TagPowerShell

Partner Admin Link (PAL) PowerShell Script

** Update 21/09/2019 –  PowerShell Script V2 Released **

Just a quick post today to share a new tool I have created for all Microsoft Partners out there who are helping customers design, build, manage and operate Azure.

Partner Admin Link (PAL) Overview

Partner Admin Link (PAL) is a method for partners to associate themselves to customers Azure environments, to enable them to associate themselves to that customer Azure Consumed Revenue (ACR – not Azure Container Registry this time).

A blurb from Microsoft on PAL is below:

What is Partner Admin Link?
Partner Admin Link (PAL) is designed for managed service providers (MSPs). Assuming the MSP has access to resources in the customer subscription then they can link their those accounts to their MPN ID. From that point onwards the telemetry for those resources (and only those resources) will be linked to the partner. “

Methods To Setup Partner Admin Link (PAL)

There are 3 ways to configure PAL on a customers Azure environments.

  • Via The Azure Portal
  • PowerShell
  • AZ CLI

All of which are documented nicely over in the Microsoft Docs.

My Handy PowerShell Script

I created this script for use at the company I work for, as we need to ensure this is done every time for every user when logging into a new customers Azure environment for the first time.

However, I couldn’t not share it with the community as this will likely help a lot of you out there. Also it was really nice to get some more hands on time with VS Code, Windows Terminal and PowerShell again; it’s been a couple of weeks due to mainly being in meetings etc… and no hands-on time.

Anyway, the script is available via my GitHub account in my ‘PublicScripts‘ repository.

The get access directly to the script in the repository on my GitHub account, click here.

As always please create issues or submit pull requests for any issues with the script  or anything you’d like changed. I will review them as they come in.

Finally, there are no guarantees for the functionality of this script. I have tested it several times in different Azure environments and it has worked perfectly. But please use at your own risk.

Things To Look Out For With Partner Admin Link (PAL)

Here are some quick tips, tricks and pointers about PAL that I have discovered and learnt. (I will update the Microsoft Docs pages as well if these aren’t posted over there too)

  1. You don’t need to do this on CSP Azure Environments as the ACR is already tracked automatically for you.
  2. PAL is linked on a per user, per tenant basis.
    1. With this in mind it is advised to make sure all of your employees with access to customer subscriptions should setup and configure PAL on each customer they have access to.
  3. You can have any RBAC role assigned to setup and configure PAL on a user account in a customers Azure Environment, even as low as ‘Reader’.
    1. This is because even having ‘Reader’ rights shows the customer has placed trust in you as a partner to assist them.
Like, Share, Follow!
error

Tag All Resources Based On Resource Type In Resource Group

Recently I’ve been working closely with a few of our Azure Consultants in our delivery team around defining best practices and how we can speed up/automate as much of our deployment standards on a clients Azure environment.

At the moment we are focusing a lot on governance standards, these encompass features like:

  • Azure Policy
  • Resource Tags
  • Management Groups
  • etc…

Resource Tags are an essential part of any Azure environment. My take on them is the more there are the better! (As long as keys are consistent across resources of course)

The Problem…

We do a lot of retro-tagging on resources in our clients Azure environments to assist in bringing them inline with our standards. And also to enable their Azure subscriptions to slot into our management tools, which we use tags heavily for to control certain things etc…

One problem we face quite regularly is that some resources have started to of been tagged, whilst others haven’t. Normally we find the tags that have made their way onto resources is actually down to a deployment template from a marketplace resource. like Jenkins Server, rather than being manually created and set by an IT admin.

This normally means that scripting tag creation/setting on resources with most of the existing PowerShell scripts we have and are also available over the internet are unusable. This is because these scripts generally just replace the tags, if any are in place already; not ideal at all!

The Solution…

So with the above problem becoming ever more a time consuming block for our teams internally, I decided to get my head down in VS Code and write a new PowerShell script that will overcome this issue!

I’m glad to say that after about 3/4 hours of work and constant testing with different environment scenarios, I accomplished it!

The script is available on my ‘PublicScrips’ GitHub repository here!

Please feel free to download, use, edit, alter and report any issues with the script either below in the comments or via GitHub directly and I will do my best in my spare time to resolve any issues reported.

