I understand that there is way to enable Antimalware for Azure VM like below:
But I don't see such option when creating a Cloud Service.
There is a worker role running on Azure Cloud Service. The organization has a security rule of having Antimalware on the machines.
Does a Cloud Service by default contain antimalware?
I Wish Microsoft were better at documenting their stuff. It seems that AntiMalware extension is also avialable for Cloud Services, not only Virtual Machines. But this can only be understood from the PowerShell reference here. And another resource entirely for Extensions on Cloud Services.
A valid and working PowerShell Script can be found here:
Add-AzureAccount
# use Select-AzureSubscription in case your account has more than one
Select-AzureSubscription -SubscriptionName 'PUT HERE YOUR SUBSCRIPTION'
[System.Xml.XmlDocument] $XmlConfig = New-Object System.Xml.XmlDocument
# load the Antimalware extension configuration from external XML file
# The content of the XML needs to be:
# <AntimalwareConfig><AntimalwareEnabled>true</AntimalwareEnabled></AntimalwareConfig>
# ref.: http://msdn.microsoft.com/en-US/library/azure/dn771718
$XmlConfig.load('D:\tmp\AntiMalware.config')
Set-AzureServiceAntimalwareExtension -ServiceName "PUT HERE THE CLOUD SERVICE NAME" -AntimalwareConfiguration $XmlConfig
Related
I am trying to put some auto start policy on my VM on Azure.
So, I used automation account and power shell script to do this from this link: https://adamtheautomator.com/azure-vm-schedule/
But on testing it give me error of Run Login-AzureRmAccount to login
Please suggest how to fix this?
## Get the Azure Automation Acount Information
$azConn = Get-AutomationConnection -Name 'AzureRunAsConnection'
## Add the automation account context to the session
Add-AzureRMAccount -ServicePrincipal -Tenant $azConn.TenantID -ApplicationId $azConn.ApplicationId -CertificateThumbprint $azConn.CertificateThumbprint
## Get the Azure VMs with tags matching the value '10am'
$azVMs = Get-AzureRMVM | Where-Object {$_.Tags.StartTime -eq '10am'}
## Start VMs
$azVMS | Start-AzureRMVM
Regards
ESNGSRJ
This can happen when the Run As account isn't configured appropriately. You will need to create one to provide authentication for managing resources on the Azure Resource Manager using Automation runbooks.
When you create a Run As account, it performs the following tasks:
Creates an Azure AD application with a self-signed certificate, creates a service principal account for the application in Azure AD, and assigns the Contributor role for the account in your current subscription.
Creates an Automation certificate asset named AzureRunAsCertificate in the specified Automation account.
Creates an Automation connection asset named AzureRunAsConnection in the specified Automation account.
Please note the following requirements from the referenced link:
You must have an Azure Automation Account with an Azure Run As account already prepared. If you don’t have this yet, learn how to create one when you go to Create a new Automation account in the Azure portal.
The Azure PowerShell module must be installed. If you don’t have this yet, please go to the Install the Azure PowerShell module page for more information.
Note: You can configure your Runbook to use managed identities as well and it has added benefits as compared to using Run As accounts. You can get started with this tutorial to use managed identity.
I'm simply trying to extract the below information using Az PowerShell.
Resource on portal
Already tried the below commands
Get-AzCloudService -ResourceGroupName "testCosmosDB" # it gives no result.
Get-AzCloudService -ResourceGroupName "testCosmosDB" -CloudServiceName "testnameon" # as shown below.
The reason you're getting this error is because Az PowerShell module only support Cloud Services (Extended Support) and not Cloud Services (Classic).
One option for you is to migrate your classic Cloud Services to Cloud Services (Extended Support). You can learn more about the migration here: https://learn.microsoft.com/en-us/azure/cloud-services-extended-support/overview#migration-to-azure-resource-manager.
Another option (not sure if it is even viable) is to make use of really old version of Azure PowerShell (even before AzureRM) which has support for classic resources.
I need your help.
I have an azure analysis service that I want to start and pause at different times of the day.
I want to use Powershell to execute a script to do this task.
Do you know how I can do it?
Thank you for your help
Here are the steps to start and pause Azure Analysis services with on premise powershell:
Step1: Import Az.AnalysisServices module
To create a server in your subscription, you use the Az.AnalysisServices module. Load the Az.AnalysisServices module into your PowerShell session.
