When trying to get list of all auto provisioning extensions using REST API (https://learn.microsoft.com/en-us/rest/api/defenderforcloud/auto-provisioning-settings/list?tabs=HTTP) I'm getting only the default one - Log Analytics agent/Azure Output:
"value": [
{
"id": "/subscriptions/blahblahblah/providers/Microsoft.Security/autoProvisioningSettings/default",
"name": "default",
"type": "Microsoft.Security/autoProvisioningSettings",
"properties": {
"autoProvision": "On"
}
}
]
}
Does anyone have an idea how to get the other auto provisioning extensions state?
Vulnerability assessment for machines
Microsoft Defender for Containers components.
UI representation of auto-provisioning extensions
Related
I am able to enable audit diagnostic settings for aks using arm(below snippet inside arm )but the same way have enable the same in all resources in node resource group like network security group and vitual machine scale set.
"resources": [
{
"condition": "[parameters('audit_enable')]",
"type": "Microsoft.ContainerService/managedClusters/providers/diagnosticSettings",
"apiVersion": "2021-05-01-preview",
"name": "[clustername]",
"dependsOn": [
"[resourceId('Microsoft.ContainerService/managedClusters', clutername)]"
],
"properties": {
"storageAccountId": "[variables('storageAccountId')]",
"logs": [
{
"categoryGroup": "allLogs",
"enabled": true,
"retentionPolicy": {
"days": 30,
"enabled": true
}
}
],
"metrics": [
{
"category": "AllMetrics",
"enabled": true,
"retentionPolicy": {
"days": 30,
"enabled": true
}
}
]
}
}
]
Below statements are based on our observations & Azure Documentations. We have tested in our local environment by creating a virtual machine scale set & tried enabling the diagnostic setting for it Unfortunately we dont have diagnostics setting feature for virtual machine scale sets.
Here is the output screenshot for reference:
As per the Azure documentation, Azure Diagnostics agent is available for virtual Machine only.
Azure Diagnostics extension collects monitoring data from the guest operating system and workloads of Azure virtual machines and other compute resources. It primarily collects data into Azure Storage but also allows you to define data sinks to also send data to other destinations such as Azure Monitor Metrics and Azure Event Hubs.
Here is the reference documentation to create the diagnostics setting for a virtual machine using arm template.
We tried searching for sample arm templates to create the diagnosticsetting for network security group unfortunately we didnt found any Would suggest you to go this documentation of basic arm template to create the diagnostic settings & make the changes accordingly to your requirement.
You can also refer the ARM templates samples for diagnostic settings in Azure monitor.
I want to make an automation process where every vm should connect with a log analytics workspace. So can anyone please help me, how do I connect a VM with log analytics workspace via REST API or Nodejs SDK ?
or
How do I enable virtual machine Insight through REST API or Nodejs SDK ?
How do I enable virtual machine Insight through REST API or Nodejs SDK
?
You can manage to do it with virtual Machine Extensions to enable the following agents.
Log Analytics agent. the VM extension for Windows and Linux.
Dependency agent. the VM extension for Windows and Linux.
Also, Before a Log Analytics workspace can be used with VM insights, it must have the VMInsights solution installed. Read Configuring VM insights.
For example, I click the green try it button in this REST API Virtual Machine Extensions - Create Or Update and provide my parameters and body to call this API.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/virtualMachines/{vmName}/extensions/{vmExtensionName}?api-version=2020-12-01
The requests body like this for windows VM will be deployed in order.
Deploy MicrosoftMonitoringAgent
{
"location": "<location>",
"properties": {
"publisher": "Microsoft.EnterpriseCloud.Monitoring",
"type": "MicrosoftMonitoringAgent",
"typeHandlerVersion": "1.0",
"autoUpgradeMinorVersion": "true",
"settings": {
"workspaceId": "<workspaceId>",
"stopOnMultipleConnections": "true"
},
"protectedSettings": {
"workspaceKey": "<workspaceKey>"
}
}
}
Once the above extension is provisioned, you can deploy DependencyAgentWindows.
{
"location": "<location>",
"properties": {
"publisher": "Microsoft.Azure.Monitoring.DependencyAgent",
"type": "DependencyAgentWindows",
"typeHandlerVersion": "9.5",
"autoUpgradeMinorVersion": "true",
"settings": {
"workspaceId": "<workspaceId>"
},
"protectedSettings": {
"workspaceKey": "<workspaceKey>"
}
}
}
I am developing an Azure DevOps extension. Experimenting with the DevOps UI extension sample raises a question for me. I enabled the Preview features in Azure DevOps having a more fancy UI. Azure default hubs and hub groups like Tests, Repos and so on do have a nice coloured icons in the menu bar. Whereas my custom Sample UI do not. They are just grey. And it looks like I cannot manifest icons for my custom hubs and hub groups. Anybody here who knows more about this issue?
Follow this guide will most likley solve your problem
Make sure your vss.extension.json file follow this pattern:
{
"id": "my-extension",
"publisherId": "my-publisher",
...
"contributions": [
{
"id": "example-hub",
"type": "ms.vss-web.hub",
"targets": [
"ms.vss-code-web.code-hub-group"
],
"properties": {
"name": "My Hub",
"iconAsset": "my-publisher.my-extension/images/fabrikam-logo.png",
"_sharedData": {
"assets": [
"my-publisher.my-extension/images/fabrikam-logo.png"
]
}
}
}
],
"files": [
{
"path": "images/fabrikam-logo.png",
"addressable": true
}
]
}
I have one web app running on a Azure appservice plan. The web app has a lot of settings defined in Application settings of the Web App. Now I want to replicate that web app with all its Application settings. I got the REST API to list down all the settings available for any web app (/api/settings). Although there is a POST call to add/update the settings , But it is not updating Application settings.
