Upload Azure AAD B2C Premium Policy with Powershell

If you like all of your interactions with Azure to be through Powershell (who doesn’t like to automate), then you’ll want to do the same thing for B2C Policies.

Don’t try this before you have your b2c directory whitelisted to work with the B2C Policy Upload feature. You’ll know if this is possible, if in the Azure Portal you’re able to upload a policy.

Cascading Resource Group Tags in Azure

Resource Manager Policies in Azure are the way to define and enforce a tagging system.
You can define in a json format rules that must be adhered to for new resources that are deployed.
eg.

For resources that you’ve already created, you’ll need to decide on the appropriate strategy. One that I’ve recently put together is a script that cascades the tags you define at the Resource Group level down to the individual resources (VM’s, vNETs, etc etc).

It doesn’t override any of the existing tags that a resource has, simply ensuring that each of the resources has at a minimum the tags that are defined at the Resource Group level.

This version isn’t optimised for running on a schedule in Azure Automation as it’s not a powershell workflow so doesn’t parallelise the foreach loops.

For the latest version, use the GitHub link.
https://github.com/Gordonby/PowershellSnippets/blob/master/Add-ResourceGroupTagsToResources.ps1

Resetting a users Azure AD Multi factor (MFA) requirement

If you find yourself needing to prompt one of your AAD users to re-set up their MFA method, then the following script should serve that purpose.

Linux Mint on Azure

Azure’s got a nice set of supported Linux distros.
The Azure Marketplace also has a pretty comprehensive list of where you can get started quickly with various Linux distros.
There’s even a couple of nice templates in the Quickstart templates GitHub where you can have Gnome or Xfce desktops installed, and RDP enabled.

I’ve had the issue of needing to get a desktop build of Linux Mint (17.3 Rosa) running in Azure. I’m writing this post to help avoid some of the pitfalls that I have experienced and worked around. I’ve also got a handy script file that makes the process a lot quicker.

The first thing to point out is that i’m using Hyper-V 10 (on my x64 Windows 10 build) to create the disk images locally before uploading them to Azure. You can use Virtualbox or other workstation hypervisors to build your disk image.

Which ISO?

The first choice you need to make is the right image iso to use.I wasted a lot of time with x86 images. Don’t. They don’t work correctly in Azure. My Azure boot diagnostics showed that it wouldn’t progress past "Waiting for Network".
My Linux Mint testing (Ubuntu derived distro) didn’t even show this message.

You need to download x64 ISO images only

Hyper-V settings

Before creating a VM, you should create the hard disk.

  • VHD, not VHDx
  • Fixed size

Next, create the VM.

  • Make sure you have your Virtual Switch created first as you’ll need network connectivity.
  • Generation 1 VM as Azure cannot accept a Generation 2 VM
  • Choose a small disk as this will speed up the upload later. I tend to go for 10GB.
  • Opt for 2048mb of allocated memory (not dynamic)

Mint installation settingsChoose your own partition/disk config. The default setup will include a Swap partition – which you don’t need.OS ConfigurationAs soon as the Ubuntu has installed and the VM has rebooted, you’re ready to get it configured for Azure. There’s a good guide on the Azure site, but I’ve shortened it down to a single script file, with various little tweaks that make the process a little easier. It’s structured that you can run in blocks by copy and pasting into terminal.

Here’s my script file. https://gordonscustomimages.blob.core.windows.net/scripts/mintrosa.txt – Inside your VM Navigate to it and download for easy reference.Each script block has a comment.

Sending the VHD to Azure

Once the VM is off, we’ll want to do the final preparation before uploading into Azure storage. Since my host environment is Windows, I use Powershell. First step is to make the disk static is size (so the vhd file takes up the full 10GB of disk space). Then we can upload into Azure Storage.

Testing the VM Image

By far the quickest way to test the creation of a VM from a VHD is by using DevTest labs. They have their own storage account, so if you need to copy it into the lab storage account

Shutting down Azure VMs based on Resource Group tags

Shutting down your non-production VM’s when you’re not using them in a great way to save money. There’s a couple of good Powershell scripts that make this easy to do by Resource Group – but when you want to be a little more granular, and actually automate across resource groups you need a smarter script – this is where Resource tagging comes in.

This script in basically my v1, simple powershell script designed to be run on demand manually. I’ll be publishing the more fully featured version in the Azure Automation Runbook Gallery shortly. That script has had to have a few workarounds put in to deal with issues arising from being a Powershell Workflow and running in Parallel, so I thought it worthwhile to share the simpler version here.