Appendix 3: PowerShell Setup - Azure AD

Appendix 3: PowerShell Setup - Azure AD



Appendix 3: PowerShell Setup - Azure AD


Pre-requisites for Microsoft Azure use cases:


  1. Download Windows Management Framework from below url: (Windows PowerShell version 5.1)


https://www.microsoft.com/en-us/download/details.aspx?id=54616


  1. System Requirements:
    1. WMF 5.1 requires Microsoft .NET Framework 4.5 or above. You can install Microsoft .NET Framework 4.5 or above by following the instructions at Installing the .NET Framework.
    2. Use a 64-bit version of Windows. Support for the 32-bit version the Microsoft Azure Active Directory Module for Windows PowerShell was discontinued in October, 2014.
    3. Need to restart machine once “Windows Management Framework 5.1” installation is completed.



NOTE: Open PowerShell by right clicking and select Run as Administrator option and use below commands on that terminal to proceed with module installation.



Check if PowerShell version is 5.1 using below command:


Command:   $PSVersionTable


Expected output:


Name                           Value                                                                                                                     

----                           -----                                                                                                                     

PSVersion                      5.1.14409.1005

PSEdition                      Desktop                                                                                     

PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                   

BuildVersion                   10.0.14409.1005

CLRVersion                     4.0.30319.42000

WSManStackVersion              3.0                                                                                                                       

PSRemotingProtocolVersion      2.3                                                                                                                       

SerializationVersion           1.1.0.1                                                                                                                   

 




Install AzureRM module for Microsoft Azure:


Download AzureRM Module using below command: (Choose option as Yes i.e. Y or option A i.e. Yes To All option while installing module when there is any prompt for input)


Use below command to install module:


Command:    Install-Module AzureRM



Import AzureRM Module using below command:


Command:    Import-Module AzureRM



Check if AzureRM module is installed using below command:


Command:    Get-Module -ListAvailable -Name AzureRM



Expected output:


     Directory: C:\Program Files\WindowsPowerShell\Modules



ModuleType Version    Name                                ExportedCommands                                                                                                   

---------- -------    ----                                ----------------                                                                                                   

Script     5.0.1      AzureRM                             {Add-AzureAnalysisServicesAccount, Add-AzureKeyVaultCertificate, Add-AzureKeyVaultCertificateContact, Add-AzureK...

 



Below sub-modules will be required to run Microsoft Azure use cases:


Once AzureRM module is installed, it also installs sub-modules. Check if all modules and sub-modules are installed properly using below command:


Command:    Get-Module -ListAvailable




Expected output:

     Directory: C:\Program Files\WindowsPowerShell\Modules



ModuleType Version    Name                                ExportedCommands                                                                                                   

---------- -------    ----                                ----------------                                                                                                   

Script     5.1.1      Azure                               {Get-AzureAutomationCertificate, Get-AzureAutomationConnection, New-AzureAutomationConnection, Remove-AzureAutom...

Script     0.5.0      Azure.AnalysisServices              {Add-AzureAnalysisServicesAccount, Restart-AzureAnalysisServicesInstance, Export-AzureAnalysisServicesInstanceLo...

Script     4.0.2      Azure.Storage                       {Get-AzureStorageTable, New-AzureStorageTableSASToken, New-AzureStorageTableStoredAccessPolicy, New-AzureStorage...

Script     4.0.0      Azure.Storage                       {Get-AzureStorageTable, New-AzureStorageTableSASToken, New-AzureStorageTableStoredAccessPolicy, New-AzureStorage...

Binary     2.0.0.131  AzureAD                             {Add-AzureADApplicationOwner, Get-AzureADApplication, Get-AzureADApplicationExtensionProperty, Get-AzureADApplic...

Script     5.0.1      AzureRM                             {Add-AzureAnalysisServicesAccount, Add-AzureKeyVaultCertificate, Add-AzureKeyVaultCertificateContact, Add-AzureK...

Script     0.5.0      AzureRM.AnalysisServices            {Resume-AzureRmAnalysisServicesServer, Suspend-AzureRmAnalysisServicesServer, Get-AzureRmAnalysisServicesServer,...

Script     5.0.1      AzureRM.ApiManagement               {Add-AzureRmApiManagementRegion, Get-AzureRmApiManagementSsoToken, New-AzureRmApiManagementHostnameConfiguration...

