Azure Policies are an amazing, albeit well-hidden, feature that allow subscription administrators to define and enforce specific rules on how Azure Resources should be deployed. Azure Policies have been around for a long time, however they only became a first-class feature on Azure recently by getting a dedicated section in the portal. Therefore, when working with Azure Policies in the portal these days, you can now see all the definitions and assignments in one central place, making it easier to manage infrastructure and set explicit rules to enforce a uniform compliance TLS options in Azure App Service One of the …[read more]
Showing all posts tagged: 'PowerShell'
A 15-post collection
This is a little unknown gem that I've used a few times as I help customers secure access to their Azure Web Apps.. Traditionally, if one wants to restrict access to a website running on a VM (i.e IaaS) then they can make use of Firewalls to ensure that everything goes through a single endpoint and access is restricted. However, as we move to the cloud and further up the stack (PaaS or FaaS) we give lose some of that tight control for the benefit of using a managed service! But what if you wanted to run your website …[read more]
PowerShell is an amazing tool used heavily to manage a plethora of Windows and Microsoft services. With the release of the latest PowerShell as a cross-platform tool, this experience has been extended to Linux and MacOS as well. You can use PowerShell to do pretty much anything, from managing Windows OS features, to configuring SharePoint and SQL to executing maintenance tasks and even run code (.NET). Yes, that's right. Because PowerShell was built with code execution and extensibility in mind, you can easily import any .NET Framework APIs and work directly with them embedding C# code inside your scripts. In …[read more]
I wanted to figure out how to obtain a list of all Resource Based Access ControlRBAC permissions for all the resources in one of my Azure subscription. This is a great way for Azure administrators to run reports that can quickly identify any issues with wrongly assigned permissions. To do this quickly and efficiently while automating the whole process I'll use PowerShell. The PoSH script is fairly straightforward and only requires a few steps: Login to Azure Select the right subscription (optional, if more than one) Retrieve all resources Iterate through each one and retrieve the RBAC permissions The script …[read more]
I'm currently working on a somewhat restricted environment where we have to run SSH commands on a Windows Server. The commands are needed to configure certain settings on a Linux machine running Puppet (the orchestration tool). This is the first time I had to use this setup so, as with everything else, I had to work out how to do it - and then blog about it! For the purpose of this post, I provisioned a small Ubuntu VM on Azure in order to be able to SSH into it and prove that it's doable through PowerShell. Consider it my …[read more]