Integrate API Management in an internal VNET with Application Gateway - azure

I developed PowerShell script based on the following manual Integrate API Management in an internal VNET with Application Gateway https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-integrate-internal-vnet-appgateway
##log in to the Azure account
Connect-AzAccount
##Create Resource group
New-AzResourceGroup -Name Network -Location westeurope
New-AzResourceGroup -Name Security -Location westeurope
New-AzResourceGroup -Name Application -Location westeurope
##Create DDOS protection plan
$ddosProtectionPlan = New-AzDdosProtectionPlan -ResourceGroupName Security -Name DdosProtectionPlanName -Location "westeurope"
##create the subnet
$appgatewaysubnet = New-AzVirtualNetworkSubnetConfig -Name "apim01" -AddressPrefix "10.0.0.0/24"
$apimsubnet = New-AzVirtualNetworkSubnetConfig -Name "apim02" -AddressPrefix "10.0.1.0/24"
##create the VNet
$vnet = New-AzVirtualNetwork -Name "appgwvnet" -ResourceGroupName Network -Location westeurope -AddressPrefix "10.0.0.0/16" -Subnet $appgatewaysubnet,$apimsubnet -DdosProtectionPlanId $ddosProtectionPlan.Id
##Assign a subnet variable
$appgatewaysubnetdata = $vnet.Subnets[0]
$apimsubnetdata = $vnet.Subnets[1]
##Create an API Management Virtual Network object using the subnet $apimsubnetdata
$apimVirtualNetwork = New-AzApiManagementVirtualNetwork -SubnetResourceId $apimsubnetdata.Id
##Create an API Management service inside the Virtual Network
$apimServiceName = "starAPImanagment123" # API Management service instance name
$apimOrganization = "star" # organization name
$apimAdminEmail = "aanwar#ejada.com" # administrator's email address
$apimService = New-AzApiManagement -ResourceGroupName Application -Location westeurope -Name $apimServiceName -Organization $apimOrganization -AdminEmail $apimAdminEmail -VirtualNetwork $apimVirtualNetwork -VpnType "Internal" -Sku "Developer"
##Test
$gatewayHostname = "api.star.net" # API gateway host
$portalHostname = "portal.star.net" # API developer portal host
$proxyHostnameConfig = New-AzApiManagementCustomHostnameConfiguration -Hostname $gatewayHostname -HostnameType Proxy
$portalHostnameConfig = New-AzApiManagementCustomHostnameConfiguration -Hostname $portalHostname -HostnameType DeveloperPortal
$apimService.ProxyCustomHostnameConfiguration = $proxyHostnameConfig
$apimService.PortalCustomHostnameConfiguration = $portalHostnameConfig
Set-AzApiManagement -InputObject $apimService
##Create a public IP
$publicip = New-AzPublicIpAddress -ResourceGroupName Network -name "publicIP01" -location westeurope -AllocationMethod Dynamic
##Create an application gateway IP configuration in the back-end IP pool
$gipconfig = New-AzApplicationGatewayIPConfiguration -Name "gatewayIP01" -Subnet $appgatewaysubnetdata
##Configure the front-end IP port for the public IP endpoint
$fp01 = New-AzApplicationGatewayFrontendPort -Name "port01" -Port 443
