Develop Reference

Azure: VM in another spoke virtual network cannot be accessed via RDP

I have the following Vnets
vnet-hub-poc-hubspoke is the Hub Vnet
it has the following subnets
with a firewall
and peered with Prod & Dev Vnets
Prod Vnet is configured as shown below
Dev Vnet is configured as shown below
I have following VMs created - one in each Vnet
with the below rules
I have the following Route tables
with the below configuration
I am able ping to the Firewall from both the VMs, however I am not able to RDP
What am I missing?
Update:: I guess the request is to going Firewall (10.11.253.4) but getting timed out.
C:\Users\kavija>tracert 10.13.2.4
Tracing route to 10.13.2.4 over a maximum of 30 hops
Update#2: I have used the below script
# Define Variable
rgName=SpokeToSpoke
location=eastus
hubVNetName=vnet-hub
prodVnetName=vnet-prod
devVnetName=vnet-dev
myFirewallPublicIPName="firewallPublicIP"
azFirewallName="azFirewallName"
azureworkloadRG="AzureProdWorkLoad"
azureDevWorkloadRG="AzureDevWorkLoad"
VmUser="demouserXXX"
VmName1="ProdSever"
VmName2="DevSever"
fwRouteTableProdName=prod-route-table
fwRouteTableDevName=dev-route-table
bastionName="MyBastion"
bastionPIPName="bastionpip"
rdpRuleName=AllowRDP
priority=200
rgroup=prod-ukw-core-rg
access=Allow
description="Allow RDP from office IP address"
destPort=3389
direction=Inbound
protocol=TCP
# Create Resource Group
az group create --name $rgName --location $location
# Create Azure Hub VNET
az network vnet create -g $rgName --name $hubVNetName --address-prefixes 10.11.0.0/16 --location $location
az network vnet subnet create -g $rgName --vnet-name $hubVNetName --name Management --address-prefix 10.11.1.0/24
az network vnet subnet create -g $rgName --vnet-name $hubVNetName --name AppGatewaySubnet --address-prefix 10.11.252.0/26
az network vnet subnet create -g $rgName --vnet-name $hubVNetName --name AzureBastionSubnet --address-prefix 10.11.252.64/27
az network vnet subnet create -g $rgName --vnet-name $hubVNetName --name AzureFirewallSubnet --address-prefix 10.11.253.0/26
az network vnet subnet create -g $rgName --vnet-name $hubVNetName --name GatewaySubnet --address-prefix 10.11.254.0/27
# Create Azure Dev VNET
az network vnet create -g $rgName --name $devVnetName --address-prefixes 10.12.0.0/16 --location $location
az network vnet subnet create -g $rgName --vnet-name $devVnetName --name Management --address-prefix 10.12.1.0/24
az network vnet subnet create -g $rgName --vnet-name $devVnetName --name Workload1 --address-prefix 10.12.2.0/24
# Create Azure Prod VNET
az network vnet create -g $rgName --name $prodVnetName --address-prefixes 10.13.0.0/16 --location $location
az network vnet subnet create -g $rgName --vnet-name $prodVnetName --name Management --address-prefix 10.13.1.0/24
az network vnet subnet create -g $rgName --vnet-name $prodVnetName --name Workload1 --address-prefix 10.13.2.0/24
# Dev Subnet NSG
az network nsg create -g $rgName -n Dev-Management-subnet -l $location -o table
az network nsg create -g $rgName -n Dev-Workload1-subnet -l $location -o table
az network vnet subnet update -g $rgName --vnet-name $devVnetName --name Management --network-security-group Dev-Management-subnet
az network vnet subnet update -g $rgName --vnet-name $devVnetName --name Workload1 --network-security-group Dev-Workload1-subnet
# Prod Subnet NSG
az network nsg create -g $rgName -n Prod-Management-subnet -l $location -o table
az network nsg create -g $rgName -n Prod-Workload1-subnet -l $location -o table
az network vnet subnet update -g $rgName --vnet-name $prodVnetName --name Management --network-security-group Prod-Management-subnet
az network vnet subnet update -g $rgName --vnet-name $prodVnetName --name Workload1 --network-security-group Prod-Workload1-subnet
# Enable RDP at NSG Level for Dev Workload
az network nsg rule create --name $rdpRuleName --nsg-name Dev-Workload1-subnet --priority $priority --resource-group $rgName --access $access --description "$description" --destination-port-ranges $destPort --direction $direction --protocol $protocol --source-address-prefixes "*"
# Enable RDP at NSG Level for Prod Workload
az network nsg rule create --name $rdpRuleName --nsg-name Prod-Workload1-subnet --priority $priority --resource-group $rgName --access $access --description "$description" --destination-port-ranges $destPort --direction $direction --protocol $protocol --source-address-prefixes "*"
# Create Firewall
az network public-ip create --name $myFirewallPublicIPName --resource-group $rgName --sku Standard --allocation-method Static
az network firewall create -g $rgName -n $azFirewallName --vnet-name $hubVNetName --sku AZFW_VNet --tier Standard
