Tag Archives: CBA

Managing Azure using PowerShell

As already (briefly) mentioned in my previous blog post you better use PowerShell for more complex management tasks, when creating multiple similar resources and when you want to perform repetitive tasks that are prone to error in the GUI.

PowerShell was developed in the early 2000’s and created as a common management interface for all Microsoft operating systems and applications. By default, each Windows machine is configured with PowerShell, which can be used for managing that particular machine (or similar machines in the same network). For applications it’s different, each application (both Microsoft, but 3rd party as well) comes with its own PowerShell module. There are PowerShell modules for Active Directory, for Exchange server, for SharePoint server etc. Sometimes it’s an addition to the installed PowerShell module (like Azure), sometimes it’s installed as a separate PowerShell module like the Exchange Management Shell (Exchange PowerShell) or Azure Active Directory PowerShell.

Installing Azure PowerShell is relatively easy. You can use the Web Platform Installer (found on https://www.microsoft.com/web/downloads/platform.aspx) or you can use the following PowerShell commands in a PowerShell window with elevated privileges:

Install-Module AzureRM
Install-Module Azure

The latter is used to import the classic PowerShell module, similar to the classic portal as discussed in my previous blog post.

To import the Azure Resource Management module into the existing PowerShell execute the following commands:

Set-ExecutionPolicy Unrestricted
Import-Module AzureRm

That’s enough to install the Azure PowerShell modules on your machine. You can login to Azure using the following command:

Login-AzureRmAccount

A pop-up will appear to enter your credentials, and when authenticated you have a connection with Microsoft Azure. Enter the Get-AzureRMResourceGroup to see the Resource Groups in use in your environment:

image

The cool thing about PowerShell is that you can work with variables. For example, you can store the credentials in a variable called $Cred. Execute the following command in PowerShell:

$Cred = Get-Credentials <your tenant admin account>
Login-AzureRMAccount -Credential $Cred

For retrieving the credentials a small pop-up box is presented where you have to enter the administrator password.

Note. This works with a regular school or workaccount, but this does not work with a Microsoft account (i.e. Hotmail, Outlook or Live account).

Certificate based authentication

Using a username and password is not convenient when working with scripts, since scripts should have the possibility to run completely unattended. To overcome this you can use certificate based authentication. You install an Azure certificate on your workstation or server, and this certificate is used to authenticate the session.

When working with certificate based authentication there’s a difference between Azure Service Manager (the classic way) and the Azure Resource Manager mode. In ASM you have to generate and import the certificate using the Get-PublishSettingsFile and the Import-PublishSettingsFile, while in ARM you have to request the certificate and create an application and service principal to use the certificate.

I’ll get back on certificate based authentication in a future blogpost.