James Dumont Le Douarec JamesDLD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Login first with Connect-AzAccount if not using Cloud Shell | |
| ## Variable | |
| $scope = Get-AzResourceGroup -Name "jdld-we-demo-wvd-rg1" #Replace it with your target scope | |
| $logAnalytics = Get-AzOperationalInsightsWorkspace -Name "jdld-we-demo-wvd-wu2-logaw1" -ResourceGroupName "jdld-we-demo-wvd-rg1" #Replace it with your target Log Analytics Workspace | |
| $roleDefinitionId = (Get-AzRoleDefinition -Name "Contributor").Id #For the Demo we will assing the "Contributor" privilege to our Policy Assignment Managed Identity | |
| $initiativePolicy = Get-AzPolicySetDefinition -Name 'Windows Virtual Desktop Resources Diagnostic Settings' | |
| $params = @{'logAnalytics'=($logAnalytics.ResourceId)} | |
| ## Assign the Initiative Policy |
JamesDLD
/ policyInitiativeCreation.ps1
Created
June 5, 2020 14:21
The following script will create the Policy initiative definition.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Login first with Connect-AzAccount if not using Cloud Shell | |
| ## Variable | |
| $parameters = Invoke-RestMethod -Uri "https://raw.githubusercontent.com/JamesDLD/AzureRm-Template/master/Create-WvdDiagnosticsPolicy/parameters.json" | |
| ## Create the Policy Definition for the Windows Virtual Desktop Workspaces | |
| $workspacesPolicy = New-AzPolicyDefinition -Name 'Windows Virtual Desktop Workspaces Diagnostic Settings' ` | |
| -DisplayName 'Deploy Diagnostic Settings for Windows Virtual Desktop Workspaces to Log Analytics workspace' ` | |
| -Policy "https://raw.githubusercontent.com/JamesDLD/AzureRm-Template/master/Create-WvdDiagnosticsPolicy/workspaces.json" ` | |
| -Parameter ($parameters | ConvertTo-Json) ` |
JamesDLD
/ Create-WvdWorkspaceDiagnosticsPolicy.ps1
Last active
June 3, 2020 14:46
Demonstrate how to send the diagnostic settings of a Windows Virtual Desktop workspace to a Log Analytics workspace.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| New-AzPolicyDefinition -Name 'Windows Virtual Desktop Workspace Diagnostic Settings' ` | |
| -DisplayName 'Deploy Diagnostic Settings for Windows Virtual Desktop Workspace to Log Analytics workspace' ` | |
| -Policy "https://raw.githubusercontent.com/JamesDLD/AzureRm-Template/master/Create-WvdDiagnosticsPolicy/workspaces.json" ` | |
| -Parameter "https://raw.githubusercontent.com/JamesDLD/AzureRm-Template/master/Create-WvdDiagnosticsPolicy/parameters.json" ` | |
| -Metadata '{"category":"Log Monitor"}' ` | |
| -Mode Indexed |
JamesDLD
/ Add-DbxServicePrincipal.ps1
Created
May 25, 2020 08:50
Add a Databricks Service Principal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get the Service Principal dbx-datascientist-spn1 | |
| $datascientist_spn = Get-AzADServicePrincipal -DisplayName "dbx-datascientist-spn1" | |
| # Get Databricks groups | |
| $headers = @{ | |
| "Authorization"="Bearer $apiKey"; | |
| "Content-Type" = "application/scim+json"; | |
| } | |
| $uri = "$uriroot/2.0/preview/scim/v2/Groups" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get Databricks groups | |
| $headers = @{ | |
| "Authorization"="Bearer $apiKey"; | |
| "Content-Type" = "application/scim+json"; | |
| } | |
| $uri = "$uriroot/2.0/preview/scim/v2/Groups" | |
| $Groups = Invoke-RestMethod -Method 'Get' -Uri $uri -Headers $headers | |
| $Groups.Resources |
JamesDLD
/ Get-DbxServicePrincipal.ps1
Created
May 25, 2020 08:40
Get a Databricks Service Principal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get service principal by ID | |
| $headers = @{ | |
| "Authorization"="Bearer $apiKey"; | |
| "Content-Type" = "application/scim+json"; | |