az network firewall ip-config create --firewall-name $azFirewallName --name FW-config1 --public-ip-address $myFirewallPublicIPName --resource-group $rgName --vnet-name $hubVNetName
az network firewall update --name $azFirewallName --resource-group $rgName
fwprivaddr="$(az network firewall ip-config list -g $rgName -f $azFirewallName --query "[?name=='FW-config1'].privateIpAddress" --output tsv)"
# Hub-Spoke-Hub Peering
az network vnet peering create -g $rgName --name HUBtoProd --vnet-name $hubVNetName --remote-vnet $prodVnetName --allow-vnet-access --allow-forwarded-traffic --allow-gateway-transit
az network vnet peering create -g $rgName --name HUBtoDEV --vnet-name $hubVNetName --remote-vnet $devVnetName --allow-vnet-access --allow-forwarded-traffic --allow-gateway-transit
az network vnet peering create -g $rgName --name ProdtoHUB --vnet-name $prodVnetName --remote-vnet $hubVNetName --allow-vnet-access --allow-forwarded-traffic --allow-gateway-transit
az network vnet peering create -g $rgName --name DEVtoHUB --vnet-name $devVnetName --remote-vnet $hubVNetName --allow-vnet-access --allow-forwarded-traffic --allow-gateway-transit
# Create Route table from Dev to Hub
az network route-table create --name $fwRouteTableDevName -g $rgName -l $location --disable-bgp-route-propagation true
az network route-table route create -g $rgName --name DevToProdSubnet-Route --route-table-name $fwRouteTableDevName --address-prefix 10.13.0.0/16 --next-hop-type VirtualAppliance --next-hop-ip-address $fwprivaddr
az network vnet subnet update -g $rgName --vnet-name $devVnetName -n Workload1 --address-prefixes 10.12.2.0/24 --route-table $fwRouteTableDevName
# Create Route table from Prod to Hub
az network route-table create --name $fwRouteTableProdName -g $rgName -l $location --disable-bgp-route-propagation true
az network route-table route create -g $rgName --name ProdToHubSubnet-Route --route-table-name $fwRouteTableProdName --address-prefix 10.12.0.0/16 --next-hop-type VirtualAppliance --next-hop-ip-address $fwprivaddr
az network vnet subnet update -g $rgName --vnet-name $prodVnetName -n Workload1 --address-prefixes 10.13.2.0/24 --route-table $fwRouteTableProdName
# Create Azure Bastion for Azure
az network public-ip create --resource-group $rgName --name $bastionPIPName --sku Standard --location $location
az network bastion create --name $bastionName --public-ip-address $bastionPIPName --resource-group $rgName --vnet-name $hubVNetName --location $location
# Create VM in Dev Vnet - Workload1 Subnet to test Spoke-to-Spoke communication
az group create --name $azureDevWorkloadRG --location $location
devWorkLoadSubNetID=$(az network vnet subnet show --resource-group $rgName --name "Workload1" --vnet-name $devVnetName --query id -o tsv)
az vm create --resource-group $azureDevWorkloadRG --name $VmName --image win2016datacenter --admin-username $VmUser --admin-password $AdminPassword --size Standard_B1s --use-unmanaged-disk --storage-sku Standard_LRS --subnet $devWorkLoadSubNetID --nsg "" --public-ip-address ""
# Create VM in Prod VNet - Workload1 Subnet
az group create --name $azureworkloadRG --location $location
prodWorkLoadSubNetID=$(az network vnet subnet show --resource-group $rgName --name "Workload1" --vnet-name $prodVnetName --query id -o tsv)
az vm create --resource-group $azureworkloadRG --name $VmName1 --image win2016datacenter --admin-username $VmUser --admin-password $AdminPassword --size Standard_B1s --use-unmanaged-disk --storage-sku Standard_LRS --subnet $prodWorkLoadSubNetID --nsg "" --public-ip-address ""
Update#3: I tried creating the Gateway as well
# Azure VNET Gateway
az network public-ip create -g $rgName --name pip-hub-gateway --allocation-method dynamic --dns-name $hubVNetName
az network vnet-gateway create -g $rgName --name vgw --vnet $hubVNetName --public-ip-address pip-hub-gateway --gateway-type vpn --client-protocol SSTP --sku Basic
az network vnet peering create -g $rgName --name ProdtoHUB --vnet-name $prodVnetName --remote-vnet $hubVNetName --allow-vnet-access --allow-forwarded-traffic --allow-gateway-transit --use-remote-gateways
az network vnet peering create -g $rgName --name DEVtoHUB --vnet-name $devVnetName --remote-vnet $hubVNetName --allow-vnet-access --allow-forwarded-traffic --allow-gateway-transit --use-remote-gateways
az network route-table route create -g $rgName --name DevToProdSubnet-Route --route-table-name $fwRouteTableDevName --address-prefix 10.13.0.0/16 --next-hop-type VirtualNetworkGateway
az network route-table route create -g $rgName --name ProdToHubSubnet-Route --route-table-name $fwRouteTableProdName --address-prefix 10.12.0.0/16 --next-hop-type VirtualNetworkGateway

