I am trying to run a powershell script to deploy Azure Sentinel to a GCC high or AzureUSGovernment environment. Whenever I run the script, line 17 of my script returns an error. Below is line 17 of the script:
Set-AzSentinel -subscriptionid $subscriptionId -WorkspaceName $workspaceName.Name -Confirm:$true
This is the error message for line 17:
"Response status code does not indicate success: 404 (Not Found)."
What did I do wrong? This script works for commercial environment.
One of the workaround you can follow:
It seems it would be a environment issue Please Make sure that you have logged in to your Azure government portal through PowerShell by selecting the correct account details with subscription .
Please verify the limitation and availability for MICROSFT SENITEL as mentioned here .
NOTE:-
As Azure sentinel is generally available for Azure Government you can do the perform once you will connect with your
account.
For more information please refer this GitHub docs.
Related
I an running Azure Powershell commands where I will be adding the Network rules to storage account, diagnostic logs storage account and Keyvault and I am using the following Azure commands.
Add-AzStorageAccountNetworkRule
Add-AzKeyVaultNetworkRule
And I am getting lots of logs while executing this in my powershell. Not only these commands, but most of the Azure commands will output some logs into the powershell console, the above two are just examples.
I want to know if there is any flag that we can add at the end of the Azure powershell commands so that it won't output any logs or output minimal logs into the powershell console.
Thank you #Gaurav Mantri, For the last blog you posted. its gave the output as per op's requirement for the logs. Posting it as an answer to beneficial for other community members.
We have also tried the same using the blog to see the logs if its appear or not using pipeline with | Out-Null and can able to not getting any logs for this. Also there are another 3 ways as mentioned in that blog.
We have tried with below cmdlts:-
Add-AzStorageAccountNetworkRule -ResourceGroupName "rgname" -Name "cloudtest*****" -IPAddressOrRange "10.0.0.0/7","28.2.0.0/16" |Out-Null
PLEASE CHECK MY OUTPUT SCREENSHOT FOR REFERENCE:-
I am trying to shutdown the VM using Azure Automation Account System Managed identity option.
However I am ending up with below error.
As per the other articles it is mentioned to upgrade the module Update-ModulesInAutomationToLatestVersion but I could not update due to below error. I am not sure what is the issue in the script. Same script works with AzureRunAsConnection option without issues ( script ).I even checked with simple login with System Managed Identity it successfully login and fetches the resource group names.
I have tested the above shared script in my automation account. Below are
the couple of observations:
You need to use Connect-AzureRMAccount -Identity cmdlet instead of 'connect-AzAccount` to connect to your subscription because the rest of the script that you have written using Azure RM cmdlets.
If we use AzureRM cmdlets in your run book script the job is getting suspended stating that Azure RM is going to retired and suggesting us to use Az Module in your workflow.
You can refer to this documentation on how to migrate your PowerShell scripts automatically from AzureRM to AZ modules.
If you want to perform start/stop on your virtual Machines you can leverage the Azure Automation start/stop during the off hours feature.
According to the MICROSOFT DOCUMENTATION and looking at your script the Azure Rm module is not supported and it has been updated to the latest version of Az module.
For more information please refer the below links:-
MICROSOFT DOCUMENT|Using a system-assigned managed identity for an Azure Automation account & Troubleshoot runbook issue.
I am new to Azure Data Factory and PowerShell and trying to register Microsoft.DataFactory in Azure subscription using following command in Azure PowerShell
Register-AzureRmResourceProvider -ProviderNamespace Microsoft.DataFactory
but getting this error.
Could anyone help please
Close out your PowerShell console and reopen it. Then log back in, make sure you are on the right subscription (if you have multiple), and try the command again.
Log Into Azure:
New azure module command for that is -->
Login-AzAccount . I think the old command was --> Login-AzureRmAccount
.
I'm trying to use an azure PUBLISHSETTINGS file as a way to run powershell scripts requiring authentication without having to log in every few days. From the research I've done I assumed that if you had a publishsettings file imported into your powershell, you could run any cmdlets against any of the subscriptions that the publishsettings file contains. When I import my files and run basic cmdlets (Get-AzureVM) I get:
Get-AzureVM : Your Azure credentials have not been set up or have expired,
please run Add-AzureAccount to set up your Azure credentials.
I have no issue adding my own Azure Account to that specific powershell instance but from what I understood once I've imported the files I shouldn't have to.
Any help would be greatly appreciated.
Many thanks
I'm writing a PowerShell deployment script which automates the creation of my Azure resources and an accompanying ServicePrincipal.
Here is the code I'm using, which I've tested and works when run directly from PowerShell with the latest Azure 1.0.4 SDK module:
$ResourceGroupName = "my-resource-group"
$ADAppIdentifierUri = [string]::Concat("https://", $ResourceGroupName, ".azurewebsites.net")
# Generate a password for the AD application
$ServicePrincipalPassword = [Guid]::NewGuid().ToString().Replace("-", "")
# Create the Azure AD Application and service principal, and only assign access to our resource group
$AzureADApplication = New-AzureRmADApplication -DisplayName $ResourceGroupName -HomePage $ADAppIdentifierUri -IdentifierUris $ADAppIdentifierUri -Password $ServicePrincipalPassword
When I run this code using my ResourceGroup project deployment script in Visual Studio, I get the following error:
New-AzureRmADApplication : Unable to cast object of type 'Microsoft.Azure.TokenCloudCredentials' to type 'Microsoft.Azure.Common.Authentication.AccessTokenCredential'.
According to the stack trace the exception was raised at the start of the command New-AzureRmADApplication, so the exception is happening internally in the Azure SDK code unfortunately.
I've browsed the source code of the SDK in the following files and could not find any insight:
https://github.com/Azure/azure-powershell/blob/f803b991daa7eeeea1217238ab071c8d83de34be/src/ResourceManager/Resources/Commands.Resources/ActiveDirectory/NewAzureADApplicationCommand.cs
https://github.com/Azure/azure-powershell/blob/956d0ca795acfce67d8f142bf059ab2b8ab2c67b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClient.cs
https://www.symbolsource.org/Public/Metadata/NuGet/Project/Microsoft.Azure.Graph.RBAC/1.6.0-preview/Release/.NETFramework,Version%3Dv4.0/Microsoft.Azure.Graph.RBAC/Microsoft.Azure.Graph.RBAC/Generated/GraphRbacManagementClient.cs?ImageName=Microsoft.Azure.Graph.RBAC
I can only find one person who's encountered this same error at this link here:
https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/
However, the solution there does not make sense to me because I am not using a management certificate to authenticate, and I don't have any management certificates listed on the manage.windowsazure.com site.
This is an issue (i.e. bug) when using token based authentication with the AzureRMAD* cmdlets. When you run the script from VS, VS uses the token you have from the VS sign-in to avoid prompting for auth. To work around it, you have to run it outside of VS using credentials.
There is an internal work item tracking this but if you want to monitor progress you can file an issue here: https://github.com/Azure/azure-powershell/issues/