$fipconfig01 = New-AzApplicationGatewayFrontendIPConfig -Name "frontend1" -PublicIPAddress $publicip
##Test2
$listener = New-AzApplicationGatewayHttpListener -Name "listener01" -Protocol "Https" -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01 -HostName $gatewayHostname -RequireServerNameIndication true
$portalListener = New-AzApplicationGatewayHttpListener -Name "listener02" -Protocol "Https" -FrontendIPConfiguration $fipconfig01 -FrontendPort $fp01 -HostName $portalHostname -RequireServerNameIndication true
$apimprobe = New-AzApplicationGatewayProbeConfig -Name "apimproxyprobe" -Protocol "Https" -HostName $gatewayHostname -Path "/status-0123456789abcdef" -Interval 30 -Timeout 120 -UnhealthyThreshold 8
$apimPortalProbe = New-AzApplicationGatewayProbeConfig -Name "apimportalprobe" -Protocol "Https" -HostName $portalHostname -Path "/signin" -Interval 60 -Timeout 300 -UnhealthyThreshold 8
$apimPoolSetting = New-AzApplicationGatewayBackendHttpSettings -Name "apimPoolSetting" -Port 443 -Protocol "Https" -CookieBasedAffinity "Disabled" -Probe $apimprobe -RequestTimeout 180
$apimPoolPortalSetting = New-AzApplicationGatewayBackendHttpSettings -Name "apimPoolPortalSetting" -Port 443 -Protocol "Https" -CookieBasedAffinity "Disabled" -Probe $apimPortalProbe -RequestTimeout 180
##Configure a back-end IP address pool
$apimProxyBackendPool = New-AzApplicationGatewayBackendAddressPool -Name "apimbackend" -BackendIPAddresses $apimService.PrivateIPAddresses[0]
##Create rules for the Application Gateway
$rule01 = New-AzApplicationGatewayRequestRoutingRule -Name "rule1" -RuleType Basic -HttpListener $listener -BackendAddressPool $apimProxyBackendPool -BackendHttpSettings $apimPoolSetting
$rule02 = New-AzApplicationGatewayRequestRoutingRule -Name "rule2" -RuleType Basic -HttpListener $portalListener -BackendAddressPool $apimProxyBackendPool -BackendHttpSettings $apimPoolPortalSetting
##Configure the number of instances and size for the Application Gateway
$sku = New-AzApplicationGatewaySku -Name "WAF_Medium" -Tier "WAF" -Capacity 2
##Configure WAF to be in "Prevention" mode
$config = New-AzApplicationGatewayWebApplicationFirewallConfiguration -Enabled $true -FirewallMode "Prevention"
##Create an Application Gateway
$appgwName = "apim-app-gw"
$appgw = New-AzApplicationGateway -Name $appgwName -ResourceGroupName Network -Location westeurope -BackendAddressPools $apimProxyBackendPool -BackendHttpSettingsCollection $apimPoolSetting, $apimPoolPortalSetting -FrontendIpConfigurations $fipconfig01 -GatewayIpConfigurations $gipconfig -FrontendPorts $fp01 -Sku $sku -WebApplicationFirewallConfig $config -Probes $apimprobe, $apimPortalProbe
Get-AzPublicIpAddress -ResourceGroupNam`e Network -Name "publicIP01"`
but i got a message which i cannot understand it
cmdlet New-AzApplicationGateway at command pipeline 1
Supply values for the following parameters:
(Type !? for Help.)
HttpListeners[0]:
RwquestRoutingRules[0]:
note : i didn't put any certification in my script .
kindly advise


