Consultants love to audit environments and there is no better use of a script than for this purpose. There are some great Azure tools for monitoring and auditing environments. I encourage my customers to make use of the extensive capabilities that exist in OMS.
However you arrive on site and need to document what exists and where and in this instance PowerShell is once again for friend.
This script lists out the virtual networks and subnets in a subscription. Remember there is always a better way to do things and if you have a better way don’t forget to share.
I was recently asked to quickly audit a customer’s environment for all running VMs. I quickly reached for my PowerShell toolbox and put together the following script.
In the example below I have used the table a grid views available. It would be just as easy to push all this info to a csv file. For swiftness this was my approach, I’d be very interested to hear for the gurus out there to see what your preference is and how you would do this.
Remember there is always a better way, just don’t keep that to yourself!
I have a number of customers implementing HUB benefit for their IaaS VMs in Azure. In all cases to date this is a rebuild or new build as part of a migration. It works very well, if licensed, you should definitely be looking at this option to drive down costs.
This script created a new network but in most instances a network will already exist and although you will create a new NIC you will want to place this VM into an existing subnet.
The extract below can be used to create a new NIC but add this to a named vNet and Subnet.
When you define the VM configuration you would use this to be the NIC.
Finally make sure this (if the first NIC) is set as -Primary
Tagging in Azure is a massively useful feature. I have customers who are interested in identifying resources for billing but they are also a very useful tool for control. Resources can be grouped by tag and then a script can be used to apply a function to all machines or services with the same tag.
In the example below I call a variable that looks for Azure resources where the type is identified as a Microsoft virtual machine. Calling this function enables me to extract a range of information. (I fact this script then goes on and uses the ResourceId too)
As referenced in Using tags to organize your Azure resources tags are updated as a whole so if you want to add additional tags you first have to call the existing tags. In the example below I am adding the new tag to my existing tags.
Finally we are looping this for each vm and applying via a set command.
I put together a quick script to auto shutdown tagged ARM VMs.
There are many people still running ASM VMs and why wouldn’t you they are still supported (as of 9/2016).
The process is not much different and in fact now Azure Automation enables a RunAs account at set up its much easier to configure.
In the example below I have tacked on changes to the Azure Automation Team’s sample script, one of four created for you when you enable the feature.
<# .DESCRIPTION An example runbook which gets all the Classic VMs in a subscription using the Classic Run As Account (certificate) and then shuts down running VMs .NOTES AUTHOR: Azure Automation Team + Jonathan Wade LASTEDIT: 28-08-2016 #>
$ConnectionAssetName = "AzureClassicRunAsConnection"
$ServiceName = "wadeclassiv01"
# Get the connection
$connection = Get-AutomationConnection -Name $connectionAssetName
# Authenticate to Azure with certificate
Write-Verbose "Get connection asset: $ConnectionAssetName" -Verbose
$Conn = Get-AutomationConnection -Name $ConnectionAssetName
if ($Conn -eq $null)
throw "Could not retrieve connection asset: $ConnectionAssetName. Assure that this asset exists in the Automation account."
$CertificateAssetName = $Conn.CertificateAssetName
Write-Verbose "Getting the certificate: $CertificateAssetName" -Verbose
$AzureCert = Get-AutomationCertificate -Name $CertificateAssetName
if ($AzureCert -eq $null)
throw "Could not retrieve certificate asset: $CertificateAssetName. Assure that this asset exists in the Automation account."
Write-Verbose "Authenticating to Azure with certificate." -Verbose
Set-AzureSubscription -SubscriptionName $Conn.SubscriptionName -SubscriptionId $Conn.SubscriptionID -Certificate $AzureCert
Select-AzureSubscription -SubscriptionId $Conn.SubscriptionID
# Get cloud service
$VMs = Get-AzureVM -ServiceName $ServiceName
# Stop each of the started VMs
foreach ($VM in $VMs)
if ($VM.PowerState -eq "Stopped")
# The VM is already stopped, so send notice
Write-Output ($VM.InstanceName + " is already stopped")
# The VM needs to be stopped
$StopRtn = Stop-AzureVM -Name $VM.Name -ServiceName $VM.ServiceName -Force -ErrorAction Continue
if ($StopRtn.OperationStatus -ne 'Succeeded')
# The VM failed to stop, so send notice
Write-Output ($VM.InstanceName + " failed to stop")
# The VM stopped, so send notice
Write-Output ($VM.InstanceName + " has been stopped")
Disclaimer: Please note although I work for Microsoft the information provided here does not represent an official Microsoft position and is provided as is.
Working with Azure in the enterprise means you will quickly want to create your own custom images. In this introductory article I will show you an example of how to create an image from an existing generalized imaged.
This is utilising the ARM model and does not apply to Classic.
This assumes you have created a generalized image in Azure and know where it is!
This process is not considering on premises VMs.
This process uses Windows images.
The following documents and articles were used to create the script below. Many thanks to the efforts and hard work of the authors.