Skip to content
adatum
  •  SCOM Web API
  • About adatum
Martin Ehrnst Microsoft MVP 2021 Community

Microsoft MVP 2020-2021

  • 01/07/202001/07/2020
  • by Martin Ehrnst

Almost a year has passed since I received my first MVP award in the Azure category. Although it has been a challenging year personally, and with the ongoing pandemic. I am delighted to share that I was renewed as Microsoft MVP for 2020-2021.

As things hopefully normalize I hope to get back on the community saddle, and contribute more in person and virtually.

A big thanks to my family, fantastic colleagues at Intility, and my community friends. Have a great summer!

Read more about the Microsoft Most Valuable Professional program

Share this:

  • LinkedIn
  • Twitter
Automation

Remediate Azure Policy with PowerShell

  • 11/06/202011/06/2020
  • by Martin Ehrnst

Azure Policy is there to help us with properly governed and secure infrastructure. However, Azure Policy requires management as well.

Lately, I have built a new set of policies to ensure diagnostic logs are forwarded to Azure Monitor Logs. Multiple policies and a policy initiative were deployed to multiple subscriptions and multiple customers. All this was made possible since we manage through Azure Lighthouse.

Automatic remediation of Azure Policy

The challenge faced after deploying the policy was how to remediate them. Since policies with effect ‘deployIfNotExists’ only apply to new or modified resources, I faced the job with clicking in the portal or figure out a way to do this with PowerShell.
I actually started with the portal, as I thought it would be a quick job. After doing one or two subscriptions I realized how much time I would use.

Azure policy compliance state

Given the fact that the imitative it self contained around 50 individual policies, and at the time 19 subscriptions. I figured spending some time in PowerShell was well worth it. There is also a pretty good chance I will find my self in the same situation pretty soon.

Create remediation task with PowerShell

To create a remediation task for a policy set you can use this script. It will connect to your subscription and get all non-compliant policies. Then start a policy remediation task for the individual policies.

Summary

Policies with effect “deployIfNotExist” only work for resources that are updated or created after the policy was applied. To remediate existing resources you will have to create the remediation tasks manually through the portal, or by using PowerShell (and REST API)

By the way, fellow Azure MVP Tao Yang has created everything you need in order to enable these policies your self. Please see GitHub for complete ARM templates. And please help him maintain everything by contributing.

Share this:

  • LinkedIn
  • Twitter
Conferences

IT Pro announcements from Microsoft Build

  • 20/05/202003/09/2020
  • by Martin Ehrnst

Microsoft Build is Microsoft prime developer conference, where Microsoft Ignite is the conference for your traditional IT pros. However, the traditional IT pro role has changed significantly in recent years, and Build is therefore interesting to us, and a lot of great “infrastructure” announcements were released at Build this year. Below I have picked out a few announcements I find most interesting.

Azure Resource Manager templates

ARM language improvements

Azure resource manager templates are very powerful. However, one of its Achilles heels is its verbosity. At build we got a small sneak peek on how Microsoft is looking in to improve ARM template language. Sign up here to get more information.

What-If analysis

I have deployed a lot of templates in recent years. And when I first saw a preview of the new what-if command I was thrilled. The ability to check what impact your template would make is a very important feature that is now available.

PowerShell or CLI inline in the templates

I’m not sure I like this one- the ability to actually write PowerShell or CLI scripts within ARM templates via Deployment Script is now in Public Preview.

ARM templates tend to be very complex already. And while this feature will solve a lot of issues, I am pretty sure we can manage to create a lot of new ones as well. I suggest a very humble approach to this feature.

Azure infrastructure

Azure Peering service generally available. Providing the fastest route from on-premises to your Azure resources. At first this looks like a new name for Express Route, but Azure Peering is not private. Instead it uses the largest ISPs around the world to quickly get you on Microsofts backbone.

Azure Arc enabled kubernetes

Azure Arc provides a range of capabilities for managing servers, Kubernetes, and Azure data services across clouds, datacenters, and edge locations.

Azure Arc was introduced at Microsoft Ignite in 2019. At build, Microsoft announced Arc for kubernetes in preview. With Arc for Kubernetes, we are able to use management tools in Azure like Azure policy and Azure monitor. For clusters running on-premises or in another cloud, public or private. For companies using for example RedHat OpenShift on-premises, and AKS in Azure. You can have a unified experience for both environments.

Read more about Azure Arc for kubernetes here

Azure Security and Azure AD

Azure AD now has a feature called ‘external identities’ in public preview. I’m not sure about all the news. But it seems to be a revamped Azure AD B2c. I will look more in to it later.