Script     0.1.0      AzureRM.ApplicationInsights         {Get-AzureRmApplicationInsights, New-AzureRmApplicationInsights, Remove-AzureRmApplicationInsights, Set-AzureRmA...

Script     4.0.0      AzureRM.Automation                  {Get-AzureRMAutomationHybridWorkerGroup, Get-AzureRmAutomationJobOutputRecord, Import-AzureRmAutomationDscNodeCo...

Script     4.0.1      AzureRM.Backup                      {Backup-AzureRmBackupItem, Enable-AzureRmBackupContainerReregistration, Get-AzureRmBackupContainer, Register-Azu...

Script     4.0.1      AzureRM.Batch                       {Remove-AzureRmBatchAccount, Get-AzureRmBatchAccount, Get-AzureRmBatchAccountKeys, New-AzureRmBatchAccount...}     

Script     0.14.0     AzureRM.Billing                     {Get-AzureRmBillingInvoice, Get-AzureRmBillingPeriod}                                                              

Script     4.0.0      AzureRM.Cdn                         {Get-AzureRmCdnProfile, Get-AzureRmCdnProfileSsoUrl, New-AzureRmCdnProfile, Remove-AzureRmCdnProfile...}           

Script     0.9.0      AzureRM.CognitiveServices           {Get-AzureRmCognitiveServicesAccount, Get-AzureRmCognitiveServicesAccountKey, Get-AzureRmCognitiveServicesAccoun...

Script     4.0.1      AzureRM.Compute                     {Remove-AzureRmAvailabilitySet, Get-AzureRmAvailabilitySet, New-AzureRmAvailabilitySet, Update-AzureRmAvailabili...

Script     0.3.0      AzureRM.Consumption                 Get-AzureRmConsumptionUsageDetail                                                                                  

Script     0.1.0      AzureRM.ContainerInstance           {New-AzureRmContainerGroup, Get-AzureRmContainerGroup, Remove-AzureRmContainerGroup, Get-AzureRmContainerInstanc...

Script     0.3.0      AzureRM.ContainerRegistry           {New-AzureRmContainerRegistry, Get-AzureRmContainerRegistry, Update-AzureRmContainerRegistry, Remove-AzureRmCont...

Script     4.0.1      AzureRM.DataFactories               {Remove-AzureRmDataFactory, Get-AzureRmDataFactoryRun, Get-AzureRmDataFactorySlice, Save-AzureRmDataFactoryLog...} 

Script     0.3.0      AzureRM.DataFactoryV2               {Set-AzureRmDataFactoryV2, Get-AzureRmDataFactoryV2, Remove-AzureRmDataFactoryV2, Set-AzureRmDataFactoryV2Linked...

Script     4.0.0      AzureRM.DataLakeAnalytics           {Get-AzureRmDataLakeAnalyticsDataSource, New-AzureRmDataLakeAnalyticsCatalogCredential, Remove-AzureRmDataLakeAn...

Script     5.0.0      AzureRM.DataLakeStore               {Get-AzureRmDataLakeStoreTrustedIdProvider, Remove-AzureRmDataLakeStoreTrustedIdProvider, Remove-AzureRmDataLake...

Script     4.0.0      AzureRM.DevTestLabs                 {Get-AzureRmDtlAllowedVMSizesPolicy, Get-AzureRmDtlAutoShutdownPolicy, Get-AzureRmDtlAutoStartPolicy, Get-AzureR...

Script     4.0.0      AzureRM.Dns                         {Get-AzureRmDnsRecordSet, New-AzureRmDnsRecordConfig, Remove-AzureRmDnsRecordSet, Set-AzureRmDnsRecordSet...}      

Script     0.2.0      AzureRM.EventGrid                   {New-AzureRmEventGridTopic, Get-AzureRmEventGridTopic, Set-AzureRmEventGridTopic, New-AzureRmEventGridTopicKey...} 

Script     0.5.0      AzureRM.EventHub                    {New-AzureRmEventHubNamespace, Get-AzureRmEventHubNamespace, Set-AzureRmEventHubNamespace, Remove-AzureRmEventHu...

Script     4.0.1      AzureRM.HDInsight                   {Get-AzureRmHDInsightJob, New-AzureRmHDInsightSqoopJobDefinition, Wait-AzureRmHDInsightJob, New-AzureRmHDInsight...

