Azure Powershell
| What | Where |
|---|---|
| Official Page | |
| Source | |
| Download | |
| Install |
Login
If on Linux, start Powershell in bash with pwsh.
Login to azure:
Connect-AzAccount
Get-AzContext
Use device code to login:
Connect-AzAccount -Tenant <tenantID> -UseDeviceAuthentication
Useful Information
Images
Get-AzImage -ResourceGroupName 'ResourceGroup01' -ImageName 'Image01'
Helpers
Get any tenant ID when providing a name:
if(($result = Read-Host "Enter a tenant name you want the tenant ID of: ") -eq ''){"You need to add a tenant name"}else{Write-Host('TenantID: ' + (Invoke-WebRequest https://login.windows.net/$result.onmicrosoft.com/.well-known/openid-configuration|ConvertFrom-Json).token_endpoint.Split('/')[3])}
You can't rename a resource group but you can move it:
Get-AzureRmResource -ResourceGroupName <sourceResourceGroupName> | Move-AzureRmResource -DestinationResourceGroupName <destResourceGroupName>
Powershell GUI (GridView) to (in this example) have the user select the correct storag account:
$storageAccount = Get-AzStorageAccount | Out-GridView -Title "Select StorrageAccount" -OutputMode Single
$storageAccountName = $storageAccount | Select-Object -ExpandProperty StorageAccountName
Resource Providers
Make sure all resource providers required are activated/registered: Source: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types
Get-AzureRmResourceProvider -ListAvailable | where {$_.RegistrationState -eq "Registered"} | Select ProviderNamespace, RegistrationState
To register a specific resource provider run the following Powershell command:
Register-AzureRmResourceProvider -ProviderNamespace ResourceProvider.Name
Snippets
Find unused Resources
foreach ($subscription in (Get-AzSubscription | Where-Object { $_.State -eq "Enabled" } | Select-Object -expandproperty id)) {
Set-AzContext -subscriptionId $subscription
Get-AzPublicIpAddress | Where-Object { $_.ipaddress -eq "Not Assigned" } | Select-Object name, PublicIpAllocationMethod, PublicIpAddressVersion | Format-Table
}
Virtual Machine
Encrypt VM
Short example on how to encrypt a VM
Function EncryptVM($KeyVault,$KeyName,$VM){
$kv = Get-azKeyVault -VaultName $KeyVault
$key = Get-Azkeyvaultkey -Name $KeyName -VaultName $KeyVault
Set-AzVmDiskEncryptionExtension -ResourceGroupName $kv.ResourceGroupName -DiskEncryptionKeyVaultId $kv.ResourceID -DiskEncryptionKeyVaultUrl $kv.VaultURI -VMName $VM -KeyEncryptionKeyVaultId $kv.ResourceID -KeyEncryptionKeyUrl $key.id -SkipVmBackup -VolumeType "All"
}
Check if VM is encypted
The following script is based on this documentation on how to verify the encryption status.
foreach ($subscription in (Get-AzSubscription | Where-Object { $_.State -eq "Enabled" } | Select-Object -expandproperty id)) {
Set-AzContext -subscriptionId $subscription
foreach ($resourcegroup in (Get-AzResourceGroup | Where-Object { $_.ProvisioningState -eq "succeeded" } | Select-Object -expandproperty resourcegroupname)) {
foreach ($vm in (Get-AzVM -ResourceGroupName $resourcegroup | Select-Object -expandproperty Name)) {
Write-Host("# Status on " + $vm + " in RG " + $resourcegroup)
Get-AzVMDiskEncryptionStatus -ResourceGroupName $resourcegroup -VMName $vm
}
}
}
Alternative Solution to List all VMs Disk Encryption status:
foreach ($subscription in (Get-AzSubscription | Where-Object { $_.State -eq "Enabled" } | Select-Object -expandproperty id)){
Set-AzContext -subscriptionId $subscription
$osVolEncrypted = {(Get-AzVMDiskEncryptionStatus -ResourceGroupName $_.ResourceGroupName -VMName $_.Name).OsVolumeEncrypted}
$dataVolEncrypted= {(Get-AzVMDiskEncryptionStatus -ResourceGroupName $_.ResourceGroupName -VMName $_.Name).DataVolumesEncrypted}
Get-AzVm | Format-Table @{Label="MachineName"; Expression={$_.Name}}, @{Label="OsVolumeEncrypted"; Expression=$osVolEncrypted}, @{Label="DataVolumesEncrypted"; Expression=$dataVolEncrypted}
}