Obviously as with any script you find on the internet, please test it on a subset of resources before letting it loose on your entire environment. Whilst I have tested this script over 50+ times and on different environments to ensure if handled all possible scenarios, I cannot guarantee that to anyone that it is 100% error free (although I don’t think its bad, even if I do say so myself 😀 ).

Summary

Enjoy the script! And please do let me know of any issues you find.

Also let me know of any future feature requests or other common scripting issues you face that you may like me to tackle in the future, in the comments below or via Twitter!

Like, Share, Follow!
error

New PowerShell Module “Az”

This week the Azure Software Engineering Team announced a new PowerShell module for Azure called “Az”.

This module is also cross-platform supported which means all commands etc… are supported across all platforms/OS’s that support PowerShell; Windows, Linux, Mac OS X & Azure Cloud Shell.

I have installed this on both my Windows and Mac OS Mojave machines and all seems to be working well and I haven’t found any issues as of yet, which is always nice.

The only small niggle comes when trying to install the module on a Mac if you are not running PowerShell as an admin you get the below error:

To get around this see my other blog post about how to create a desktop shortcut to launch PowerShell as admin on a mac. Click here to view that post!

However once you’ve followed the post linked above the install process on a mac is pretty painless.

  1. Launch your new PowerShellAdmin executable from the desktop
  2. Enter your user account password to launch as sudo
  3. Enter the command:
    Install-Module Az

  4. Accept the PSGallery as an untrusted repository to install from by entering “Y” or “A” at the prompt and hit return (as shown below)
  5. Let the module download and install

It’s as easy as that!

And the same commands can be followed on a Windows machine with PowerShell running as an administrator.

Compatibility With The AzureRM Module

Now for those of you, like myself, who have an abundance of PowerShell scripts using the AzureRM module to do various tasks in Azure; I have some further good news for you all.

The team at Microsoft have also thought about this scenario and have provided a couple of commands to assist with this transition period to a new module.

The first command is:

Enable-AzureRmAlias [-Module <string>] [-Scope Process | CurrentUser | LocalMachine]

This enables you to use your legacy AzureRM module references with the new Az module.

Note if you don’t specify a specific module then all modules will have the alias enabled. Also you can set the scope for the aliases as you require, I would probably suggest “LocalMachine” for most admins out there until you have re-written your scripts.

The second command is:

Disable-AzureRmAlias [-Module <string[]>] [-Scope Process | CurrentUser | LocalMachine]

This command just disables the aliases that you may have previously enabled; to use once you have adjusted all of your scripts in my opinion.

The same rules around specifying modules and scoping as above.

Summary

Get out there and install the new module! I can only imagine that the new module will be the only one supported in a few months, so getting ahead of the curve is always a good idea!

Microsoft also mention that the Az module will replace the AzureRM one later this year!

Let me know in the comments if you find any commands that don’t work, I haven’t found any yet!

And heres to being able to use the same cmdlets across all platforms with this new module!

Like, Share, Follow!
error

PowerShell As Admin Mac OS Shortcut

This is just a quick article to show you how to create a desktop shortcut to always run PowerShell as admin on Mac OS.

  1. Create a text file with the following contents using TextEdit (in plain text):
    #!/bin/bash
    
    sudo pwsh
    
  2. Save the file in plain text on your desktop as anything you like, for this example I’ll call it PowerShellAdminShortcut.txt
  3. You now need to remove the “.txt” file extension from the file if you weren’t able to save it without it already, if so skip this step and related sub-steps.
    To do this, follow the below:

    1. Open Finder
    2. Open Finders’ preferences
    3. Select the Advanced tab and the check the box “Show all filename extensions”
  4. Now rename the file you created at the beginning of this process and remove the file extension “.txt”
  5. Now open the Terminal app and run the following command (please replace the file path with where you have placed your file):
    cd /Users/jacktracey/Desktop
    chmod 744 PowerShellAdminShortcut

  6. You should now have a shortcut on your desktop that launches PowerShell as admin (sudo) on your Mac

Hope this helps some of you out there as now all you need to do is double click this shortcut and enter your user account password

Like, Share, Follow!
error

© 2019 Jack Tracey

Theme by Anders NorénUp ↑