Script     4.0.0      AzureRM.Insights                    {Get-AzureRmMetricDefinition, Get-AzureRmMetric, Remove-AzureRmLogProfile, Get-AzureRmLogProfile...}               

Script     3.0.0      AzureRM.IotHub                      {Add-AzureRmIotHubKey, Get-AzureRmIotHubEventHubConsumerGroup, Get-AzureRmIotHubConnectionString, Get-AzureRmIot...

Script     4.0.1      AzureRM.KeyVault                    {Add-AzureKeyVaultCertificate, Set-AzureKeyVaultCertificateAttribute, Stop-AzureKeyVaultCertificateOperation, Ge...

Script     4.0.0      AzureRM.LogicApp                    {Get-AzureRmIntegrationAccountAgreement, Get-AzureRmIntegrationAccountCallbackUrl, Get-AzureRmIntegrationAccount...

Script     0.16.0     AzureRM.MachineLearning             {Move-AzureRmMlCommitmentAssociation, Get-AzureRmMlCommitmentAssociation, Get-AzureRmMlCommitmentPlanUsageHistor...

Script     0.2.0      AzureRM.MachineLearningCompute      {Get-AzureRmMlOpCluster, Get-AzureRmMlOpClusterKey, Test-AzureRmMlOpClusterSystemServicesUpdateAvailability, Upd...

Script     0.2.0      AzureRM.MarketplaceOrdering         {Get-AzureRmMarketplaceTerms, Set-AzureRmMarketplaceTerms}                                                         

Script     0.8.0      AzureRM.Media                       {Sync-AzureRmMediaServiceStorageKeys, Set-AzureRmMediaServiceKey, Get-AzureRmMediaServiceKeys, Get-AzureRmMediaS...

Script     5.0.0      AzureRM.Network                     {Add-AzureRmApplicationGatewayAuthenticationCertificate, Get-AzureRmApplicationGatewayAuthenticationCertificate,...

Script     4.0.0      AzureRM.NotificationHubs            {Get-AzureRmNotificationHub, Get-AzureRmNotificationHubAuthorizationRules, Get-AzureRmNotificationHubListKeys, G...

Script     4.0.0      AzureRM.OperationalInsights         {New-AzureRmOperationalInsightsAzureActivityLogDataSource, New-AzureRmOperationalInsightsCustomLogDataSource, Di...

Script     4.0.0      AzureRM.PowerBIEmbedded             {Remove-AzureRmPowerBIWorkspaceCollection, Get-AzureRmPowerBIWorkspaceCollection, Get-AzureRmPowerBIWorkspaceCol...

Script     4.1.1      AzureRM.profile                     {Disable-AzureRmDataCollection, Disable-AzureRmContextAutosave, Enable-AzureRmDataCollection, Enable-AzureRmCont...

Script     4.0.1      AzureRM.RecoveryServices            {Get-AzureRmRecoveryServicesBackupProperty, Get-AzureRmRecoveryServicesVault, Get-AzureRmRecoveryServicesVaultSe...

Script     4.0.1      AzureRM.RecoveryServices.Backup     {Backup-AzureRmRecoveryServicesBackupItem, Get-AzureRmRecoveryServicesBackupManagementServer, Get-AzureRmRecover...

Script     0.2.1      AzureRM.RecoveryServices.SiteRec... {Edit-AzureRmRecoveryServicesAsrRecoveryPlan, Get-AzureRmRecoveryServicesAsrAlertSetting, Get-AzureRmRecoverySer...

Script     4.0.1      AzureRM.RedisCache                  {Remove-AzureRmRedisCachePatchSchedule, New-AzureRmRedisCacheScheduleEntry, Get-AzureRmRedisCachePatchSchedule, ...

Script     0.3.0      AzureRM.Relay                       {New-AzureRmRelayNamespace, Get-AzureRmRelayNamespace, Set-AzureRmRelayNamespace, Remove-AzureRmRelayNamespace...} 

Script     5.0.0      AzureRM.Resources                   {Get-AzureRmProviderOperation, Remove-AzureRmRoleAssignment, Get-AzureRmRoleAssignment, New-AzureRmRoleAssignmen...

Script     0.16.0     AzureRM.Scheduler                   {Disable-AzureRmSchedulerJobCollection, Enable-AzureRmSchedulerJobCollection, Get-AzureRmSchedulerJobCollection,...

Script     4.0.0      AzureRM.ServerManagement            {Invoke-AzureRmServerManagementPowerShellCommand, Get-AzureRmServerManagementSession, New-AzureRmServerManagemen...