Is there any REST API to add/update the Application settings of Azure web app ?
Thanks,
Abhiram
Is there any REST API to add/update the Application settings of Azure web app ?
Yes, we could update the application setting with the following Update Application Settings REST API
Put https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resource group}/providers/Microsoft.Web/sites/{WebAppName}/config/appsettings?api-version=2016-08-01
Body
{
"id": "subscriptions/{subscriptionId}/resourceGroups/{resource group}/providers/Microsoft.Web/sites/{WebAppName}/config/appsettings",
"name": "appsettings",
"type": "Microsoft.Web/sites/config",
"location": "South Central US",
"tags": {
"hidden-related:/subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Web/serverfarms/tomfreePlan": "empty"
},
"properties": {
"WEBSITE_NODE_DEFAULT_VERSION": "6.9.1",
"Test1": "testValue1" //Added value
}
}
Note: we could use the following List Application Settings REST API post way to list the appsetting body.
Post https://management.azure.com/subscriptions/{subscription}/resourceGroups/CXP-{resourceGroup}/providers/Microsoft.Web/sites/{WebAppName}/config/appsettings/list?api-version=2016-08-01
To my knowledge, there is not. But have you considered scripting your Web App settings with an ARM template? This is exactly the kind of thing that ARM templates are intended for.
An example of the properties section of a Web App's ARM template that lets you script appSettings and connectionStrings is listed below:
"properties": {
"name": "YourWebAppsName",
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', YourAppServicePlanName)]",
"siteConfig": {
"appSettings": [
{
"name": "someAppSettingKey",
"value": "someAppSettingValue"
},
{
"name": "someOtherAppSettingKey",
"value": "someOtherAppSettingValue"
}
],
"connectionStrings": [
{
"name": "defautlConnection",
"connectionString": "YourConnectionString",
"type": "2"
},
]
}
When you deploy an ARM template, Azure will ensure that the target resource's settings match what's specified in your template.
Visual Studio has a project type for developing and deploying these. It's the Azure Resource Group project type located under the Cloud node in the project templates.
As an added bonus, you can check these ARM templates into source control alongside your code.
Every tutorial and resource I've seen has you create a SendGrid account through the GUI, but I want to be able to use the cli. Is it possible?
Something like:
az sendgrid create
Although you cannot create a SendGrid account using Azure Cli, you can create one using an ARM template, as following
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"name": {
"type": "string"
},
"location": {
"type": "string"
},
"plan_name": {
"type": "string"
},
"plan_publisher": {
"type": "string"
},
"plan_product": {
"type": "string"
},
"plan_promotion_code": {
"type": "string"
},
"password": {
"type": "secureString"
},
"email": {
"type": "string"
},
"firstName": {
"type": "string"
},
"lastName": {
"type": "string"
},
"company": {
"type": "string"
},
"website": {
"type": "string"
},
"acceptMarketingEmails": {
"type": "string"
}
},
"resources": [
{
"apiVersion": "2015-01-01",
"name": "[parameters('name')]",
"type": "Sendgrid.Email/accounts",
"location": "[parameters('location')]",
"plan": {
"name": "[parameters('plan_name')]",
"publisher": "[parameters('plan_publisher')]",
"product": "[parameters('plan_product')]",
"promotionCode": "[parameters('plan_promotion_code')]"
},
"properties": {
"password": "[parameters('password')]",
"acceptMarketingEmails": "[parameters('acceptMarketingEmails')]",
"email": "[parameters('email')]",
"firstName": "[parameters('firstName')]",
"lastName": "[parameters('lastName')]",
"company": "[parameters('company')]",
"website": "[parameters('website')]"
}
}
]
Then you can use az group deployment create to provision your template.
but I want to be able to use the cli. Is it possible?
As far as I know, azure doe not support create sendgrid via CLI at this time.
C:\Users>az --help
For version info, use 'az --version'
Group
az
Subgroups:
account : Manage subscriptions.
acs : Manage Azure Container Services.
ad : Synchronize on-premises directories and manage Azure Active Directory resources.
appservice: Manage your Azure Web apps and App Service plans.
batch : Manage Azure Batch.
cloud : Manage the registered Azure clouds.
component : Manage and update Azure CLI 2.0 (Preview) components.
container : Set up automated builds and deployments for multi-container Docker applications.
disk : Manage Azure Managed Disks.
documentdb: Manage your Azure DocumentDB (NoSQL) database accounts.
feature : Manage resource provider features, such as previews.
group : Manage resource groups and template deployments.
image : Manage custom Virtual Machine Images.
iot : Connect, monitor, and control millions of IoT assets.
keyvault : Safeguard and maintain control of keys, secrets, and certificates.
lock : Manage Azure locks.
network : Manages Azure Network resources.
policy : Manage resource policies.
provider : Manage resource providers.
redis : Access to a secure, dedicated cache for your Azure applications.
resource : Manage Azure resources.
role : Use role assignments to manage access to your Azure resources.
snapshot : Manage point-in-time copies of managed disks, native blobs, or other snapshots.
sql : Manage Azure SQL Databases and Data Warehouses.
storage : Durable, highly available, and massively scalable cloud storage.
tag : Manage resource tags.
vm : Provision Linux or Windows virtual machines in seconds.
vmss : Create highly available, auto-scalable Linux or Windows virtual machines.
Commands:
configure : Configure Azure CLI 2.0 Preview or view your configuration. The command is
interactive, so just type `az configure` and respond to the prompts.
feedback : Loving or hating the CLI? Let us know!
find : Find Azure CLI commands based on a given query.
login : Log in to access Azure subscriptions.
logout : Log out to remove access to Azure subscriptions.
No, it's not possible.
Here you can see all available commands: https://learn.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest