Azure Automation Runbook to Export Data From Multiple Log Analytics Workspaces

I wrote a runbook a while back to export data from Azure Log Analytics workspaces using it’s search API https://dev.loganalytics.io/documentation/Using-the-API because a customer had a requirement to ingest the logs and metrics from Azure Log Analytics to other 3rd party systems. Recently, I updated this runbook to support searching all workspaces from all subscriptions in one or more management groups. For example, you can use this runbook to extract data from all log analytics workspaces in your AAD tenant if you pass in the root management group name to the runbook. You can find the runbook source code here: https://gist.github.com/tyconsulting/81cd2b80d8b151e38d5b52b80b4c6ee3

Continue reading

Deploying Azure Policy Definitions via Azure DevOps (Part 2)

This is the 2nd installment of the 3-part blog series. You can find the other parts here: Part 1: Custom deployment scripts for policy and initiative definitions Part 2: Pester-test policy and initiative definitions in the build pipeline Part 3: Configuring build (CI) and release (CD) pipelines in Azure DevOps In this part, I will walk through the PowerShell module I have developed to pester-test policy and initiative definitions. My intention is to uses these tests to perform syntax validation in the build pipeline, ensure all the definition files are valid before being deployed in the release pipelines. You can

Continue reading

Deploying Azure Policy Definitions via Azure DevOps (Part 1)

Introduction Recently I needed to deploy a large number of Azure policy and initiative definitions at customer’s environments using Azure DevOps. These definitions needed to be deployed to different environments (different Management Group hierarchies in different Azure AD Tenants). I faced some difficulties when working on this solution, due to the following limitations: 1. Currently templates do not support Management Groups So I can’t use ARM templates in this case. But, I still needed to develop a solution no matter where should the definitions being deployed (either to a management group or a subscription). 2. Limitations in Azure PowerShell cmdlet

Continue reading

PowerShell Module For JSON Schema Validation

Background Few days ago, I needed to validate JSON files against a predefined schema in a build pipeline in Azure DevOps. The validation needed to be performed using the Pester framework, and fail the build if the validation failed. In the past, I’ve always used this script (https://gist.github.com/JamesNK/7e6d026c8b78c049bb1e1b6fb0ed85cf) from James Newton-King, which leverages the JSON.Net libraries he developed. However, this time, I couldn’t it the script working on my Windows 10 laptop. I tried different versions of the DLLs, some won’t load, and the version that loads fine on my laptop threw some errors about System.Runtime library not referenced in

Continue reading

Pester Test Your ARM Template in Azure DevOps CI Pipelines

Introduction It is fair to say, I have spent a lot of time on Pester lately. I just finished up a 12 months engagement with a financial institute here in Melbourne. During this engagement, everyone in the project team had to write tests for any patterns / pipelines they are developing. I once even wrote a standalone pipeline only to perform Pester tests. One of the scenario we had to cater for is: How can you ensure the ARM template you are deploying only deploys the resources that you intended to deploy? In another word, if someone has gone rogue

Continue reading

Deploying PowerShell Modules to NuGet Feeds (Version 2) Using VSTS CI/CD Pipelines

It’s been 2 weeks since my last post, I was half way through my list (of blogs to be written), then Melbourne was hit by a big cold wave, I got sick for over a week because of that, and with the recent outage of VSTS, I only got chance to finalise my code and demo for this post today. Background Last year, I posted an article on how to deploy PowerShell modules from GitHub to MyGet feeds using VSTS. I wasn’t really satisfied with what I did back then, and I had a requirement to develop several VSTS pipelines

Continue reading

Enforcing Code Signing for Azure Automation Runbooks on Hybrid Workers

Towards the end of last year, in order to solve a specific issue, we were planning to introduce Azure Automation Hybrid Workers to the customer I was working for back then. We planned to place the Hybrid Workers inside the on-prem network and execute several runbooks that required to run on-prem. The security team had some concerns – what if the Automation Accounts or Azure subscriptions get compromised? Then the bad guys can run malicious runbooks targeting on-prem machines. long story short, in the end, we managed to get the Hybrid Worker pattern approved and implemented because we can configure

Continue reading

PowerShell Module: PSPesterTest

Few weeks ago, the customer I was working for has a requirement that all the PowerShell scripts and in-house written modules must be validated against PSScriptAnalyzer as part of the build pipelines before it is implemented to their Azure environments in release pipelines. The validation must be performed using Pester so the test results can be easily consumed in the VSTS projects (i.e. dashboards). Luckily, I found this blog post: https://blog.kilasuit.org/2016/03/29/invoking-psscriptanalyzer-in-pester-tests-for-each-rule/, so I used this post as the starting point, and created a PowerShell module that performs pester test by invoking PS Script Analyzer rules. I named this module PSPesterTest.

Continue reading

PowerShell Script to Deploy Subscription Level ARM Templates

Introduction In my previous post, I demonstrated how to deploy Azure Policy definitions that require input parameters via ARM templates. as I mentioned in that post, at the time of writing, the tooling has not been updated to allow subscription level ARM template deployments. The only possible way to deploy such template right now is via the ARM REST API. I have a requirement to deploy subscription level templates in VSTS pipelines. since I can’t use the native AzureRM PowerShell module or the Azure Resource Group Deployment VSTS task, I had to create a PowerShell script that can be used

Continue reading

OpsMgrExtended PowerShell module is now on GitHub and PSGallery

I developed the OpsMgrExnteded module back in 2015 and it was freely available from my company’s website. I also wrote a 18-post blog series on Automating OpsMgr using this module I was also aware of a bug in the New-OMOverride function in the module since 2015. I never got around to fix it because my focus has been shifted away from System Center. I just had a requirement to use this module so I have spent a little bit time yesterday and updated it to version 1.3. Here’s the change log: Bug fixes in New-OMOverride function Added SCOM 2016 SDK

Continue reading
%d bloggers like this: