Plugging the Gaps in Azure Policy – Part Two

Introduction

Welcome to the second and final part of my blogs on how to plug some gaps in Azure Policy. If you missed part one, this second part isn’t going to be a lot of use without the context from that, so maybe head on back and read part one before you continue.

In part one, I gave an overview of Azure Policy, a basic idea of how it works, what the gap in the product is in terms of resource evaluation, and a high-level view of how we plug that gap.… [Keep reading] “Plugging the Gaps in Azure Policy – Part Two”

Plugging the Gaps in Azure Policy – Part One

Introduction

Welcome to the first part of a two part blog on Azure Policy. Multi-part blogs are not my usual style, but the nature of blogging whilst also being a full time Consultant is that you slip some words in when you find time, and I was starting to feel if I wrote this in a single part, it would just never see the light of day. Part one of this blog deals with the high-level overview of what the problem is, and how we solved it at a high level, part two will include the icky sticky granular detail, including some scripts which you can shamelessly plagiarise.… [Keep reading] “Plugging the Gaps in Azure Policy – Part One”

Azure Automation MS Flow Hybrid Workers SharePoint List upload CSV output

In this Blog I will discuss how to leverage SharePoint Lists as a front end using MS Flow to call Webhooks on Microsoft Azure Automation PowerShell scripts. These scripts execute via a hybrid worker to access On Premises resources. Results will be zipped and uploaded back to the SharePoint list.

Prerequisites

  • Azure Automation Subscription and Account
  • SharePoint Online / Site Collection
  • On-premises resource (Windows 2016 server) configured as Hybrid Worker
  • CredSSP needs to be enabled on hybrid Worker as Azure launches scripts as system account and some commands cannot use ‘-Credential’ )
  • Modules needed on Hybrid worker from elevated powershell run “Add-WindowsFeature RSAT-AD-PowerShell and “Install-Module SharePointPnPPowerShellOnline”
  • From Azure Import module from gallery SharePointPnPPowerShellOnline

Create SharePoint List

Create a SharePoint list as below this will be the input required for the script.… [Keep reading] “Azure Automation MS Flow Hybrid Workers SharePoint List upload CSV output”

Office 365 URLs and IP address updates for firewall and proxy configuration, using Flow and Azure Automation

tl;dr

To use Microsoft Office 365, an organisation must allow traffic to [and sometimes from] the respective cloud services via the internet on specific ports and protocols to various URLs and/or IP addresses, or if you meet the requirements via Azure ExpressRoute.… [Keep reading] “Office 365 URLs and IP address updates for firewall and proxy configuration, using Flow and Azure Automation”

Creating your own PowerShell modules for Azure Automation – Part 2

In my previous article I explained the basic steps for creating a PowerShell module that you can upload to Azure Automation. Now, being pedantic by nature, I see a lot of scripts of really poor quality and as I write modules quite regularly, I want to share some useful tips to turn a rubbish module into something significantly better.
Previously, I wrote a basic module that looks like this:

You can run the module by using the command new-compliment -name “someone”.… [Keep reading] “Creating your own PowerShell modules for Azure Automation – Part 2”

Creating your own PowerShell modules for Azure Automation – Part 1

Creating a PowerShell module is an easy way to create scripts you can use over and over again. If you Google  this you’ll find that to create a module is as simple as creating a PowerShell Script with the psm1 extension. However, that won’t work for Azure. Azure loads modules automatically, so you need to write your module to load automatically as well. To ensure a module loads correctly, you’ll need to create a module manifest file.… [Keep reading] “Creating your own PowerShell modules for Azure Automation – Part 1”

Exchange Online & Splunk – Automating the solution

NOTES FROM THE FIELD:

I have recently been consulting on, what I think is a pretty cool engagement to integrate some Office365 mailbox data into the Splunk reporting platform.
I initially thought about using a .csv export methodology however through trial & error (more error than trial if I’m being honest), and realising that this method still required some manual interaction, I decided to embark on finding a fully automated solution.
The final solution comprises the below components:

  • Splunk HTTP event collector
    • Splunk hostname
    • Token from HTTP event collector config page
  • Azure automation account
    • Azure Run As Account
    • Azure Runbook
    • Exchange Online credentials (registered to Azure automation account

I’m not going to run through the creation of the automation account, or required credentials as these had already been created, however there is a great guide to configuring the solution I have used for this customer at  https://www.splunk.com/blog/2017/10/05/splunking-microsoft-cloud-data-part-3.html[Keep reading] “Exchange Online & Splunk – Automating the solution”

Ok Google Email me the status of all vms – Part 2

First published at https://nivleshc.wordpress.com
In my last blog, we configured the backend systems necessary for accomplishing the task of asking Google Home “OK Google Email me the status of all vms” and it sending us an email to that effect. If you haven’t finished doing that, please refer back to my last blog and get that done before continuing.
In this blog, we will configure Google Home.
Google Home uses Google Assistant to do all the smarts.… [Keep reading] “Ok Google Email me the status of all vms – Part 2”

Ok Google Email me the status of all vms – Part 1

First published at https://nivleshc.wordpress.com
Technology is evolving at a breathtaking pace. For instance, the phone in your pocket has more grunt than the desktop computers of 10 years ago!
One of the upcoming areas in Computing Science is Artificial Intelligence. What seemed science fiction in the days of Isaac Asimov, when he penned I, Robot seems closer to reality now.
Lately the market is popping up with virtual assistants from the likes of Apple, Amazon and Google.… [Keep reading] “Ok Google Email me the status of all vms – Part 1”

How to create and auto update route tables in Azure for your local Azure datacentre with Azure Automation, bypassing firewall appliances

When deploying an “edge” or “perimeter” network in Azure, by way of a peered edge VNET or an edge subnet, you’ll likely want to deploy virtual firewall appliances of some kind to manage and control that ingress and egress traffic. This comes at a cost though. That cost being that Azure services are generally accessed via public IP addresses or hosts, even within Azure. The most common of those and one that has come up recently is Azure Blob storage.… [Keep reading] “How to create and auto update route tables in Azure for your local Azure datacentre with Azure Automation, bypassing firewall appliances”