Azure Security Center is updated with a secure score API. To me this is great as integration to internal portals will be much easier. In other news, the ability to suppress alerts is now publicly available!

More Azure AD news can be found here

Build 2020 book of news

I will continue to update this list throughout Build and hopefully test drive some of the new features. In the meantime, you can find the complete list of Build 2020 announcements in the book of news

Share this:

  • LinkedIn
  • Twitter
Azure

Multiple Azure credentials in PowerShell

  • 06/05/202002/09/2020
  • by Martin Ehrnst

Environments in Azure are often separated into multiple subscriptions, in some cases multiple tenants. This sectioning can also result in multiple user accounts, and managing multiple Azure credentials can be challenging. Luckily, Azure PowerShell has this capability called context.

Although the documentation is solid on the topic. It doesn’t necessarily provide the backdrop for when you will need to use this feature.

A few weeks ago I had to move a set of APIs from one instance of Azure API management to another. With PowerShell contexts, I could download the API from the origin and import it to the new instance.

Connecting to multiple Azure environments using context

To hold credential information, like user and subscription. PowerShell uses context objects. By using AzContext comandlets You can have multiple Powershell Azure contexts available in the same PowerShell session. This allows for easy switching between multiple environments and profiles. Including different tenants.

Below is an example of how you can connect to multiple tenants and switch between the credentials and contexts. I recommend using friendly names which will make them easier to identify.

Azure PowerShell context

Share this:

  • LinkedIn
  • Twitter
Azure

Jumpstart your Azure Monitor journey

  • 08/04/202008/04/2020
  • by Martin Ehrnst

For the past decade, monitoring has been my main responsibility. I have had my hands on many of the enterprise monitoring systems out there, but System Center Operations Manager (SCOM) is where most of my working hours were spent. Now, I spend my time in Azure and since monitoring is relevant in public cloud as well. Azure Monitor is now my primary tool for my applications (and servers).

I know that starting off with an entirely new monitoring platform can be challenging, at best. Instead of figuring out all bits and pieces by yourself, I will introduce you to the key features of Azure Monitor, such as visualization and alerting. I will also briefly touch on the more advanced capabilities like custom log injection using Azure Monitors REST API.

After reading this you should have the basic knowledge on how to monitor your applications and servers using Azure Monitor. Details related to the various topics can be found in the official Azure Monitor documentation

Azure Monitor Martin Ehrnst

Azure Monitor Logs

Logs in Azure Monitor is backed by a Log Analytics workspace. To fully utilize Azure Monitor, a Log Analytics workspace is mandatory.

With Logs, you can extend your Azure Activity Log retention, collect and analyze Server Event Logs (both built-in and custom logs are supported). Azure Monitor Logs or Log Analytics is Microsoft equivalent to for example Splunk.

To perform analysis and query data, you use a languageĀ called KQL.

Guest blog for Nigel Frank

This is a piece written for Nigel Frank Internationals Azure Blog. Click here to continue reading this post on how to jumpstart your Azure Monitor jurney

Share this:

  • LinkedIn
  • Twitter

Posts navigation

1 2 3 … 17

Top Posts & Pages

  • Multi subscription deployment with DevOps and Azure Lighthouse
  • Azure AD authentication in Azure Functions
  • Using Azure pipelines to deploy ARM templates
  • Creating Azure AD Application using Powershell
  • HealthServiceStore.edb file growth
  • Script to add SCOM agent management group
  • Working with Azure Monitor Rest API
  • Remediate Azure Policy with PowerShell
  • Web API for System Center Operations Manager
  • Metric alerts for Azure monitor logs

Tags

agent announcements api authoring Automation Azure AzureAD AzureCloudShell AzureFunctions AzureLighthouse AzureMonitor AzureRM AzureSpringClean Community CSP database EventGrid ExpertsLive ExpertsLiveEU Integrations LogAnalytics management pack monitoring MSIgnite MSIgnite2017 MSOMS MSP nicconf OperationsManager OpsMgr Powershell ProjectHonolulu QUickPublish rest SCDPM SCOM SCOM2016 scu2016 SCVMM Serverless SquaredUP SysCtr system center Webasto WindowsAdminCenter

Follow Martin Ehrnst

  • Twitter
  • LinkedIn

RSS Feed RSS - Posts

RSS Feed RSS - Comments

Microsoft Azure MVP

Martin Ehrnst Microsoft Azure MVP

NiCE Active 365 Monitor for Azure

NiCE active 365 monitor for Azure
Adatum.no use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. Cookie Policy
Theme by Colorlib Powered by WordPress
adatum
Proudly powered by WordPress Theme: Shapely.