Script     0.5.0      AzureRM.ServiceBus                  {New-AzureRmServiceBusNamespace, Get-AzureRmServiceBusNamespace, Set-AzureRmServiceBusNamespace, Remove-AzureRmS...

Script     0.3.0      AzureRM.ServiceFabric               {Add-AzureRmServiceFabricApplicationCertificate, Add-AzureRmServiceFabricClientCertificate, Add-AzureRmServiceFa...

Script     5.0.1      AzureRM.SiteRecovery                {Get-AzureRmSiteRecoveryFabric, New-AzureRmSiteRecoveryFabric, Remove-AzureRmSiteRecoveryFabric, Stop-AzureRmSit...

Script     4.0.1      AzureRM.Sql                         {Get-AzureRmSqlDatabaseTransparentDataEncryption, Get-AzureRmSqlDatabaseTransparentDataEncryptionActivity, Set-A...

Script     4.0.1      AzureRM.Storage                     {Get-AzureRmStorageAccount, Get-AzureRmStorageAccountKey, New-AzureRmStorageAccount, New-AzureRmStorageAccountKe...

Script     4.0.1      AzureRM.StreamAnalytics             {Get-AzureRmStreamAnalyticsFunction, Get-AzureRmStreamAnalyticsDefaultFunctionDefinition, New-AzureRmStreamAnaly...

Script     4.0.0      AzureRM.Tags                        {Remove-AzureRmTag, Get-AzureRmTag, New-AzureRmTag}                                                                

Script     4.0.0      AzureRM.TrafficManager              {Disable-AzureRmTrafficManagerEndpoint, Enable-AzureRmTrafficManagerEndpoint, Set-AzureRmTrafficManagerEndpoint,...

Script     4.0.0      AzureRM.UsageAggregates             Get-UsageAggregates                                                                                                

Script     4.0.0      AzureRM.Websites                    {Get-AzureRmAppServicePlan, Set-AzureRmAppServicePlan, New-AzureRmAppServicePlan, Remove-AzureRmAppServicePlan...} 

Binary     1.0.0.1    PackageManagement                   {Find-Package, Get-Package, Get-PackageProvider, Get-PackageSource...}                                             

Script     1.0.0.1    PowerShellGet                       {Install-Module, Find-Module, Save-Module, Update-Module...}                                                       

 


Azure VM plugins parameters:


  1. Subscription Id: 
  1. Goto portal.azure.com. Login with your credentials.
  2. Goto “Subscriptions” tab on the left hand side and copy the “Subscription Id”.
  1. Client Id and Authentication Key: 
  2. Create an Azure Active Directory application.
  1. Select Azure Active Directory.

Select App registrations

  2. Select New application registration.

  4. Provide a name and URL for the application. Select Web app / API for the type of application you want to create. You cannot create credentials for a Native application; therefore, that type does not work for an automated application. After setting the values, select Create.

  6. You have created your application.
  7. From App registrations in Azure Active Directory, select your application.

  1. Copy the Application ID and store it in your application code. This is your “Client Id”.

  3. To generate an authentication key, select Settings option as shown in above image and then select Keys.

  5. Provide a description of the key, and duration for the key. When done, select Save.

  7. After saving the key, the value of the key is displayed. Copy this value because you are not able to retrieve the key later. You provide the key value with the application ID to log in as the application. Store the key value where your application can retrieve it.
  8. Users can generate keys as per their requirements. I.e for 1 year, 2 years and never expiring key.


  1. Get Tenant Id:
  1. Select Azure Active Directory.





  1. To get the tenant ID, select Properties for your Azure AD tenant.




  1. Copy the Directory ID. This value is your tenant ID.




  1. Assign application to role:

To access resources in your subscription, you must assign the application to a role. Decide which role represents the right permissions for the application.

You can set the scope at the level of the subscription, resource group, or resource. Permissions are inherited to lower levels of scope. For example, adding an application to the Reader role for a resource group means it can read the resource group and any resources it contains.

  1. Navigate to the level of scope you wish to assign the application to. For example, to assign a role at the subscription scope, select Subscriptions. You could instead select a resource group or resource.



  1. Select the particular subscription (resource group or resource) to assign the application to.


  1. Select Access Control (IAM).



  1. Select Add



  1. Select the role you wish to assign to the application.



  1. Search for your application, and select it.
  2. Select Save to finish assigning the role. You see your application in the list of users assigned to a role for that scope.

For More Clarifications you can refer: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal









      Links to better reach 

            Bot Store

             EPD