Import-Module Az.AnalysisServices
Step2: Sign in to Azure
Sign in to your Azure subscription by using the Connect-AzAccount command. Follow the on-screen directions.
Connect-AzAccount
Step3: [Only run if you have multiple Azure Subscription].
The Set-AzContext cmdlet sets authentication information for cmdlets that you run in the current session. The context includes tenant, subscription, and environment information.
Set-AzContext -SubscriptionId "xxxx-xxxx-xxxx-xxxx"
Step4: Gets the details of an Analysis Services server.
The Get-AzAnalysisServicesServer cmdlet gets the details of an Analysis Services server.
Get-AzAnalysisServicesServer -ResourceGroupName "ResourceGroup03" -Name "testserver"
To start Azure Analysis services, use Resume-AzAnalysisServicesServer
The Resume-AzAnalysisServicesServer cmdlet resumes an instance of Analysis Services server
Resume-AzAnalysisServicesServer -Name "testserver" -ResourceGroupName "testgroup"
To stop Azure Analysis services, use Suspend-AzAnalysisServicesServer
The Suspend-AzAnalysisServicesServer cmdlet suspends an instance of Analysis Services server
Suspend-AzAnalysisServicesServer -Name "testserver" -ResourceGroupName "testgroup"
Reference: Azure Analysis services – Azure PowerShell cmdlets
Now using Azure Automation, you can schedule start & stop of Azure Analysis Services as per required time in a day.
In TFS I selected Azure VMs File Copy:
My machine is classic and I created classic storage account. I set up the connection using username and password, not management certificate.
The storage account and cloud service I had to populate myself, because they did not appear in the drop-down menu (so possibly something is wrong already at this stage).
In the Cloud Service I entered MyMachine.cloudapp.net.
The task starts, it seems to login successfully, but throws:
Unable to find type [Hyak.Common.CloudException]
Log:
2017-11-24T14:21:28.80333Z Add-AzureAccount -Credential $psCredential
2017-11-24T14:21:35.866333Z Select-AzureSubscription -SubscriptionId -Default
2017-11-24T14:21:35.882333Z Set-AzureSubscription -SubscriptionId yy -CurrentStorageAccountName yyy
2017-11-24T14:21:35.898333Z ##[debug]Starting Azure File Copy Task
2017-11-24T14:21:35.898333Z ##[debug]connectedServiceNameSelector = ConnectedServiceName
2017-11-24T14:21:35.898333Z [debug]connectedServiceName = yyyyyy
(..)
2017-11-24T14:21:35.991333Z ##[debug]Loading AzureUtilityLTE9.8.ps1
2017-11-24T14:21:36.007333Z ##[debug]Connection type used is
UsernamePassword
2017-11-24T14:21:36.022333Z ##[debug]Azure
CallRetrieving storage key for the storage account:
mystorageaccount
2017-11-24T14:21:38.924333Z ##[error]Unable to find type
[Hyak.Common.CloudException].
Please help.
Actually you don't need to manually type the storage account, it will auto appear in the drop list. You just need to specify a pre-existing classic storage account. It is also used as an intermediary for copying files to Azure VMs.
Classic Storage Account
Required if you select Azure Classic for the Azure Connection Type
parameter. The name of an existing storage account within the Azure
subscription.
According to your log, the issue may related to the storage account setting. Double check this configuration under your Azure subscription.
Also suggest you go through this documentation to get more info of the Azure File Copy task. Such as make sure the machine should configured to allow WinRM connections.
Is It possible to rename hosted service of windows azure? I created it with a wrong name and I want to rename it.
Seems not possible. You might have to remove and recreate.
You can relabel the Azure Hosted Cloud Service by using the Azure Powershell SDK. You just need to download the publish settings before you can execute any Azure Cmdlets. Use Set-AzureService to update the Azure Cloud Service name.
Rename Azure Cloud Service.ps1
import-module Azure
# download publish settings
Get-AzurePublishSettingsFile
# import settings you just downloaded
Import-AzurePublishSettingsFile "C:\Users\<user>\Downloads\MySub-DATE-credentials.publishsettings"
# view subscription details
Get-AzureSubscription
# select active subscription
Select-AzureSubscription 'MySub'
# view cloud services for selected sub
Get-AzureService
# update cloud service name/description
Set-AzureService 'myServiceName' 'Friendly Service Name' 'Detailed Service Description'