Azure Platform Automation using Az PowerShell module and Azure CLI
Перейти к файлу
ichiche 3b7356daf9 Delete Get-AVD-Usage.ps1 2023-11-21 01:20:08 +08:00
API Management Update API Management config 2023-02-12 17:02:50 +08:00
App Service File Upload 2022-11-20 13:22:09 +08:00
Azure Backup Create Get-BackupItem-JobStatus.ps1 2023-02-10 17:42:24 +08:00
Azure Monitor Create Get-AzureResource.ps1 2023-04-03 22:38:55 +08:00
Azure Resource Graph Create Get-KeyVault-AuditLog.csl 2022-12-03 12:06:53 +08:00
Azure Virtual Desktop Delete Get-AVD-Usage.ps1 2023-11-21 01:20:08 +08:00
Connection Update Connection script and README 2023-02-12 15:24:54 +08:00
Quick Provisioning Update Create-Firewall.ps1 2022-12-03 12:11:19 +08:00
Virtual Machine Update Get-vCPU-UsageQuota.ps1 2023-03-05 15:02:55 +08:00
Well-Architected Update Get-DiagnosticSetting.ps1 2023-10-15 06:07:02 +08:00
.gitignore Initial commit 2022-09-18 16:44:51 +00:00
CODE_OF_CONDUCT.md CODE_OF_CONDUCT.md committed 2022-09-18 09:44:56 -07:00
LICENSE LICENSE committed 2022-09-18 09:44:57 -07:00
README.md Update README.md 2023-03-08 07:46:12 +08:00
SECURITY.md SECURITY.md committed 2022-09-18 09:44:59 -07:00
SUPPORT.md SUPPORT.md committed 2022-09-18 09:45:00 -07:00
To-Do-List.md Create To-Do-List.md 2022-09-19 04:03:51 +08:00

README.md

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.

Quick Start

  1. Review Connection
  2. Fork a repository or download the necessary script to local computer
  3. Install the PowerShell Module and Azure CLI (Optional)
  4. Modify the script (Optional)
  5. Execute the script

Instruction

Prerequisites

The version stated below is the baseline only, recommend to install newer version

Recommend to run the scripts using the local PowerShell session

Item Name Version Installation
1 PowerShell 5.1
7.2.2
docs.microsoft.com
2 Az Module 9.3.0 PowerShell Gallery
3 Az.DataProtection Module 1.0.1 PowerShell Gallery
4 Azure Active Directory V2 Module (AzureAD) 2.0.2.140 PowerShell Gallery
5 Azure CLI 2.35.0 docs.microsoft.com
6 ImportExcel 7.7.0 PowerShell Gallery
7 PnP.PowerShell 1.11.0 PowerShell Gallery

Verifying

# Run the command to verify the installed module
Get-InstalledModule

Installation

# Run as Administrator to install for Powershell 7
Install-Module -Name Az -RequiredVersion 9.3.0 -Force -Confirm:$false
Install-Module -Name Az.DataProtection -RequiredVersion 1.0.1 -Force -Confirm:$false
Install-Module -Name ImportExcel -RequiredVersion 7.7.0 -Force -Confirm:$false
Install-Module -Name PnP.PowerShell -RequiredVersion 1.11.0 -Force -Confirm:$false
# Run as Administrator to install for Powershell 5.1
Install-Module -Name AzureAD -RequiredVersion 2.0.2.140 -Force -Confirm:$false
Install-Module -Name ImportExcel -RequiredVersion 7.7.0 -Force -Confirm:$false
# Azure Cloud Shell
Install-Module -Name ImportExcel -RequiredVersion 7.7.0 -Force -Confirm:$false
Install-Module -Name PnP.PowerShell -RequiredVersion 1.11.0 -Force -Confirm:$false

Script Parameter

  • Variable under # Global Parameter is expected to modify
  • Variable under # Script Variable is expected NOT to modify
  • Comment Login section in the script if using Connect-To-Cloud.ps1 to login Azure

Subscription Management

Most of the scripts support to retrieve information or modify configuration from multiple subscriptions. There is a simple foreach loop to iterate through the subscriptions in the scripts.

foreach ($Subscription in $Global:Subscriptions) {

}

Below are the sample command to retrieve subscription(s) which will be assigned to variable $Global:Subscriptions

# Exclude disabled or legacy subscription
$TenantId = "Tenant Id"
$Global:Subscriptions = Get-AzSubscription -TenantId $TenantId | ? {$_.State -eq "Enabled" -and $_.Name -ne "Access to Azure Active Directory"}
# Get specific subscription
$TenantId = "Tenant Id"
$SubscriptionName = "Subscription Name"
$Global:Subscriptions = Get-AzSubscription -TenantId $TenantId | ? {$_.Name -like "*$SubscriptionName*"} 

