Loading...

Follow Tao Yang's System Center Blog on Feedspot

Continue with Google
Continue with Facebook
or

Valid
Recently, I have been asked to contribute to Microsoft’s ITOps Talk blog. My first article “How to Create Azure Monitor Alerts for Non-Compliant Azure Policies” have just been published. You can read it here: https://techcommunity.microsoft.com/t5/ITOps-Talk-Blog/How-to-Create-Azure-Monitor-Alerts-for-Non-Compliant-Azure/ba-p/713466

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Although custom RBAC roles can be deployed using subscription-level ARM templates, they are actually tenant level resources. When you deploy a custom RBAC role using a subscription-level template for the first time, it will work, but if you deploy the same custom role again to another subscription within the same tenant, the deployment will fail because the role already exists. To make the role available in additional subscriptions, you must modify the assignment scope of the role definition,...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
I wrote a runbook a while back to export data from Azure Log Analytics workspaces using it’s search API https://dev.loganalytics.io/documentation/Using-the-API because a customer had a requirement to ingest the logs and metrics from Azure Log Analytics to other 3rd party systems. Recently, I updated this runbook to support searching all workspaces from all subscriptions in one or more management groups. For example, you can use this runbook to extract data from all log analytics workspaces in...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Background Many of us have used some kind of dynamic DNS services in the past. It is particularly useful for home network since it is very rare that ISPs provide static IP addresses free of charge nowadays. Most of the home broadband modem and routers support some kind of dynamic DNS services. I’ve used a popular dynamic DNS provider many years ago. Back then, it was free. Then they started charging people for using their service. I think having to pay $50+ per year is too much for such simple...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Few months ago, I published a set of Azure Policy definitions to configure Azure resources diagnostic settings. You can find the original post here: https://blog.tyang.org/2018/11/19/configuring-azure-resources-diagnostic-log-settings-using-azure-policy/. The definitions were offered in the form of an ARM template. Since then, I have updated these policies, with the following updates: Additional policies for connecting Diagnostic Settings to Azure Event Hub In addition to policies to connect...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Microsoft provides a built-in Azure Policy definition for deploying Windows Defender VM Extension. The name of this policy definition is Deploy default Microsoft IaaSAntimalware extension for Windows Server (id: /providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc) This policy definition has many limitations: It does not support Windows 10 VMs It does not support custom VM images It does not support customization of the Windows Defender configurations (i.e....

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

I wrote an Azure Policy definition few days ago, it deploys VM shutdown schedule together with VMs using deployIfNotExists effect. You can find it at my Azure Policy GitHub repo: https://github.com/tyconsulting/azurepolicy/tree/master/policy-definitions/deploy-vm-shutdown-schedule. This policy will be very useful when managing non-production workload. Input parameters: Deployed schedule:

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

This is the 3rd and final installment of the 3-part blog series. You can find the other parts here: Part 1: Custom deployment scripts for policy and initiative definitions Part 2: Pester-test policy and initiative definitions in the build pipeline Part 3: Configuring build (CI) and release (CD) pipelines in Azure DevOps In this part, I will walk through how I configured the build and release pipelines for deploying policy and initiative definitions at scale. Pre-requisites The following...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

This is the 2nd installment of the 3-part blog series. You can find the other parts here: Part 1: Custom deployment scripts for policy and initiative definitions Part 2: Pester-test policy and initiative definitions in the build pipeline Part 3: Configuring build (CI) and release (CD) pipelines in Azure DevOps In this part, I will walk through the PowerShell module I have developed to pester-test policy and initiative definitions. My intention is to uses these tests to perform syntax validation...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Introduction Recently I needed to deploy a large number of Azure policy and initiative definitions at customer’s environments using Azure DevOps. These definitions needed to be deployed to different environments (different Management Group hierarchies in different Azure AD Tenants). I faced some difficulties when working on this solution, due to the following limitations: 1. Currently templates do not support Management Groups So I can’t use ARM templates in this case. But, I still needed to...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview