

When working with REST APIs, Postman (https://getpostman.com) is a popular tool that needs no further introductions. This week, I’ve been pretty busy working on the upcoming Inside OMS V2 book, and I’m currently focusing on the various OMS REST APIs for the Custom Solutions chapter. I want to use Postman to test and demonstrate how to use the OMS REST APIs. Since most of the ARM based APIs requires oAuth token in the authorization header, I needed to configure Postman to contact Microsoft Graph API in order to generate the token for the API calls. Initially, I thought this would

Be Cautious When Designing Your Automation Solution that Involves Azure Automation Azure Runbook Workers

Over the last few weeks, it occurred to me twice that I had to change my original design of the automation solutions I was working on because of the limitations of Azure Automation Azure Runbook Workers. Last month, my fellow CDM MVP Michael Rueefli has published an article and explained Why deploying Hybrid Runbook Workers on Azure makes sense. In Michael’s article, he listed some infrastructural differences between Azure runbook workers and the Hybrid runbook workers. However, the issues that I faced that made me to change my design were caused by the functional limitations in Azure runbook workers. Therefore

Using Azure Key Vault as the Password Repository For You and Your Team

Over the past decade, I have used several password management applications such as Password Safe, KeePass and LastPass. Out of these products, only LastPass is cloud based. I have been hesitate to use LastPass over the last few years and stayed with KeePass because of the LastPass data breach back in 2015. Few months ago, my friend Alex Verkinderen finally convinced me to start using LastPass again. But this time, in order to be more secure and being able to use Multi-Factor Authentication (MFA), I have purchased a premium account and also purchased a YubiKey Neo for MFA. I understand

%d bloggers like this: