ehrnst

targetScope = 'subscription'


var location = deployment().location // set same location as the deployment
// deploy resource group
resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
  name: 'myapp-rg'
  location: location
}

ehrnst

$uatServiceConnection = @"
{
    "data": {
      "subscriptionId": "bbd7a8c4-fc4c-4e00-a3dc-7caa5d8ea455",
      "subscriptionName": "{SubscriptionName}",
      "environment": "AzureCloud",
      "scopeLevel": "Subscription",
      "creationMode": "Manual"
    },
    "name": "{service-connection-name}",

ehrnst

{
  "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "targetMGs": {
      "type": "array",
      "metadata": {
        "description": "An Array of Target Management Group for the assignment"
      }
    },

ehrnst

{
    "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "assignmentMgmtGroupId": {
            "type": "string"
        },
        "workspaceId": {
            "type": "string"
        },

ehrnst

$x = Invoke-restmethod -Uri "https://api.github.com/repos/gohugoio/hugo/releases/latest?draft=false" -Headers @{"accept"="application/vnd.github.v3+json"} -UseBasicParsing

$release = $x | where-object { -not $_.draft} | Select-Object id,name,assets -First 1
$windows = $release.assets | Where-Object {$_.Name -like '*Windows*64*' -and $_.browser_download_url -like '*extended*'}

$windowsReleaseDownload = $windows.browser_download_url

$hugoFolder = "${env:TEMP}\hugotask_"
$hugoExe = "${hugoFolder}\hugo.exe"

ehrnst

AzureActivity
| where Authorization_d.action has "write"
| where CategoryValue == "Administrative"
| where ActivityStatusValue == "Success"
| where OperationNameValue !in (
"MICROSOFT.AUTHORIZATION/POLICYDEFINITIONS/WRITE",
"MICROSOFT.AUTHORIZATION/POLICYSETDEFINITIONS/WRITE",
"MICROSOFT.AUTHORIZATION/POLICYASSIGNMENTS/WRITE")
| distinct _ResourceId

ehrnst

# in case you have multiple subscriptions...
select-azsubscription -SubscriptionName "SubscriptionName"

# get all non-compliant policies that can be remediated
$nonCompliantPolicies = Get-AzPolicyState | Where-Object { $_.ComplianceState -eq "NonCompliant" -and $_.PolicyDefinitionAction -eq "deployIfNotExists" }

# loop through ans start individual tasks per policy 
foreach ($policy in $nonCompliantPolicies) {

    $remediationName = "rem." + $policy.PolicyDefinitionName

ehrnst

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "appName": {
      "type": "string",
      "defaultValue": "[concat('fnapp', uniqueString(resourceGroup().id))]",
      "metadata": {
        "description": "The name of the function app that you wish to create."
      }

ehrnst

# Connect to Azure specifying a tenant
# If you want to connect to multiple tenants, you can connect multiple times.
Connect-AzAccount -tenantId customer1.onmicrosoft.com

# adding a new PowerShell Azure context
# setting a friendly name to allow for easy switching.

Set-AzContext -name "Subscription 1 in tenant 1" -SubscriptionId "31ffbc99-4cbf-43b2-8789-ba8d73171e70" -tenantid customer1.onmicrosoft.com
Set-AzContext -name "Subscription 2 in tenant 1" -SubscriptionId "b5c85827-0afd-49a0-8923-8fe35cfa8dd0" -tenantid customer1.onmicrosoft.com

ehrnst

{
  "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
  "contentVersion": "1.0.0.1",
  "parameters": {
    "resourceGroupName": {
      "type": "string",
      "metadata": {
        "description": "Specify the name of the resource group"
      }
    },