You need to specify also the listeners in the New-AzApplicationGateway command:
-HttpListeners $listener,$portalListener

Related

Can't create a Databricks from a powershell script

My issue
Can't create a databricks from script. Always getting this error message:
Private and public subnets should be unique for the Virtual Network
'/subscriptions/XXXX/resourceGroups/rgtest64/providers/Microsoft.Network/virtualNetworks/vnet64'.
Public subnet name: 'privsub64', Private subnet name:
| 'privsub64'
How to reproduce
Just running this script:
$location="westeurope"
$rg = "rgtest64"
$vnet = "vnet64"
New-AzResourceGroup -name $rg -Location westeurope
$dlg = New-AzDelegation -Name dbrdl -ServiceName "Microsoft.Databricks/workspaces"
$rdpRule = New-AzNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" -Access Allow `
-Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix Internet `
-SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389
$networkSecurityGroup = New-AzNetworkSecurityGroup -ResourceGroupName $rg `
-Location $location -Name nsg-test -SecurityRules $rdpRule
$privSubnet = New-AzVirtualNetworkSubnetConfig -Name privsub64 -AddressPrefix "10.0.1.0/24" `
-NetworkSecurityGroup $networkSecurityGroup -Delegation $dlg
$pubSubnet = New-AzVirtualNetworkSubnetConfig -Name pubsub64 -AddressPrefix "10.0.2.0/24" `
-NetworkSecurityGroup $networkSecurityGroup -Delegation $dlg
$testVN = New-AzVirtualNetwork -Name $vnet -ResourceGroupName $rg `
-Location $location -AddressPrefix "10.0.0.0/16" -Subnet $privSubnet,$pubSubnet
New-AzDatabricksWorkspace -Name databricks-test-with-custom-vn -ResourceGroupName $rg -Location $location `
-VirtualNetworkId $testVN.Id -PrivateSubnetName $privSubnet.Name -PublicSubnetName `
$privSubnet.Name -Sku standard
PSVersion: 7.1.3
PSEdition: Core
What I tested
I tested the script on several subscriptions.
I also tried without creating the subnets, same result.
I tested from an ARM template, same result.
It is working if I don't reference any VNET, but for internal reasons I need to impose a specific VNET.
What I need
Understanding what happen, and what to do
Everything was working until a few days ago. I don't understand
thanks

According to the error, your public subnet,s name and your private subnet name are the same. Whew we deploy Databricks workspace into vnet, the two subnets should be different. Please update your script as
New-AzDatabricksWorkspace -Name databricks-test-with-custom-vn -ResourceGroupName $rg -Location $location `
-VirtualNetworkId $testVN.Id -PrivateSubnetName $privSubnet.Name -PublicSubnetName `
$pubSubnet.Name -Sku standard
.
The whole script is as below
$location="westeurope"
$rg = "rgtest64"
$vnet = "vnet64"
New-AzResourceGroup -name $rg -Location westeurope
$dlg = New-AzDelegation -Name dbrdl -ServiceName "Microsoft.Databricks/workspaces"
$rdpRule = New-AzNetworkSecurityRuleConfig -Name rdp-rule -Description "Allow RDP" -Access Allow `
-Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix Internet `
-SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389
$networkSecurityGroup = New-AzNetworkSecurityGroup -ResourceGroupName $rg `
-Location $location -Name nsg-test -SecurityRules $rdpRule
$privSubnet = New-AzVirtualNetworkSubnetConfig -Name privsub64 -AddressPrefix "10.0.1.0/24" `
-NetworkSecurityGroup $networkSecurityGroup -Delegation $dlg
$pubSubnet = New-AzVirtualNetworkSubnetConfig -Name pubsub64 -AddressPrefix "10.0.2.0/24" `
-NetworkSecurityGroup $networkSecurityGroup -Delegation $dlg
$testVN = New-AzVirtualNetwork -Name $vnet -ResourceGroupName $rg `
-Location $location -AddressPrefix "10.0.0.0/16" -Subnet $privSubnet,$pubSubnet
New-AzDatabricksWorkspace -Name databricks-test-with-custom-vn -ResourceGroupName $rg -Location $location `
-VirtualNetworkId $testVN.Id -PrivateSubnetName $privSubnet.Name -PublicSubnetName `
$pubSubnet.Name -Sku standard

