PowerShell modul for Azure Blueprint

Today Microsoft releasted the first powershell module for Azure blueprints (at long last ūüôā ).

This first version 0.1.0, has some basic commands like “Get-AzBlueprint”, “Get-AzBlueprintAssignment” , “Remove-AzBlueprintAssignment”, “Set-AzBlueprintAssignment” and “New-AzBlueprintAssignment”.

To install the new module, just do a “install-module -Name az.blueprint”, you will need new Azure PowerShell Az module

To do a Blueprint assigment you would do something like this :

$blueprintName = “TestBluePrint2”
$subscriptionId = “00000000-1111-0000-1111-000000000000″‘
$AssignmentName = “BP-Assignment”
$myBluerpint = Get-AzBlueprint -Name $blueprintName -LatestPublished
$rg = @{ResourceGroup=@{name=’RG-BP-TEST1′}}

New-AzBlueprintAssignment -Name $AssignmentName -Blueprint $myBluerpint -SubscriptionId $subscriptionId -Location “West US” -ResourceGroupParameter $rg

This is a simple Blueprint that creates a resource group and nothing more.

If you want to use a managed identity you just add -UserAssignedIdentity “/subscriptions/00000000-1111-0000-1111-0000000 00000/resourceGroups/my-resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/my-user-defined-identity” the default is to use system-assigned identity.
If your blueprint uses parameter eg. in a ARM template, then you can use the -Parameter @{P1=”v1″; P2=”v2″} parameter.

I think this is a great tool for deploying Azure blueprint and I will be following this closely.

Powershell CmdLet not found in Azure Automation Runbook

Update modules in Azure automation account, this is a reminder (to self) that every time you create a Azure automation account it needs to be updated. Note : “Before updating your Azure modules it’s recommended that you update them in a test Automation Account to ensure that your existing scripts work as expected before updating your Azure modules.”


Windows 10 Fall Creators Update comes with SSH build-in – Is putty dead?

¬†Today I found out that Windows 10 Fall Creators Update (10.0.16299), come with a new optional feature, OpenSSH! To install this go to Settings App¬†> Apps¬†> Settings & Apps¬†> Manage Optional Features¬†> Add Feature and select the OpenSSH Client Beta. After installing you can type SSH in a command prompt to use SSH “native” in windows 10. Nice feature Microsoft. I will definitely use this, but I think that putty offers some other functionality that I cannot find in OpenSSH.

ATP safe links has been extended to iOS and Android mobile devices

A new feature of Office 365 Advanced Threat Protection, can help protect your organization from malicious links used in phishing, malware, and other cyber threats. When enabled, this update will provide users with time-of-click protection for links that are inside their Word documents, Excel spreadsheets, and PowerPoint presentations when they access them through iOS and Android devices. To Enable this, just go to the Security & Compliance Admin center, navigate to threat management\policy\safe links, under ‚ÄėPolicies that apply to the entire organization, click ‚ÄėDefault‚Äô and Edit it. Check the ‚ÄėOffice ProPlus on Windows, Office for iOS and Android‚Äô checkbox to enable the feature. All done!

Update management, inventory, and change tracking in Azure Automation

¬†It is now possible in Azure Automation to use update management, inventory, and change tracking directly from the Azure VM. One of the cool things I found was the ability to create scheduled deployment of windows updates within a defined maintenance windows. You can see the status of update deployment directly on the VM, just like you can in OMS. Nice work Azure Team. All this is still in Preview, but I suspect it will go GA soon. ūüôā
 For more about the new Update management, inventory, and change tracking in Azure Automation see this blog post from the Azure team, and the Microsoft doc on how to set this up.

Public preview: PowerShell in Azure Cloud Shell

PowerShell in Azure Cloud Shell is now available in public preview. Azure Cloud Shell is a Microsoft-managed admin machine running on Azure, for Azure. It enables you to:
  • Choose to use a PowerShell experience in Cloud Shell as an alternative to the existing Bash experience (also in public preview) while retaining the benefits of Cloud Shell, including:
    • Authenticated access to Azure from virtually anywhere.
    • A¬†shell maintained and updated by Microsoft that comes equipped with commonly used CLI tools.
    • Language support for several popular programming languages.
    • The ability to persist data across sessions in attached Azure File storage.
  • Browse and discover all your Azure resources by using a familiar file-system-like navigation with Azure drive (Azure:).
  • Edit PowerShell scripts in VIM with built-in syntax highlighting and IntelliSense for PowerShell files.
  • Add new commands from PowerShell Gallery that will persist across your Cloud Shell sessions.
Learn more about Cloud Shell by visiting the Cloud Shell documentation, and try it from the Azure portal. Azure Shell Powershell

