3b7356daf9
|
||
|---|---|---|
| API Management | ||
| App Service | ||
| Azure Backup | ||
| Azure Monitor | ||
| Azure Resource Graph | ||
| Azure Virtual Desktop | ||
| Connection | ||
| Quick Provisioning | ||
| Virtual Machine | ||
| Well-Architected | ||
| .gitignore | ||
| CODE_OF_CONDUCT.md | ||
| LICENSE | ||
| README.md | ||
| SECURITY.md | ||
| SUPPORT.md | ||
| To-Do-List.md | ||
README.md
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Trademarks
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.
Quick Start
- Review Connection
- Fork a repository or download the necessary script to local computer
- Install the PowerShell Module and Azure CLI (Optional)
- Modify the script (Optional)
- Execute the script
Instruction
Prerequisites
The version stated below is the baseline only, recommend to install newer version
Recommend to run the scripts using the local PowerShell session
| Item | Name | Version | Installation |
|---|---|---|---|
| 1 | PowerShell | 5.1 7.2.2 |
docs.microsoft.com |
| 2 | Az Module | 9.3.0 | PowerShell Gallery |
| 3 | Az.DataProtection Module | 1.0.1 | PowerShell Gallery |
| 4 | Azure Active Directory V2 Module (AzureAD) | 2.0.2.140 | PowerShell Gallery |
| 5 | Azure CLI | 2.35.0 | docs.microsoft.com |
| 6 | ImportExcel | 7.7.0 | PowerShell Gallery |
| 7 | PnP.PowerShell | 1.11.0 | PowerShell Gallery |
Verifying
# Run the command to verify the installed module
Get-InstalledModule
Installation
# Run as Administrator to install for Powershell 7
Install-Module -Name Az -RequiredVersion 9.3.0 -Force -Confirm:$false
Install-Module -Name Az.DataProtection -RequiredVersion 1.0.1 -Force -Confirm:$false
Install-Module -Name ImportExcel -RequiredVersion 7.7.0 -Force -Confirm:$false
Install-Module -Name PnP.PowerShell -RequiredVersion 1.11.0 -Force -Confirm:$false
# Run as Administrator to install for Powershell 5.1
Install-Module -Name AzureAD -RequiredVersion 2.0.2.140 -Force -Confirm:$false
Install-Module -Name ImportExcel -RequiredVersion 7.7.0 -Force -Confirm:$false
# Azure Cloud Shell
Install-Module -Name ImportExcel -RequiredVersion 7.7.0 -Force -Confirm:$false
Install-Module -Name PnP.PowerShell -RequiredVersion 1.11.0 -Force -Confirm:$false
Script Parameter
- Variable under # Global Parameter is expected to modify
- Variable under # Script Variable is expected NOT to modify
- Comment Login section in the script if using Connect-To-Cloud.ps1 to login Azure
Subscription Management
Most of the scripts support to retrieve information or modify configuration from multiple subscriptions. There is a simple foreach loop to iterate through the subscriptions in the scripts.
foreach ($Subscription in $Global:Subscriptions) {
}
Below are the sample command to retrieve subscription(s) which will be assigned to variable $Global:Subscriptions
# Exclude disabled or legacy subscription
$TenantId = "Tenant Id"
$Global:Subscriptions = Get-AzSubscription -TenantId $TenantId | ? {$_.State -eq "Enabled" -and $_.Name -ne "Access to Azure Active Directory"}
# Get specific subscription
$TenantId = "Tenant Id"
$SubscriptionName = "Subscription Name"
$Global:Subscriptions = Get-AzSubscription -TenantId $TenantId | ? {$_.Name -like "*$SubscriptionName*"}
Issue Log
1. AzureAD Module
Encounter error using Connect-AzureAD due to the module is not compatible with PowerShell 7
Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly
Workaround
Use PowerShell 5.1
Reference
2. Azure Application Gateway with Redirection Rule
Fail to provision using following commands
# Using RedirectConfiguration
$RedirectConfiguration = New-AzApplicationGatewayRedirectConfiguration -Name "DefaultRedirectConfiguration" -RedirectType Permanent -TargetUrl "http://8.8.8.8"
$RoutingRule = New-AzApplicationGatewayRequestRoutingRule -Name "DefaultRoutingRule"-RuleType Basic -HttpListener $HttpListener -RedirectConfiguration $RedirectConfiguration -BackendHttpSettings $BackendHttpSetting
# Using RedirectConfigurationId
$RedirectConfiguration = New-AzApplicationGatewayRedirectConfiguration -Name "DefaultRedirectConfiguration" -RedirectType Permanent -TargetUrl "http://8.8.8.8" -IncludePath $false -IncludeQueryString $false
$RoutingRule = New-AzApplicationGatewayRequestRoutingRule -Name "DefaultRoutingRule"-RuleType Basic -HttpListenerId $HttpListener.Id -RedirectConfigurationId $RedirectConfiguration.Id
# Above command encounter same error message
# New-AzApplicationGateway: Resource...agw-core-prd-sea-001/redirectConfigurations/DefaultRedirectConfiguration referenced by resource...agw-core-prd-sea-001/requestRoutingRules/DefaultRoutingRule was not found. Please make sure that the referenced resource exists, and that both resources are in the same region.