Azure Funtion: Powershell command New-AzureRmVM never returns

I've got a powershell script that I use to build a VM.
# Variables for common values
$resourceGroup = "AAA-Production3"
$location = "West US 2"
$vmName = "AAA-Prod-SVR1"
$SubnetName = "AAA-PROD-SUBNET01"
$NamevNET = "AAA-PROD-VNET"
$Namepublicdns = "AAA-PROD-ADF01-IP01"
$NameNetworkSecurityGroupRuleRDP = 'Default-allow-rdp'
$NameNetworkSecurityGroup = 'AAA-SVR1-NSG'
$NameVNic = "AAA-PROD-VNIC01"
$VMSize = 'Standard_D1_v2'
# Create user object
$cred = Get-Credential -Message "Enter a username and password for the virtual machine."
New-AzureRmResourceGroup -Name $resourceGroup -Location $location
$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig -Name $SubnetName -AddressPrefix 10.50.1.0/24
$vnet = New-AzureRmVirtualNetwork -ResourceGroupName $resourceGroup -Location $location `
-Name $NamevNET -AddressPrefix 10.50.1.0/24 -Subnet $subnetConfig
# Create a public IP address and specify a DNS name
$pip = New-AzureRmPublicIpAddress -ResourceGroupName $resourceGroup -Location $location `
-Name "$Namepublicdns$(Get-Random)" -AllocationMethod Static -IdleTimeoutInMinutes 4
# Create an inbound network security group rule for port 3389
$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig -Name $NameNetworkSecurityGroupRuleRDP -Protocol Tcp `
-Direction Inbound -Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * `
-DestinationPortRange 3389 -Access Allow
# Create a network security group
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $resourceGroup -Location $location `
-Name $NameNetworkSecurityGroup -SecurityRules $nsgRuleRDP
# Create a virtual network card and associate with public IP address and NSG
$nic = New-AzureRmNetworkInterface -Name $NameVNic -ResourceGroupName $resourceGroup -Location $location `
-SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $nsg.Id
# Create a virtual machine configuration
$vmConfig = New-AzureRmVMConfig -VMName $vmName -VMSize $VMSize | `
Set-AzureRmVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred | `
Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2016-Datacenter -Version latest | `
Add-AzureRmVMNetworkInterface -Id $nic.Id
# Create a virtual machine
New-AzureRmVM -ResourceGroupName $resourceGroup -Location $location -VM $vmConfig
Everything runs fine, but when it gets to the end, the New-AzureRmVM script never returns or exits. If I disconnect my machine from the net, I'll get a message about a long running process, but other than that, the shell appears to be locked up.
Any ideas how to get the command to exit so I can reuse the shell?

How to create and attach a Unmanged disk in Azure VM through powershell scripts? [duplicate]

I'm trying to create an Azure VM with an unmanaged disk via PowerShell since managed disks aren't supported in Azure Government yet.
None of the documentation I could find for PowerShell VM creation references managed or unmanaged disks and the default seems to be managed disks. My VM creation fails with the following error:
New-AzureRmVM : Managed Disks are not supported in this region.
ErrorCode: BadRequest
Here's the script I'm using:
$location = "USGovTexas"
New-AzureRmResourceGroup -Name myResourceGroup -Location $location
# Create a subnet configuration
$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig -Name mySubnet -AddressPrefix 192.168.1.0/24
# Create a virtual network
$vnet = New-AzureRmVirtualNetwork -ResourceGroupName myResourceGroup -Location $location `
-Name MYvNET -AddressPrefix 192.168.0.0/16 -Subnet $subnetConfig
# Create a public IP address and specify a DNS name
$pip = New-AzureRmPublicIpAddress -ResourceGroupName myResourceGroup -Location $location `
-AllocationMethod Static -IdleTimeoutInMinutes 4 -Name "mypublicdns$(Get-Random)"
# Create an inbound network security group rule for port 3389
$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig -Name myNetworkSecurityGroupRuleRDP -Protocol Tcp `
-Direction Inbound -Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * `
-DestinationPortRange 3389 -Access Allow
# Create an inbound network security group rule for port 80
$nsgRuleWeb = New-AzureRmNetworkSecurityRuleConfig -Name myNetworkSecurityGroupRuleWWW -Protocol Tcp `
-Direction Inbound -Priority 1001 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * `
-DestinationPortRange 80 -Access Allow
# Create a network security group
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName myResourceGroup -Location $location `
-Name myNetworkSecurityGroup -SecurityRules $nsgRuleRDP,$nsgRuleWeb
# Create a virtual network card and associate with public IP address and NSG
$nic = New-AzureRmNetworkInterface -Name myNic -ResourceGroupName myResourceGroup -Location $location `
-SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $nsg.Id
# Define a credential object
$cred = Get-Credential
# Create a virtual machine configuration
$vmConfig = New-AzureRmVMConfig -VMName myVM -VMSize Standard_DS2_v2 | `
Set-AzureRmVMOperatingSystem -Windows -ComputerName myVM -Credential $cred | `
Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer `
-Skus 2016-Datacenter -Version latest | Add-AzureRmVMNetworkInterface -Id $nic.Id
# Create the virtual machine
New-AzureRmVM -ResourceGroupName myResourceGroup -Location $location -VM $vmConfig