Remote Desktop can't connect to the remote computer for one of these reasons:
Remote access to the service is not enabled
The remote computer is turned off Verified through the Azure Portal it is turned on because Start is faded, while Restart and Stop are not
The remote computer is not available on the network.
To resolve this issue please check your vm resource health are available in healthy state this may impact connectivity to the Vm in azure platform. if it's not in healthy you can diagnose and solve problem.
Try to Reset password configuration only this will help to prevent the RDP configuration when Remote Connections is deactivated, or RDP is being blocked by Windows Firewall rules. And try to access the RDP
Make sure you have configured Boot diagnostics try to enable diagnostics, you can see the screenshot of the boot diagnostics and download the screenshot of serial log and investigate the issue of console log and verify the console log of additional information to determine why RDP is not functioning in your situation.
Try to reset your user credentials and provide username and password and update. it reset a local administrator password and try to access the RDP
Orelse, in virtual machine -> networking under setting -> click on your network interface as (web server) -> in network intterface -> ip configuration click on private ip address
Try to change Assignment as static and provide different static ip address and save and try to access VM through RDP once RDP is connected changed to Dynamic
Suppose you are not able to access RDP try to Redeploy as below. it will redeploy the virtual machine in another host within the azure if any underlying issue or networking issue by redeploying we can resolve this issue and ephemeral disk data will lost and dynamic IP addresses that are associated with the VM are updated.

What kind of firewall rules do you have?
I have three more suggestion:
1) check if you have NSG attached to VM NICs
Using both subnet-attached and NIC-attached NSG rules is not recommended. Not sure from the screenshot if subnet-attached NSG is the only NSG
Default rule 65000 should allow access from peered VNet anyway
Unless you have a specific reason to, we recommend that you associate a network security group to a subnet, or a network interface, but not both. Since rules in a network security group associated to a subnet can conflict with rules in a network security group associated to a network interface, you can have unexpected communication problems that require troubleshooting.
ref: https://learn.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
2) Check RDP setting
I personally had to run reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v MaxOutstandingConnectionsx /t REG_DWORD /d 10000 on serial console for few installations to get RDP working
3) Capture network traffic
Capture network traffic on destination subnet to see
if traffic goes through firewall
and to see if destination VM sends back ACK packets for initial SYN segments
Then compare captured traffic with firewall rules, statistics and log to find out if firewall is blocking access.