Howto sync msExchHideFromAddressLists attribute to Office 365

¬†So today I had a customer witch has move there On-prem Exchange to Office 365 (Exchange online). The old Exchange server was long gone and therefore not more Exchange management tools. The customer wanted to hide a user form the global address list (GAL), and had found the msExchHideFromAddressLists attribute in the attribure editor on that user and set it to “TRUE”. However in the user still was showing up in the GAL.
 User properties
When I ran the PowerShell command to see the state of the msExchHideFromAddressLists attribute “get-Mailbox -Identity user@domain.dk | fl HiddenFromAddressListsEnabled” I the result : “HiddenFromAddressListsEnabled : False” back, witch was not what I where looking for. After some poking around I found a post on a MS forum, talking about this and it turned out the “msExchHideFromAddressLists attribute” was not being synced at all and it should be added to the Synchronization rule. You can do this with the “Synchronization Rules Editor” witch can by found on the server with Azure AD Connect install.
 Sync Ruld Editor
In the “Inbound” rule select “in from AD – User Common” click Edit and “No” to continue editing the current rule.
Sync Ruld Editor

Add msExchHideFromAddressLists attribute

Then select “Transformations” and click “Add Transformation” The new transformation should be : FlowType=Direct, Target Attribute=msExchHideFromAddressLists and Source=msExchHideFromAddressLists. Merge type=update. Then click Save. Now from Powershell, on the server with Azure AD Connect sync installed, type “Start-ADSyncSyncCycle -PolicyType Delta” and wait (I waited about 5-8 min.) for the update to take effect. You can the “get-Mailbox -Identity user@domain.dk | fl HiddenFromAddressListsEnabled” command, this should result in: “HiddenFromAddressListsEnabled : True”.
I hope you can use this information and thank you for reading. Leave comment below and have a nice day!

Azure Active Directory Application Proxy Connector Ports Test Tool

Here is a cool tool for trubleshooting connection to Azure AD. https://aadap-portcheck.connectorporttest.msappproxy.net/      

Monitoring VMware with Azure OMS

Im using a Ubuntu server for my setup, there is no requirements for ubuntu linux, it just happens to be the one I’m most familiar with.

Setup syslog forwarding on ESXi Host

First step in setting up the Azure OMS VMware monitoring solution it to setup syslog forwarding from the ESXi host to the Linux ‚Äúproxy‚ÄĚ. This is done through the VMware Web client. Login to the Web client and navigate to -> Host -> Manage under the ‚ÄúAdvanced Settings‚ÄĚ you will find the ‚ÄúSyslog.global.logHost‚ÄĚ. Click Edit and then you need to insert ‚Äútcp://ip-address-of-linux-server:1514‚ÄĚ and click save.

Allow outbound traffic on ESXi host

Now it is time to allow outgoing syslog traffic from the ESXi host to the Linux box. This is also done from the web client. Navigate to the ‚ÄúNetworking‚ÄĚ section and under syslog¬†select syslog and click the action button and then click enable.

Setup Linux ‚Äúproxy‚ÄĚ server (Ubuntu) Install OMS agent Installing the OMS agent is very easy. Login to the OMS portal and navigate to the settings. Under the ‚ÄúConnected Sources‚ÄĚ select the ‚ÄúLinux servers‚ÄĚ. Click the copy button under the “DOWNLOAD AND ONBOARD AGENT FOR LINUX”. Next logon to the linux server via ssh and paste in the commandline you just copied and hit enter.
Setup inbound firewall
Viewing data in Azure VMware Monitoring solution

How to get one year Azure credits for free

Update: You can also get this benefit with Microsoft IT Pro Cloud Essentials Here is a quick tip if you want to setup a test lab or some test development i Azure for free. Normally you can get a 30 day Free Azure trial subscription¬†but what if you want to test for more then one month? Azure is a big topic and will take most more then one¬†month to test out. Good new! Microsoft have a 1 year free Azure subscription as well. There are some limitations but all in all I think that it perfect for testing in my lab.What you need to get the free subscription is:  
  • An Azure Account (If this you first time testing/trying Azure, I will recommend signing up for the free 30 day trial first and then add this one year free subscription when the trial runs out.)
  • Sign up for a free “Visual Studio Dev Essentials” account. BTW: You also get free 3 months¬†pluralsight access here as well.
  Go the the “Visual Studio Dev Essentials” site and sign up with you’r Microsoft account (This is the same account you use for Azure) Then you can claim the $25 azure credit per month for one year. Now you can use the free credits to test all the great things in Azure :-). One limitation I have see is that not all locations are supported eg. I live in North Europe and wanted to use the datacenter here, but was limited to the West Europe datacenter, not a show stopper but a thing to note. ūüôā   I hope you can use this post for some free testing in Azure. Leave a comment below and let me know what you think.
 Dev Essintials
Dev Essentials
 Not all