We can use this script to create Azure windows VM with unmanaged disk:
$location = "USGovTexas"
$rgname = "myResourceGroup"
New-AzureRmResourceGroup -Name myResourceGroup -Location $location
# Create a subnet configuration
$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig -Name mySubnet -AddressPrefix 192.168.1.0/24
# Create a virtual network
$vnet = New-AzureRmVirtualNetwork -ResourceGroupName myResourceGroup -Location $location `
-Name MYvNET -AddressPrefix 192.168.0.0/16 -Subnet $subnetConfig
# Create a public IP address and specify a DNS name
$pip = New-AzureRmPublicIpAddress -ResourceGroupName myResourceGroup -Location $location `
-AllocationMethod Static -IdleTimeoutInMinutes 4 -Name "mypublicdns$(Get-Random)"
# Create an inbound network security group rule for port 3389
$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig -Name myNetworkSecurityGroupRuleRDP -Protocol Tcp `
-Direction Inbound -Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * `
-DestinationPortRange 3389 -Access Allow
# Create an inbound network security group rule for port 80
$nsgRuleWeb = New-AzureRmNetworkSecurityRuleConfig -Name myNetworkSecurityGroupRuleWWW -Protocol Tcp `
-Direction Inbound -Priority 1001 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * `
-DestinationPortRange 80 -Access Allow
# Create a network security group
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName myResourceGroup -Location $location `
-Name myNetworkSecurityGroup -SecurityRules $nsgRuleRDP,$nsgRuleWeb
# Create a virtual network card and associate with public IP address and NSG
$nic = New-AzureRmNetworkInterface -Name myNic -ResourceGroupName myResourceGroup -Location $location `
-SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $nsg.Id
# Define a credential object
$cred = Get-Credential
#VM config
$vmsize = "Standard_DS2"
$vmName="myVM"
$vm = New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize
$pubName = ”MicrosoftWindowsServer”
$offerName = ”WindowsServer”
$skuName = ”2016-Datacenter”
$vm = Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $vmName -Credential $cred
$vm = Set-AzureRmVMSourceImage -VM $vm -PublisherName $pubName -Offer $offerName -Skus $skuName -Version "latest"
$vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $NIC.Id
# Create a new storage account
New-AzureRmStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "MyStorageAccount" -Location $location -SkuName "Standard_LRS"
# Disk setup
$diskName = ”jason-disk”
$storageaccount = "jasontest321"
$STA = Get-AzureRmStorageAccount -ResourceGroupName $rgName -Name $storageAccount
$OSDiskUri = $STA.PrimaryEndpoints.Blob.ToString() + "vhds/" + $diskName? + ".vhd"
$vm = Set-AzureRmVMOSDisk -VM $vm -Name $diskName -VhdUri $OSDiskUri -CreateOption fromImage
# Create the virtual machine
New-AzureRmVM -ResourceGroupName myResourceGroup -Location $location -VM $vm

Create Azure Load Balancer in existing v-net fears to "Not all Backend IP Configurations referenced by the Load Balancer"