| "X-Databricks-Azure-SP-Management-Token"=$apiKeyManagement; | |
| "X-Databricks-Azure-Workspace-Resource-Id"="/subscriptions/$SubscriptionId/resourceGroups/$ResourceGroupName/providers/Microsoft.Databricks/workspaces/$WorkspaceName" | |
| } | |
| $params = @{ | |
| "applicationId"="$servicePrincipleNameId"; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Variables | |
| $DBXressource = "2ff814a6-3304-4ab8-85cb-cd0e6f879c1d" # CF. AzureDatabricks AzureAD application. Seems unique for all Azure AD tenant. | |
| $servicePrincipalName = "dbx-adm-spn1" # Service Principal that has the Owner privilege on the Databricks resource "dld-corp-mvp-dbx" | |
| $servicePrincipalSecret = "SecureSecret" # The Service Principal Secret | |
| $SubscriptionId="xxxx-xxx-xxxx-xxxx" # The Subscription id where the Databricks ressource belongs to | |
| $ResourceGroupName = "dld-corp-mvp-dataplatform" # The Rresource Group name where the Databricks ressource belongs to | |
| $WorkspaceName = "dld-corp-mvp-dbx" # The name of the Databricks ressource | |
| $Resource = "https://management.core.windows.net/" | |
| # Connect to Azure |
JamesDLD
/ pe-scenario3.ps1
Created
April 13, 2020 10:46
A Private Endpoint with its Resource in the Application's Resource Group and its Ip address in a remote Virtual Network.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| New-AzResourceGroupDeployment -Name "mystorageaccountname-pe1" -ResourceGroupName "MyAppRgName" ` | |
| -TemplateUri https://raw.githubusercontent.com/JamesDLD/AzureRm-Template/master/Create-AzPrivateEnpoints/azuredeploy.json ` | |
| -tags "{""MyTagKey1"":""MyTagKey1Value"",""MyTagKey2"":""MyTagKey2Value""}""" ` | |
| -existingVirtualNetworkResourceGroupName "MyHubRgName" ` | |
| -existingVirtualNetworkName "hub-vnet1" ` | |
| -existingVirtualNetworkSubnetName "endpoint-snet1" ` | |
| -existingResourceName "mystorageaccountname" ` | |
| -existingResourceType "Microsoft.Storage/storageAccounts" ` | |
| -groupIds @("blob") |
JamesDLD
/ pe-scenario2.ps1
Created
April 13, 2020 10:42
A Private Endpoint in the Hub and it's Resource in an Application Resource Group.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| New-AzResourceGroupDeployment -Name "mystorageaccountname-pe1" -ResourceGroupName "MyHubRgName" ` | |
| -TemplateUri https://raw.githubusercontent.com/JamesDLD/AzureRm-Template/master/Create-AzPrivateEnpoints/azuredeploy.json ` | |
| -tags "{""MyTagKey1"":""MyTagKey1Value"",""MyTagKey2"":""MyTagKey2Value""}""" ` | |
| -existingVirtualNetworkName "hub-vnet1" ` | |
| -existingVirtualNetworkSubnetName "endpoint-snet1" ` | |
| -existingResourceSubscriptionId "xxxxx-xxxxx-xxxxx-xxxxx" ` | |
| -existingResourceResourceGroupName "MyAppRgName" ` | |
| -existingResourceName "mystorageaccountname" ` | |
| -existingResourceType "Microsoft.Storage/storageAccounts" ` | |
| -groupIds @("blob") |
JamesDLD
/ pe-scenario1.ps1
Last active
April 13, 2020 10:36
A Private Endpoint in the its Virtual Network Azure Subscription and Resource Group.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| New-AzResourceGroupDeployment -Name "mystorageaccountname-pe1" -ResourceGroupName "myrgname" ` | |
| -TemplateUri https://raw.githubusercontent.com/JamesDLD/AzureRm-Template/master/Create-AzPrivateEnpoints/azuredeploy.json ` | |
| -tags "{""MyTagKey1"":""MyTagKey1Value"",""MyTagKey2"":""MyTagKey2Value""}""" ` | |
| -existingVirtualNetworkName "hub-vnet1" ` | |
| -existingVirtualNetworkSubnetName "endpoint-snet1" ` | |
| -existingResourceName "mystorageaccountname" ` | |
| -existingResourceType "Microsoft.Storage/storageAccounts" ` | |
| -groupIds @("blob") |
NewerOlder