Using the script below, I was able to establish communication between the spoke networks
Reference:
https://github.com/jillesca/azure/tree/main/hub%20%26%20spoke
az group create --name techTalk --location eastus
az network vnet create \
--name hub-vnet \
--resource-group techTalk \
--subnet-name hub-subnet \
--address-prefixes 10.0.0.0/16 \
--subnet-prefixes 10.0.1.0/24
az network vnet create \
--name spoke1-vnet \
--resource-group techTalk \
--subnet-name spoke1-subnet \
--address-prefixes 10.1.0.0/16 \
--subnet-prefixes 10.1.1.0/24
az network vnet create \
--name spoke2-vnet \
--resource-group techTalk \
--subnet-name spoke2-subnet \
--address-prefixes 10.2.0.0/16 \
--subnet-prefixes 10.2.1.0/24
az network vnet subnet create \
--vnet-name hub-vnet \
--name GatewaySubnet \
--resource-group techTalk \
--address-prefix 10.0.255.0/27
az network public-ip create \
--name gateway-ip-address \
--resource-group techTalk \
--allocation-method Dynamic \
--sku Basic
az network vnet-gateway create \
--name vnet-Gateway \
--location eastus \
--public-ip-address gateway-ip-address \
--resource-group techTalk \
--vnet hub-vnet \
--gateway-type Vpn \
--sku Standard \
--vpn-type RouteBased \
--no-wait
az network route-table create \
--resource-group techTalk \
--name spoke1RouteTable
az network route-table route create \
--name spoke1ToSpoke2 \
--resource-group techTalk \
--route-table-name spoke1RouteTable \
--address-prefix 10.2.1.0/24 \
--next-hop-type VirtualNetworkGateway
az network vnet subnet update \
--vnet-name spoke1-vnet \
--name spoke1-subnet \
--resource-group techTalk \
--route-table spoke1RouteTable
az network route-table create \
--resource-group techTalk \
--name spoke2RouteTable
az network route-table route create \
--name spoke2ToSpoke1 \
--resource-group techTalk \
--route-table-name spoke2RouteTable \
--address-prefix 10.1.1.0/24 \
--next-hop-type VirtualNetworkGateway
az network vnet subnet update \
--vnet-name spoke2-vnet \
--name spoke2-subnet \
--resource-group techTalk \
--route-table spoke2RouteTable
az network vnet peering create \
--resource-group techTalk \
--name spoke1-Peering \
--vnet-name hub-vnet \
--remote-vnet spoke1-vnet \
--allow-vnet-access \
--allow-gateway-transit \
--allow-forwarded-traffic
az network vnet peering create \
--resource-group techTalk \
--name spoke1-hub-Peering \
--vnet-name spoke1-vnet \
--remote-vnet hub-vnet \
--allow-vnet-access \
--use-remote-gateways
az network vnet peering create \
--resource-group techTalk \
--name spoke2-Peering \
--vnet-name hub-vnet \
--remote-vnet spoke2-vnet \
--allow-vnet-access \
--allow-gateway-transit \
--allow-forwarded-traffic
az network vnet peering create \
--resource-group techTalk \
--name spoke2-hub-Peering \
--vnet-name spoke2-vnet \
--remote-vnet hub-vnet \
--allow-vnet-access \
--use-remote-gateways
az network nsg create -g techTalk -n spoke1-subnet-ng -l eastus
az network nsg create -g techTalk -n spoke2-subnet-ng -l eastus
az network vnet subnet update \
--vnet-name spoke1-vnet \
--name spoke1-subnet \
--resource-group techTalk \
--route-table spoke1RouteTable \
--network-security-group spoke1-subnet-ng
az network vnet subnet update \
--vnet-name spoke2-vnet \
--name spoke2-subnet \
--resource-group techTalk \
--route-table spoke2RouteTable \
--network-security-group spoke2-subnet-ng
az network nsg rule create --name rdpRule --nsg-name spoke1-subnet-ng --priority 200 --resource-group techTalk --access Allow --description "Allow RDP" --destination-port-ranges 3389 --direction Inbound --protocol TCP --source-address-prefixes "*"
az network nsg rule create --name rdpRule --nsg-name spoke2-subnet-ng --priority 200 --resource-group techTalk --access Allow --description "Allow RDP" --destination-port-ranges 3389 --direction Inbound --protocol TCP --source-address-prefixes "*"
az network vnet subnet create -g techTalk --vnet-name hub-vnet --name AzureBastionSubnet --address-prefix 10.0.252.64/27
az network public-ip create --resource-group techTalk --name bastionpip --sku Standard --location eastus
az network bastion create --name MyBastion --public-ip-address bastionpip --resource-group techTalk --vnet-name hub-vnet --location eastus --no-wait
# Create VM in Dev Vnet - Workload1 Subnet to test Spoke-to-Spoke communication
devWorkLoadSubNetID=$(az network vnet subnet show --resource-group techTalk --name spoke1-subnet --vnet-name spoke1-vnet --query id -o tsv)
az vm create --resource-group techTalk --name VM1 --image win2016datacenter --admin-username $VmUser --admin-password $AdminPassword --size Standard_B1s --use-unmanaged-disk --storage-sku Standard_LRS --subnet $devWorkLoadSubNetID --nsg "" --public-ip-address "" --no-wait
# Create VM in Prod VNet - Workload1 Subnet
prodWorkLoadSubNetID=$(az network vnet subnet show --resource-group techTalk --name spoke2-subnet --vnet-name spoke2-vnet --query id -o tsv)
az vm create --resource-group techTalk --name VM2 --image win2016datacenter --admin-username $VmUser --admin-password $AdminPassword --size Standard_B1s --use-unmanaged-disk --storage-sku Standard_LRS --subnet $prodWorkLoadSubNetID --nsg "" --public-ip-address "" --no-wait