I try to create a load balancer on azure via powershell, but in case I use an existing vnet from an different resource group I get an error.
(Not all Backend IP Configurations referenced by the Load Balancer). The load balancer should later be used for a VM Scale Set.
But I did not set the v-net and IPs for the BackendAddressPoolConfig, also I do not see how to do this.
$vnet= Get-AzureRmVirtualNetwork -Name $vnetname -ResourceGroupName $vnetrg -ErrorAction Stop
$subnetMain = $vnet.Subnets[2]
$subNetName = $subnetMain.Name
$frontendIP = New-AzureRmLoadBalancerFrontendIpConfig -Name LB-Frontend `
-SubnetId $subnetMain.Id
$beaddresspool= New-AzureRmLoadBalancerBackendAddressPoolConfig -Name "LB-backend"
$inboundNATRule1= New-AzureRmLoadBalancerInboundNatRuleConfig -Name "RDP" `
-FrontendIpConfiguration $frontendIP `
-Protocol TCP `
-FrontendPort 3389 `
-BackendPort 3389
$healthProbe = New-AzureRmLoadBalancerProbeConfig -Name "HealthProbe" `
-RequestPath "Default.htm" `
-Protocol http -Port 80 `
-IntervalInSeconds 15 `
-ProbeCount 2
$lbrule = New-AzureRmLoadBalancerRuleConfig -Name "HTTP" `
-FrontendIpConfiguration $frontendIP `
-BackendAddressPool $beAddressPool `
-Probe $healthProbe `
-Protocol Tcp `
-FrontendPort 80 `
-BackendPort 80
$nrplb = New-AzureRmLoadBalancer -ResourceGroupName $currentrg `
-Name "NRP-LB" `
-Location $loc `
-FrontendIpConfiguration $frontendIP `
-InboundNatRule $inboundNATRule1 `
-LoadBalancingRule $lbrule `
-BackendAddressPool $beAddressPool `
-Probe $healthProbe
Must I set the IP configuration for the backend? But how? Or is something earls wrong?

Today new Version 6.2.1 of Azure Powershell came out that. This solves the Problem.
See
https://github.com/Azure/azure-powershell/Releases

Create an Azure VM with an unmanaged disk

I'm trying to create an Azure VM with an unmanaged disk via PowerShell since managed disks aren't supported in Azure Government yet.
None of the documentation I could find for PowerShell VM creation references managed or unmanaged disks and the default seems to be managed disks. My VM creation fails with the following error:
New-AzureRmVM : Managed Disks are not supported in this region.
ErrorCode: BadRequest
Here's the script I'm using:
$location = "USGovTexas"
New-AzureRmResourceGroup -Name myResourceGroup -Location $location
# Create a subnet configuration
$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig -Name mySubnet -AddressPrefix 192.168.1.0/24
# Create a virtual network
$vnet = New-AzureRmVirtualNetwork -ResourceGroupName myResourceGroup -Location $location `
-Name MYvNET -AddressPrefix 192.168.0.0/16 -Subnet $subnetConfig
# Create a public IP address and specify a DNS name
$pip = New-AzureRmPublicIpAddress -ResourceGroupName myResourceGroup -Location $location `
-AllocationMethod Static -IdleTimeoutInMinutes 4 -Name "mypublicdns$(Get-Random)"
# Create an inbound network security group rule for port 3389
$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig -Name myNetworkSecurityGroupRuleRDP -Protocol Tcp `
-Direction Inbound -Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * `
-DestinationPortRange 3389 -Access Allow
# Create an inbound network security group rule for port 80
$nsgRuleWeb = New-AzureRmNetworkSecurityRuleConfig -Name myNetworkSecurityGroupRuleWWW -Protocol Tcp `
-Direction Inbound -Priority 1001 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * `
-DestinationPortRange 80 -Access Allow
# Create a network security group
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName myResourceGroup -Location $location `
-Name myNetworkSecurityGroup -SecurityRules $nsgRuleRDP,$nsgRuleWeb
# Create a virtual network card and associate with public IP address and NSG
$nic = New-AzureRmNetworkInterface -Name myNic -ResourceGroupName myResourceGroup -Location $location `
-SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $nsg.Id
# Define a credential object
$cred = Get-Credential
# Create a virtual machine configuration
$vmConfig = New-AzureRmVMConfig -VMName myVM -VMSize Standard_DS2_v2 | `
Set-AzureRmVMOperatingSystem -Windows -ComputerName myVM -Credential $cred | `
Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer `
-Skus 2016-Datacenter -Version latest | Add-AzureRmVMNetworkInterface -Id $nic.Id
# Create the virtual machine
New-AzureRmVM -ResourceGroupName myResourceGroup -Location $location -VM $vmConfig

