Simon Waight sjwaight

## create-secret.ps1
# Convert plaintext to secure string
$adminPass = ConvertTo-SecureString -String 'L0Lcat5^_^!' -AsPlainText -Force
# Add the password as a Secret
Set-AzureKeyVaultSecret -VaultName 'ProvisionVault' -Name 'LocalAdminPass' -SecretValue $adminPass

## keyvault-params-definition.json
 "adminPassword": {
     "reference": {
        "keyVault": {
          "id": "/subscriptions/{subscription-guid}/resourceGroups/{keyvault-rg}/providers/Microsoft.KeyVault/vaults/ProvisioningVault"
        },
        "secretName": "LocalAdminPass"
      }
  }

## provision-vault.ps1
# Log into our Account.
Login-AzureRmAccount
# Create a new Resource Group
New-AzureRmResourceGroup -Name 'sw-sec-demo' -Location 'West US'
# Create new Key Vault instance - important to add "EnabledForDeployment"
New-AzureRmKeyVault -VaultName 'ProvisioningVault' -ResourceGroupName 'sw-sec-demo' -Location 'West US' -EnabledForTemplateDeployment

## web.2.0.config
<?xml version="1.0"?>
<configuration>
  <appSettings />
  <connectionStrings>
    <!-- you'll need to change this to match your server - the one below is using the default local instance with Windows Auth. -->
    <add name="aspnetmembers" connectionString="server=.;initial catalog=AuthDemoApp;Integrated Security=SSPI"/>
  </connectionStrings>
  <system.web>
    <compilation debug="true"/>
    <authentication mode="Forms">

## connectionStrings.config
<connectionStrings>
  <!-- configuration data like endpoints, protocol config, relying parties etc... -->
  <add name="IdentityServerConfiguration"
       connectionString="server=.;initial catalog=IdentityServerConfiguration;Integrated Security=SSPI"
       providerName="System.Data.SqlClient" />
  <!-- user database -->
  <add name="ProviderDB"
       connectionString="server=.;initial catalog=AuthDemoApp;Integrated Security=SSPI"
       providerName="System.Data.SqlClient" />
</connectionStrings>

## dsc-arm-snippet.json
{
  "_comment": "originally from: https://github.com/Azure/azure-quickstart-templates/blob/master/201-web-app-vm-dsc/azuredeploy.json"
  "name": "DSCExt1",
  "type": "extensions",
  "location": "[parameters('vmLocation')]",
  "apiVersion": "2015-05-01-preview",
  "dependsOn": [
    "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
  ],
  "tags": {

## enforce-tags.json

  "if": {
    "not": {
      "anyOf": [
        {
          "field": "tags",
          "containsKey": "CostCentre"
        },
        {
          "field": "tags",

## vm-power-manager-customrole.json
{
  "Name": "Virtual Machine Power Manager",
  "IsCustom": true,
  "Description": "Can monitor, stop, start and restart v2 ARM virtual machines.",
  "Actions": [
    "Microsoft.Storage/*/read",
    "Microsoft.Network/*/read",
    "Microsoft.Compute/*/read",
    "Microsoft.Compute/virtualMachines/start/action",
    "Microsoft.Compute/virtualMachines/powerOff/action",

## sample-runbook-service-principal-credentials.ps1
param (
    [Parameter(Mandatory=$false)]
    [String]$AzureCredentialAssetName = "VMPowerServicePrincipal",

    [Parameter(Mandatory=$false)]
    [String]$AzureSubscriptionIDAssetName = "VMShutdownTargetSubscription",

    [Parameter(Mandatory=$false)]
    [String]$AzureTenantIDAssetName = "VMShutdownTargetTenant"
)

## what-exo-server.ps1
$myEmailOrUpn = 'some.user@some.doman'

# can use your mailbox login
$cred = Get-Credential

$exoSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication "Basic" -AllowRedirection

# Loads session and EXO Cmdlets
Import-PSSession $exoSession
	# Convert plaintext to secure string
	$adminPass = ConvertTo-SecureString -String 'L0Lcat5^_^!' -AsPlainText -Force
	# Add the password as a Secret
	Set-AzureKeyVaultSecret -VaultName 'ProvisionVault' -Name 'LocalAdminPass' -SecretValue $adminPass
	"adminPassword": {
	"reference": {
	"keyVault": {
	"id": "/subscriptions/{subscription-guid}/resourceGroups/{keyvault-rg}/providers/Microsoft.KeyVault/vaults/ProvisioningVault"
	},
	"secretName": "LocalAdminPass"
	}
	}
	# Log into our Account.
	Login-AzureRmAccount
	# Create a new Resource Group
	New-AzureRmResourceGroup -Name 'sw-sec-demo' -Location 'West US'
	# Create new Key Vault instance - important to add "EnabledForDeployment"
	New-AzureRmKeyVault -VaultName 'ProvisioningVault' -ResourceGroupName 'sw-sec-demo' -Location 'West US' -EnabledForTemplateDeployment
	<?xml version="1.0"?>
	<configuration>
	<appSettings />
	<connectionStrings>
	<!-- you'll need to change this to match your server - the one below is using the default local instance with Windows Auth. -->
	<add name="aspnetmembers" connectionString="server=.;initial catalog=AuthDemoApp;Integrated Security=SSPI"/>
	</connectionStrings>
	<system.web>
	<compilation debug="true"/>
	<authentication mode="Forms">
	<connectionStrings>
	<!-- configuration data like endpoints, protocol config, relying parties etc... -->
	<add name="IdentityServerConfiguration"
	connectionString="server=.;initial catalog=IdentityServerConfiguration;Integrated Security=SSPI"
	providerName="System.Data.SqlClient" />
	<!-- user database -->
	<add name="ProviderDB"
	connectionString="server=.;initial catalog=AuthDemoApp;Integrated Security=SSPI"
	providerName="System.Data.SqlClient" />
	</connectionStrings>
	{
	"_comment": "originally from: https://github.com/Azure/azure-quickstart-templates/blob/master/201-web-app-vm-dsc/azuredeploy.json"
	"name": "DSCExt1",
	"type": "extensions",
	"location": "[parameters('vmLocation')]",
	"apiVersion": "2015-05-01-preview",
	"dependsOn": [
	"[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
	],
	"tags": {

	"if": {
	"not": {
	"anyOf": [
	{
	"field": "tags",
	"containsKey": "CostCentre"
	},
	{
	"field": "tags",
	{
	"Name": "Virtual Machine Power Manager",
	"IsCustom": true,
	"Description": "Can monitor, stop, start and restart v2 ARM virtual machines.",
	"Actions": [
	"Microsoft.Storage/*/read",
	"Microsoft.Network/*/read",
	"Microsoft.Compute/*/read",
	"Microsoft.Compute/virtualMachines/start/action",
	"Microsoft.Compute/virtualMachines/powerOff/action",
	param (
	[Parameter(Mandatory=$false)]
	[String]$AzureCredentialAssetName = "VMPowerServicePrincipal",

	[Parameter(Mandatory=$false)]
	[String]$AzureSubscriptionIDAssetName = "VMShutdownTargetSubscription",

	[Parameter(Mandatory=$false)]
	[String]$AzureTenantIDAssetName = "VMShutdownTargetTenant"
	)
	$myEmailOrUpn = 'some.user@some.doman'

	# can use your mailbox login
	$cred = Get-Credential

	$exoSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication "Basic" -AllowRedirection

	# Loads session and EXO Cmdlets
	Import-PSSession $exoSession