Virtual Machine Administrator Login error (azure vm)

I have followed following document
https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-linux
and ran these commands
az vm extension set
--publisher Microsoft.Azure.ActiveDirectory
--name AADSSHLoginForLinux
--resource-group AzureADLinuxVM
--vm-name myVM
username=$(az account show --query user.name --output tsv)
vm=$(az vm show --resource-group AzureADLinuxVM --name myVM --query id -o tsv)
az role assignment create
--role "Virtual Machine Administrator Login"
--assignee $username
--scope $vm
but when I am trying to login using
ssh -l email ip
it throws error as "permission denied (public key)" can someone help me through this?

Azure - cannot get "Network Profile"

my Admin in Azure with full permissions runs the command to retrieve the network profile ID with deployed Virtual Network and Subnet which we are using but the command always returns the empty response:
az network profile list --resource-group myResourceGroup \
--query [0].id --output tsv
It has permissions, resourceGroup value is correct what should be the case?
Why it gets empty response? It is really essential for us to retrieve this value.
The output should contain value in this format:
/subscriptions/<Subscription ID>/resourceGroups/myResourceGroup/providers/Microsoft.Network/networkProfiles/aci-network-profile-aci-vnet-aci-subnet
Thank you

You could verify if you have deployed ACI in that VNet instead of only a standard VNet. When use az network profile, Currently, only Azure Container Instances are supported.
When you first use the az container create command to deploy a container group to a subnet (and thus a virtual network), Azure creates a network profile for you. You can then use that network profile for future deployments to the subnet.
For example, if you create a container group in a new VNet or an existing VNet referring to this.
az container create \
--name appcontainer \
--resource-group myResourceGroup \
--image mcr.microsoft.com/azuredocs/aci-helloworld \
--vnet aci-vnet \
--vnet-address-prefix 10.0.0.0/16 \
--subnet aci-subnet \
--subnet-address-prefix 10.0.0.0/24
Then you will list the network profile in that resource group.
Update
If you want to deploy a container in an existing VNet, you can deploy it like this with --vnet NAME --subnet NAME | --vnet ID --subnet NAME | --subnet ID:
az container create --name appcontainer --resource-group nancylab --image mcr.microsoft.com/azuredocs/aci-helloworld --vnet aci-vnet --subnet subnet1

How do I pass a variable from the azure resource manager json template to the CLI.