We can use this script to create Azure windows VM with unmanaged disk:
$location = "USGovTexas"
$rgname = "myResourceGroup"
New-AzureRmResourceGroup -Name myResourceGroup -Location $location
# Create a subnet configuration
$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig -Name mySubnet -AddressPrefix 192.168.1.0/24
# Create a virtual network
$vnet = New-AzureRmVirtualNetwork -ResourceGroupName myResourceGroup -Location $location `
-Name MYvNET -AddressPrefix 192.168.0.0/16 -Subnet $subnetConfig
# Create a public IP address and specify a DNS name
$pip = New-AzureRmPublicIpAddress -ResourceGroupName myResourceGroup -Location $location `
-AllocationMethod Static -IdleTimeoutInMinutes 4 -Name "mypublicdns$(Get-Random)"
# Create an inbound network security group rule for port 3389
$nsgRuleRDP = New-AzureRmNetworkSecurityRuleConfig -Name myNetworkSecurityGroupRuleRDP -Protocol Tcp `
-Direction Inbound -Priority 1000 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * `
-DestinationPortRange 3389 -Access Allow
# Create an inbound network security group rule for port 80
$nsgRuleWeb = New-AzureRmNetworkSecurityRuleConfig -Name myNetworkSecurityGroupRuleWWW -Protocol Tcp `
-Direction Inbound -Priority 1001 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * `
-DestinationPortRange 80 -Access Allow
# Create a network security group
$nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName myResourceGroup -Location $location `
-Name myNetworkSecurityGroup -SecurityRules $nsgRuleRDP,$nsgRuleWeb
# Create a virtual network card and associate with public IP address and NSG
$nic = New-AzureRmNetworkInterface -Name myNic -ResourceGroupName myResourceGroup -Location $location `
-SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $nsg.Id
# Define a credential object
$cred = Get-Credential
#VM config
$vmsize = "Standard_DS2"
$vmName="myVM"
$vm = New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize
$pubName = ”MicrosoftWindowsServer”
$offerName = ”WindowsServer”
$skuName = ”2016-Datacenter”
$vm = Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $vmName -Credential $cred
$vm = Set-AzureRmVMSourceImage -VM $vm -PublisherName $pubName -Offer $offerName -Skus $skuName -Version "latest"
$vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $NIC.Id
# Create a new storage account
New-AzureRmStorageAccount -ResourceGroupName "MyResourceGroup" -AccountName "MyStorageAccount" -Location $location -SkuName "Standard_LRS"
# Disk setup
$diskName = ”jason-disk”
$storageaccount = "jasontest321"
$STA = Get-AzureRmStorageAccount -ResourceGroupName $rgName -Name $storageAccount
$OSDiskUri = $STA.PrimaryEndpoints.Blob.ToString() + "vhds/" + $diskName? + ".vhd"
$vm = Set-AzureRmVMOSDisk -VM $vm -Name $diskName -VhdUri $OSDiskUri -CreateOption fromImage
# Create the virtual machine
New-AzureRmVM -ResourceGroupName myResourceGroup -Location $location -VM $vm

Resources