This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
targetScope = 'subscription' | |
var location = deployment().location // set same location as the deployment | |
// deploy resource group | |
resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = { | |
name: 'myapp-rg' | |
location: location | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$uatServiceConnection = @" | |
{ | |
"data": { | |
"subscriptionId": "bbd7a8c4-fc4c-4e00-a3dc-7caa5d8ea455", | |
"subscriptionName": "{SubscriptionName}", | |
"environment": "AzureCloud", | |
"scopeLevel": "Subscription", | |
"creationMode": "Manual" | |
}, | |
"name": "{service-connection-name}", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", | |
"contentVersion": "1.0.0.0", | |
"parameters": { | |
"targetMGs": { | |
"type": "array", | |
"metadata": { | |
"description": "An Array of Target Management Group for the assignment" | |
} | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", | |
"contentVersion": "1.0.0.0", | |
"parameters": { | |
"assignmentMgmtGroupId": { | |
"type": "string" | |
}, | |
"workspaceId": { | |
"type": "string" | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$x = Invoke-restmethod -Uri "https://api.github.com/repos/gohugoio/hugo/releases/latest?draft=false" -Headers @{"accept"="application/vnd.github.v3+json"} -UseBasicParsing | |
$release = $x | where-object { -not $_.draft} | Select-Object id,name,assets -First 1 | |
$windows = $release.assets | Where-Object {$_.Name -like '*Windows*64*' -and $_.browser_download_url -like '*extended*'} | |
$windowsReleaseDownload = $windows.browser_download_url | |
$hugoFolder = "${env:TEMP}\hugotask_" | |
$hugoExe = "${hugoFolder}\hugo.exe" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AzureActivity | |
| where Authorization_d.action has "write" | |
| where CategoryValue == "Administrative" | |
| where ActivityStatusValue == "Success" | |
| where OperationNameValue !in ( | |
"MICROSOFT.AUTHORIZATION/POLICYDEFINITIONS/WRITE", | |
"MICROSOFT.AUTHORIZATION/POLICYSETDEFINITIONS/WRITE", | |
"MICROSOFT.AUTHORIZATION/POLICYASSIGNMENTS/WRITE") | |
| distinct _ResourceId |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# in case you have multiple subscriptions... | |
select-azsubscription -SubscriptionName "SubscriptionName" | |
# get all non-compliant policies that can be remediated | |
$nonCompliantPolicies = Get-AzPolicyState | Where-Object { $_.ComplianceState -eq "NonCompliant" -and $_.PolicyDefinitionAction -eq "deployIfNotExists" } | |
# loop through ans start individual tasks per policy | |
foreach ($policy in $nonCompliantPolicies) { | |
$remediationName = "rem." + $policy.PolicyDefinitionName |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | |
"contentVersion": "1.0.0.0", | |
"parameters": { | |
"appName": { | |
"type": "string", | |
"defaultValue": "[concat('fnapp', uniqueString(resourceGroup().id))]", | |
"metadata": { | |
"description": "The name of the function app that you wish to create." | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Connect to Azure specifying a tenant | |
# If you want to connect to multiple tenants, you can connect multiple times. | |
Connect-AzAccount -tenantId customer1.onmicrosoft.com | |
# adding a new PowerShell Azure context | |
# setting a friendly name to allow for easy switching. | |
Set-AzContext -name "Subscription 1 in tenant 1" -SubscriptionId "31ffbc99-4cbf-43b2-8789-ba8d73171e70" -tenantid customer1.onmicrosoft.com | |
Set-AzContext -name "Subscription 2 in tenant 1" -SubscriptionId "b5c85827-0afd-49a0-8923-8fe35cfa8dd0" -tenantid customer1.onmicrosoft.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", | |
"contentVersion": "1.0.0.1", | |
"parameters": { | |
"resourceGroupName": { | |
"type": "string", | |
"metadata": { | |
"description": "Specify the name of the resource group" | |
} | |
}, |