Skip to content

Instantly share code, notes, and snippets.

💭
Living the dream

Kristian Nese krnese

💭
Living the dream
View GitHub Profile
@krnese
krnese / ARM template sample
Created May 24, 2020
Enable diagnostics of AAD to Log Analytics
View ARM template sample
{
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logAnalyticsResourceId": {
"type": "string",
"metadata": {
"description": "Provide the resourceId to your Log Analytics workspace that will receive the AAD auding/sign-in logs."
}
}
View ARM template to deploy policy definitions, assignment, and resource deployment to invoke the deployIfNotExists templates
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sharedServicesRgName": {
"type": "string",
"metadata": {
"description": "Provide name for the shared services resource group"
}
},
@krnese
krnese / gist:a1bb0679e9250ad2a3112e4a27498dde
Created Apr 14, 2020
ARM to trigger deployIfNotExist policies
View gist:a1bb0679e9250ad2a3112e4a27498dde
{
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"policyDefinitionId": {
"type": "string"
},
"policyAssignmentId": {
"type": "string"
}
@krnese
krnese / mgPolicyOutput
Created Apr 7, 2020
policy resource deployment from mg
View mgPolicyOutput
{
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters":{},
"resources":[],
"outputs": {
"policyDefinitionTemplate": {
"value": "[reference('/subscriptions/4d6a661f-2192-5ef8-a377-ae79beb54f3c/providers/Microsoft.Authorization/policyDefinitions/614c4ec0-be43-4dd5-bd50-b21e570c4abb', '2018-05-01').policyRule.then.details.deployment.properties.template]",
"type": "object"
},
@krnese
krnese / policyResourceDeployment
Last active Apr 7, 2020
deploy resources from policy assignment
View policyResourceDeployment
{
"$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters":{},
"resources":[],
"outputs": {
"policyDefinitionTemplate": {
"value": "[reference('/subscriptions/4d6a661f-2192-5ef8-a377-ae79beb54f3c/providers/Microsoft.Authorization/policyDefinitions/09612efe-434f-4555-bd46-4ca7dcc4c709', '2018-05-01').policyRule.then.details.deployment.properties.template]",
"type": "object"
},
View deploy activity log to log analytics
{
"properties": {
"displayName": "Deploys Activity Logs to Log Analytics",
"policyType": "Custom",
"mode": "All",
"description": "Ensures that Activity Log Diagnostics settings are set to push logs into Log Analytics",
"parameters": {
"logAnalytics": {
"type": "String",
"metadata": {
View deploy log analytics
{
"properties": {
"displayName": "Deploy Azure Log Analytics if not exist on subscription",
"mode": "All",
"policyType": "Custom",
"parameters": {
"workspaceName": {
"type": "string",
"metadata": {
"description": "Provide suffix for Log Analytics workspace that will be created per subscription"
View Get-AzMgHiearchy
function Get-AzMgHierarchy {
[cmdletbinding()]
param (
[string]$mgGroupId
)
# Getting Azure connection context for the signed in user
$currentContext = Get-AzContext
# fetching new token
@krnese
krnese / PS Snippet
Created Mar 5, 2020
Read tenant level activity log
View PS Snippet
# Query Tenant Activity Log for the last 10 days
$GetDate = (Get-Date).AddDays((-10))
$dateFormatForQuery = $GetDate.ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ")
# Getting Azure context for the API call
$currentContext = Get-AzContext
# fetching new token
@krnese
krnese / PowerShell
Created Jan 7, 2020
ARM template deployment to tenant level
View PowerShell
function New-AzTenantDeployment {
<#
1/1/2020 - Kristian Nese
In anticipation of updated SDKs, this function can be used to target ARM deployments to tenant scope
.Synopsis
Deploys Azure Resource Manager template to an Azure tenant
.Example
New-AzTenantDeployment -Name <name> -Location <location> -TemplateFile <path> -ParameterFile <path>
You can’t perform that action at this time.