Saturday, 1 November 2014

Azure: Antimalware for Cloud Services and Virtual Machines

Microsoft Antimalware for Azure Cloud Services and Virtual Machines


Microsoft announced free of charge antimalware software for their Azure services.
Read more here:

Saturday, 18 October 2014

AZURE: Creating new VM with static IP address

This case took me whole day. It wasn't easy because of Azure service is still evolving. Commands and dependencies between them are changing, but documentation do not. Some websites and blogs steered me on the course where to find the solution, but I have not found final, working version.
Here are the links:


So if you are here, you are looking for how to have VM with static IP or you are struggling with problems with creating VM.

First thing you must know is that Azure gives your cloud service virtual IP address (VIP). So, even if you are set local network IP for VM's, then still you are using dynamic VIP.
If you will stop your virtual machines, then VIP is freed and during next start you will get different IP.
To solve this you need to create static VIP.

As Microsoft says, you must consider following:

  • Reserved IP can only be used for VMs and cloud service web/worker roles.

  • You must reserve the IP address first, before deploying.

  • At this time, you can’t go back and apply a reservation to something that’s already been deployed.
  • Reserved IP is supported only for Regional VNets. It is not supported for VNets that are associated with affinity groups. For more information about associating a VNet with a region or an affinity group, see About Regional VNets and Affinity Groups for Virtual Network.

To set static IP address for VIP, do the following:


New-AzureReservedIP -ReservedIPName "reservedIP" -Label "reserverIP" -Location "WestEurope"

As you already have static IP for your service, you can now create VM's with local, static IP addresses, which will not change even after switching machines of.

I have created VM with static IP address using image snapshot of VM from configured machine. You can use either an image prepared by Microsoft and listed as a Quick in the Gallery (short description here) or you can use an image which you could have prepared earlier.

First, test the desired IP address if it can be used:

Test-AzureStaticVNetIP -VNetName "VNetName" -IPAddress 10.0.1.5



As you can see, I've chosen IP address which is already in use (IsAvaiable:False), but I can use 10.0.1.6, .7, .8, etc 


Now, the cmdlet that works for me. I've made it working after many tests, so this is it:

New-AzureVMConfig -Name "DCVM" -ImageName "DCVM_image" -InstanceSize "Basic_A2" -MediaLocation "https://dysk.blob.core.windows.net/data" | Add-AzureProvisioningConfig -Windows -AdminUsername "admini123" -Password "SomePass2#@"|Set-AzureSubnet -SubnetNames "subnet-1" | Set-AzureStaticVNetIP -IPAddress 10.0.1.6 | New-AzureVM
 -ServiceName "myazurservicename" -VNetName "virtualnetworkname" -ReservedIPName "reservedIP"

Similar commands to create VM from gallery's image:

New-AzureVMConfig -Name "DCWEP" -ImageName "3a50f22b388a4ff7ab41029918570fa6__Windows-Server-2012-Essentials-20140715-enus" -InstanceSize "Basic_A2" | Add-AzureProvisioningConfig -Windows -AdminUsername "admini123" -Password "SomePass2#@"|Set-AzureSubnet -SubnetNames "subnet-1" | Set-AzureStaticVNetIP -IPAddress 10.0.1.7 | New-AzureVM  -ServiceName "myservicename"

Remember to use your own parameters for variables (in bold).

Thursday, 9 October 2014

How to run Office365 powershell session with one click

If you are managing many companies through the powershell as me, it's easy to switch to other consumer by accident. So you can run your connection and in the last step enter password for different company which ends in redirection to another Office365 tenant, not that one you have needed.
Also, it's time waste to enter credentials twice everytime you need to logon to different tenant.
I propose you to keep your credentials in files encrypted and prepare separate scripts for every tenant.

I assume that you are using Active Directory module for powershell and can successfully connect to Office 365 by powershell. 
If not, please find instructions in "Office365: How to connect to from Powershell".

1.Store PS password in an encrypted form:

Read-Host -AsSecureString "Enter password" | ConvertFrom-SecureString | Out-File c:\temp\PasswordCompany1.txt

  • Copy file with password to the place you want. We will refer to it's path in the next step.
2. Prepare powershell script for connecting to MS Online.
This script connects to your Office365 tenant and to the MSolService using the same credentials provided in the first step.
  • Open notepad and paste this script (remember to choose the right path to your .txt file with password). Change youraccount@yourdomain.com to account you are using for connecting to company's powershell.
import-module msonline
$password = get-content c:\temp\PasswordCompany1.txt | convertto-securestring
$LiveCred=new-object -typename System.Management.Automation.PSCredential -argumentlist "youraccount@yourdomain.com",$password
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
Connect-MsolService -Credential $livecred
  • Save file as powershell script, for example: company1_msol.ps1
  • It's good to place both files, .txt and .ps1 in the same folder
3.Prepare ActiveDirectory icon for running Powershell script

Go to desktop icon of Active Directory Module for Powershell. 
Copy it and rename.



If you have not had one, copy it from:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Go to properties of the icon and change target accordingly to your paths of the .txt and .ps1 files. In my case it will be:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoExit c:\temp\company1_msol.ps1



Now you can run your connection to your company from one icon.
Repeat that for any connection you have.