I have a cli script that i am trying to turn into an arm template. I need to be able to pass a variable from the ARM template JSON variables object to the CLI so i can set environment variables so i can setup the database. Is there a way to accomplish this script within the arm template or a way to pass the variables from the Json template file?
#Variables
ACI_RANDOM=$RANDOM
ACI_APPNAME=jimfin$ACI_RANDOM
ACI_SUBSCRIPTION=Sandbox
ACI_PERS_RESOURCE_GROUP=$ACI_APPNAME
ACI_PERS_STORAGE_ACCOUNT_NAME=$ACI_PERS_RESOURCE_GROUP$ACI_APPNAME
ACI_PERS_LOCATION=eastus
ACI_PERS_SHARE_NAME=source
ACI_APP_SERVICE_PLAN=$ACI_APPNAME
ACI_SQL=database$ACI_APPNAME
ACI_FIREWALL=firewallrule$ACI_RANDOM
WORDPRESS_DB_NAME=wordpress
WORDPRESS_DB_HOST=$ACI_SQL.mysql.database.azure.com
WORDPRESS_DB_PASSWORD=My5up3rStr0ngPaSw0rd!
WORDPRESS_DB_USER=$WORDPRESS_DB_NAME#$ACI_SQL
#Bring in git repo
cd ~
git clone https://github.com/cacorg/WPYAML-Files
cd WPYAML-Files
#Create APP SERVICE
az group create --subscription $ACI_SUBSCRIPTION --name $ACI_PERS_RESOURCE_GROUP --location "$ACI_PERS_LOCATION"
az appservice plan create --name $ACI_APP_SERVICE_PLAN --subscription $ACI_SUBSCRIPTION --resource-group $ACI_PERS_RESOURCE_GROUP --sku S1 --is-linux
az webapp create --subscription $ACI_SUBSCRIPTION --resource-group $ACI_PERS_RESOURCE_GROUP --plan $ACI_APP_SERVICE_PLAN --name $ACI_APPNAME --multicontainer-config-type compose --multicontainer-config-file docker-compose-wordpress.yml
#PERSISTENT STORAGE
az webapp config appsettings set --subscription $ACI_SUBSCRIPTION --resource-group $ACI_PERS_RESOURCE_GROUP --name $ACI_APPNAME --settings WEBSITES_ENABLE_APP_SERVICE_STORAGE=TRUE
# Create Persistent sQL DB
az mysql server create --subscription $ACI_SUBSCRIPTION --resource-group $ACI_PERS_RESOURCE_GROUP --name $ACI_SQL --location "$ACI_PERS_LOCATION" --admin-user $WORDPRESS_DB_NAME --admin-password $WORDPRESS_DB_PASSWORD --sku-name B_Gen4_1 --version 5.7
az mysql server firewall-rule create --name ACI_FIREWALL --server $ACI_SQL --subscription $ACI_SUBSCRIPTION --resource-group $ACI_PERS_RESOURCE_GROUP --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0
az mysql db create --subscription $ACI_SUBSCRIPTION --resource-group $ACI_PERS_RESOURCE_GROUP --server-name $ACI_SQL --name $WORDPRESS_DB_NAME
az webapp config appsettings set --subscription $ACI_SUBSCRIPTION --resource-group $ACI_PERS_RESOURCE_GROUP --name $ACI_APPNAME --settings WORDPRESS_DB_HOST="$WORDPRESS_DB_HOST" WORDPRESS_DB_USER="$WORDPRESS_DB_USER" WORDPRESS_DB_PASSWORD="$WORDPRESS_DB_PASSWORD" WORDPRESS_DB_NAME="$WORDPRESS_DB_NAME"
#UPDATE WEBAPP
az webapp config container set --subscription $ACI_SUBSCRIPTION --resource-group $ACI_PERS_RESOURCE_GROUP --name $ACI_APPNAME --multicontainer-config-type compose --multicontainer-config-file docker-compose-wordpress.yml
#PERSISTENT STORAGE
az webapp config appsettings set --subscription $ACI_SUBSCRIPTION --resource-group $ACI_PERS_RESOURCE_GROUP --name $ACI_APPNAME --settings WEBSITES_ENABLE_APP_SERVICE_STORAGE=TRUE
az webapp config container set --subscription $ACI_SUBSCRIPTION --resource-group $ACI_PERS_RESOURCE_GROUP --name $ACI_APPNAME --multicontainer-config-type compose --multicontainer-config-file docker-compose-wordpress.yml

Well, arm templates have outputs section, which you can use to return data as output from the template and then you can parse it:
az group deployment create -g name --template-uri https://raw.githubusercontent.com/Azure/azure-docs-json-samples/master/azure-resource-manager/functions/intersection.json |
jq '.properties.outputs.objectOutput.value'
you can save it to a variable and use it

re-naming resources in Azure

Is there a way to rename resources in Azure? I create a VM and azure has created a number of resources with some unfriendly names. Specifically the NIC Azure named it Interlinkclone-nic-5a216a7b39ac47d3be6f9e6415221161, which is really a pain to type in the CLI.
I tried to create another NIC but I can find how to attach it the VM.

Currently, Azure does not support rename NIC. Please refer to this feedback.
But you could create NIC with specified name firstly, when you create VM then attach it to VM. You could use the following example.
##create NIC with specified name
az network nic create \
--resource-group myResourceGroup \
--name myNic \
--vnet-name myVnet \
--subnet mySubnet \
--public-ip-address myPublicIP \
--network-security-group myNetworkSecurityGroup
##create VM
az vm create \
--resource-group myResourceGroup \
--name myVM \
--location eastus \
--availability-set myAvailabilitySet \
--nics myNic \
--image UbuntuLTS \
--admin-username azureuser \
--generate-ssh-keys
More information about this please refer to this link.
If you want to add a new nic to your VM, you also could check this official document.