Plugging the Gaps in Azure Policy – Part Two

Introduction

Welcome to the second and final part of my blogs on how to plug some gaps in Azure Policy. If you missed part one, this second part isn’t going to be a lot of use without the context from that, so maybe head on back and read part one before you continue.

In part one, I gave an overview of Azure Policy, a basic idea of how it works, what the gap in the product is in terms of resource evaluation, and a high-level view of how we plug that gap.… [Keep reading] “Plugging the Gaps in Azure Policy – Part Two”

Plugging the Gaps in Azure Policy – Part One

Introduction

Welcome to the first part of a two part blog on Azure Policy. Multi-part blogs are not my usual style, but the nature of blogging whilst also being a full time Consultant is that you slip some words in when you find time, and I was starting to feel if I wrote this in a single part, it would just never see the light of day. Part one of this blog deals with the high-level overview of what the problem is, and how we solved it at a high level, part two will include the icky sticky granular detail, including some scripts which you can shamelessly plagiarise.… [Keep reading] “Plugging the Gaps in Azure Policy – Part One”

Display dropdown selection list on AD FS 4.0 Home Realm Discovery page

On AD FS 2.0 or 3.0 home realm discovery page, there was an option to select the AD FS namespace from a dropdown list. But in AD FS 4.0 it has been changed to HTML DIVs and sometimes it can be annoying if you have many (100s) of claims provider trusts available to choose from. So there is a customization required to change the HTML DIVs selection to a dropdown list selection.
Before doing the customizations, the HRD page selection section looks like:

In AD FS 4.0 this customization can be done in an “onload.js”… [Keep reading] “Display dropdown selection list on AD FS 4.0 Home Realm Discovery page”

The quickest way to create new VMs in Azure from existing VM snapshots, mostly with PowerShell

There’s probably multiple ways to do this, both right and wrong, but, here’s a process that I’ve been using for a while that I’ve recently tweaked to take advantage of new Azure Managed Disks.

Sidebar – standard managed disk warning

Before I go on though, I wanted to issue a quick warning about the differences between standard unmanaged and managed disks. Microsoft will be pushing you to you Managed Disks more and more. Yes, its a great feature that makes the management of VM disks simpler.

[Keep reading] “The quickest way to create new VMs in Azure from existing VM snapshots, mostly with PowerShell”

Create a new Active Directory Forest using Desired State Configuration

Originally posted on Nivlesh’s blog @ nivleshc.wordpress.com

Desired State Configuration (DSC) is a declarative language in which you state “what” you want done instead of going into the nitty gritty level to describe exactly how to get it done. Jeffrey Snover (the inventor of PowerShell) quotes Jean-Luc Picard from Star Trek: The Next Generation to describe DSC – it tells the servers to “Make it so”.

In this blog, I will show you how to use DSC to create a brand new Active Directory Forest.… [Keep reading] “Create a new Active Directory Forest using Desired State Configuration”

Passing Parameters to Linked ARM Templates

Recently, my workmate Vic wrote some great posts regarding to Azure Linked Templates. This is, a supplementary post to his ones, to show how to share parameters across the linked templates.

Scripts and templates used in this post can be found at: https://github.com/devkimchi/Linked-ARM-Templates-Sample

parametersLink and parameters Properties

We have a master template, master-deployment.json, and it looks like:

Each nested template has a parameter called environment that has the same value as the one in the master template.… [Keep reading] “Passing Parameters to Linked ARM Templates”

Adding/Removing User Office365 Licences using PowerShell and the Azure AD Graph RestAPI

In a recent blog post here I posted about the Azure AD v2.0 Preview Powershell cmdlets that are currently in preview. These update the functionality the current MSOL cmdlets provide whilst also supporting features they don’t (such as managing users with MFA).

The Azure AD v2.0 cmdlets interface with the Azure AD Graph API and this week I tried using the Set-AzureADUserLicense cmdlet to add/remove licenses from users in a test tenant. With no sample documentation for syntax I didn’t kick any goals so I figured I’d just go straight to using the Azure AD Graph API to get the job done direct from Powershell instead.… [Keep reading] “Adding/Removing User Office365 Licences using PowerShell and the Azure AD Graph RestAPI”

Entity Framework 7 Data Migration through KUDU

From DevOps perspective, everything needs to be automated in regards to application setup and deployment. There’s no exception for database migration. If database schema change occurs, it should be automatically applied before/after the application deployment. Unlike Entity Framework 6.x using PowerShell cmdlets for database migration, Entity Framework 7 (EF7) uses DNX for it.

Applying Database Migration with EF7

In EF7, updating database change can be done by running the following command:

[Keep reading] “Entity Framework 7 Data Migration through KUDU”

Simultaneously Start|Stop all Azure Resource Manager Virtual Machines in a Resource Group

Problem

How many times have you wanted to Start or Stop all Virtual Machines in an Azure Resource Group ? For me it seems to be quite often, especially for development environment resource groups. It’s not that difficult though. You can just enumerate the VM’s then cycle through them and call ‘Start-AzureRMVM’ or ‘Start-AzureRMVM’. However, the more VM’s you have, that approach running serially as PowerShell does means it can take quite some time to complete.… [Keep reading] “Simultaneously Start|Stop all Azure Resource Manager Virtual Machines in a Resource Group”

Azure Internal Load Balancing – Setting Distribution Mode

I’m going to start by saying that I totally missed that the setting of distribution mode on Azure’s Internal Load Balancer (ILB) service is possible. This is mostly because you don’t set the distribution mode at the ILB level – you set it at the Endpoint level (which in hindsight makes sense because that’s how you do it for the public load balancing too).

There is an excellent blog on the Azure site that covers distribution modes for public load balancing and the good news is that they also apply to internal load balancing as well.… [Keep reading] “Azure Internal Load Balancing – Setting Distribution Mode”