Issue Log

1. AzureAD Module

Encounter error using Connect-AzureAD due to the module is not compatible with PowerShell 7

Could not load type 'System.Security.Cryptography.SHA256Cng' from assembly

Workaround

Use PowerShell 5.1

Reference

2. Azure Application Gateway with Redirection Rule

Fail to provision using following commands

# Using RedirectConfiguration
$RedirectConfiguration = New-AzApplicationGatewayRedirectConfiguration -Name "DefaultRedirectConfiguration" -RedirectType Permanent -TargetUrl "http://8.8.8.8"
$RoutingRule = New-AzApplicationGatewayRequestRoutingRule -Name "DefaultRoutingRule"-RuleType Basic -HttpListener $HttpListener -RedirectConfiguration $RedirectConfiguration -BackendHttpSettings $BackendHttpSetting

# Using RedirectConfigurationId
$RedirectConfiguration = New-AzApplicationGatewayRedirectConfiguration -Name "DefaultRedirectConfiguration" -RedirectType Permanent -TargetUrl "http://8.8.8.8" -IncludePath $false -IncludeQueryString $false
$RoutingRule = New-AzApplicationGatewayRequestRoutingRule -Name "DefaultRoutingRule"-RuleType Basic -HttpListenerId $HttpListener.Id -RedirectConfigurationId $RedirectConfiguration.Id

# Above command encounter same error message
# New-AzApplicationGateway: Resource...agw-core-prd-sea-001/redirectConfigurations/DefaultRedirectConfiguration referenced by resource...agw-core-prd-sea-001/requestRoutingRules/DefaultRoutingRule was not found. Please make sure that the referenced resource exists, and that both resources are in the same region.

Workaround

Use Azure Portal to provision

3. PnP Online

Unable to login using Connect-PnPOnline

Connect-PnPOnline:
Line |
   2 |  Connect-PnPOnline -Url $SiteURL -Credentials $Cred
     |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | AADSTS65001: The user or administrator has not consented to use the application with ID '31359c7f-bd7e-475c-86db-fdb8c937548e' named 'PnP Management Shell'. Send an interactive authorization request for this user and resource.
Trace ID: 246ce9c8-fee6-4efd-a68b-a837a9f85500
Correlation ID: 14f0e0fc-0bd6-44ec-beff-2af5f2472622
Timestamp: 2022-05-31 03:43:47Z
Connect-PnPOnline: Cannot find certificate with this thumbprint in the certificate store.

Solution

Refer to provided links to register the service principle with proper API permission assigned

4. Azure Automation Runbooks Job

Turning into suspended mode when adding file to Sharepoint

Solution

Refer to provided links to register the service principle with proper API permission assigned

Appendix

1. Disable warning messages in Azure PowerShell

# Disable breaking change warning messages
Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings -Value "true"

# SuppressAzurePowerShellBreakingChangeWarnings Variable may not work for specific Az command, add Common Parameters 'WarningAction' instead
# Example
Get-AzMetric -ResourceId $ResourceId -MetricName 'storage' -WarningAction SilentlyContinue

Reference

2. Enable Azure Preview Feature

Allow updating Virtual Network Address Space without remove peering

# Verify AllowUpdateAddressSpaceInPeeredVnets is registered per Subscription 
az feature show --namespace "Microsoft.Network" --name "AllowUpdateAddressSpaceInPeeredVnets"

# Register AllowUpdateAddressSpaceInPeeredVnets per Subscription 
az feature register --namespace "Microsoft.Network" --name "AllowUpdateAddressSpaceInPeeredVnets"

# Once 'AllowUpdateAddressSpaceInPeeredVnets' is registered, invoke to get the change propagated
az provider register -n Microsoft.Network

Managed Disk with Zone redundant

# Register
Register-AzProviderFeature -FeatureName "SsdZrsManagedDisks" -ProviderNamespace "Microsoft.Compute" 

# Verify
Get-AzProviderFeature -FeatureName "SsdZrsManagedDisks" -ProviderNamespace "Microsoft.Compute"  

Image and Snapshot with Zone redundant

# Register
Register-AzProviderFeature -FeatureName "ZRSImagesAndSnapshots" -ProviderNamespace "Microsoft.Compute" 

# Verify
Get-AzProviderFeature -FeatureName "ZRSImagesAndSnapshots" -ProviderNamespace "Microsoft.Compute"  

3. Differences between Windows PowerShell 5.1 and PowerShell 7.x

Multi-threading

All scripts with Multi-threading Capability (Mainly apply to Well-Architected scripts) require PowerShell v7.* by using Pipeline parallelization with ForEach-Object -Parallel

Reference

Get-WmiObject

WMI cmdlets have been replaced with the CIM cmdlets

# Example
Get-CimInstance -ClassName <ClassName>

Reference