Workaround
Use Azure Portal to provision
3. PnP Online
Unable to login using Connect-PnPOnline
Connect-PnPOnline:
Line |
2 | Connect-PnPOnline -Url $SiteURL -Credentials $Cred
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| AADSTS65001: The user or administrator has not consented to use the application with ID '31359c7f-bd7e-475c-86db-fdb8c937548e' named 'PnP Management Shell'. Send an interactive authorization request for this user and resource.
Trace ID: 246ce9c8-fee6-4efd-a68b-a837a9f85500
Correlation ID: 14f0e0fc-0bd6-44ec-beff-2af5f2472622
Timestamp: 2022-05-31 03:43:47Z
Connect-PnPOnline: Cannot find certificate with this thumbprint in the certificate store.
- Azure function: Cannot find certificate with this thumbprint in the certificate
- Granting access via Azure AD App-Only
Solution
Refer to provided links to register the service principle with proper API permission assigned
4. Azure Automation Runbooks Job
Turning into suspended mode when adding file to Sharepoint
- Azure Automation Runbook job goes into suspended mode when adding file to Sharepoint
- Connect SPonline using pnp by Azure app registration
- Add-PnPListItem - failing in RunBook on Azure Automation
Solution
Refer to provided links to register the service principle with proper API permission assigned
Appendix
1. Disable warning messages in Azure PowerShell
# Disable breaking change warning messages
Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings -Value "true"
# SuppressAzurePowerShellBreakingChangeWarnings Variable may not work for specific Az command, add Common Parameters 'WarningAction' instead
# Example
Get-AzMetric -ResourceId $ResourceId -MetricName 'storage' -WarningAction SilentlyContinue
Reference
- Configuration
- Common Parameters
- Add to PowerShell profile to execute this command when every PowerShell session start
2. Enable Azure Preview Feature
Allow updating Virtual Network Address Space without remove peering
# Verify AllowUpdateAddressSpaceInPeeredVnets is registered per Subscription
az feature show --namespace "Microsoft.Network" --name "AllowUpdateAddressSpaceInPeeredVnets"
# Register AllowUpdateAddressSpaceInPeeredVnets per Subscription
az feature register --namespace "Microsoft.Network" --name "AllowUpdateAddressSpaceInPeeredVnets"
# Once 'AllowUpdateAddressSpaceInPeeredVnets' is registered, invoke to get the change propagated
az provider register -n Microsoft.Network
Managed Disk with Zone redundant
# Register
Register-AzProviderFeature -FeatureName "SsdZrsManagedDisks" -ProviderNamespace "Microsoft.Compute"
# Verify
Get-AzProviderFeature -FeatureName "SsdZrsManagedDisks" -ProviderNamespace "Microsoft.Compute"
Image and Snapshot with Zone redundant
# Register
Register-AzProviderFeature -FeatureName "ZRSImagesAndSnapshots" -ProviderNamespace "Microsoft.Compute"
# Verify
Get-AzProviderFeature -FeatureName "ZRSImagesAndSnapshots" -ProviderNamespace "Microsoft.Compute"
3. Differences between Windows PowerShell 5.1 and PowerShell 7.x
Multi-threading
All scripts with Multi-threading Capability (Mainly apply to Well-Architected scripts) require PowerShell v7.* by using Pipeline parallelization with ForEach-Object -Parallel
Reference
- Official Detail Guide
- What's New in PowerShell 7.0
- RunspaceFactory.CreateRunspacePool Method
- Beginning Use of PowerShell Runspaces: Part 1
- PowerShellTaskRunner.cs
Get-WmiObject
WMI cmdlets have been replaced with the CIM cmdlets
# Example
Get-CimInstance -ClassName <ClassName>
Reference