Drew Robinson's Blog

Azure, Powershell and Security things

Change the default RDP port (3389) on a Azure Windows ARM VM to a high range port

I recommend leveraging site to site VPN or point to site VPN for admin port access (RDP, SQL, etc). If VPN is not option, next method is to secure the exposed inbound port/source ip to only known ip addresses (ACL). Last method is to change the default port to higher range port – making it more… Read more

Listing IP Addresses from Azure Subscription

Following examples shows how to use Azure REST API to confirm assigned/active IP Addresses: Create SP and allow rights into your Azure Subscription (IAM) Update the below script with the following variables (tenant, client id, clientsecret, subscriptionid guid) IP Address Output for Azure RM VMs, Azure WebSites using REST API lookup. Reference: https://docs.microsoft.com/en-us/rest/api/appservice/webapps https://docs.microsoft.com/en-us/rest/api/network/public-ip-addresses 1… Read more

Setting Google DNS with powershell

My local ISP’s router won’t let me modify dns settings in it’s dhcp table. (no drew Joy), now I’m going to have to add a separate router.. while I waiting for my router, I created the following powershell code to point my boxes to google dns. The  following PS code will: look for a nic with… Read more

Installing Remote Server Admin Tools (RSAT) via Powershell

I reload my boxes frequently, also I have a few installations that are enrolled in Windows Insider, which installs new builds frequently. The insider build update cycle will reset existing updates including Remote Server Tools (Active Directory Powershell, Active Directory Users and Computer, etc) .. Drew is not one to download and install things over… Read more

Accesing Azure Security Center API with Powershell Invoke-RestMethod

Accessing Azure Security Center API with Powershell Invoke-RestMethod The following will allow you to set, monitor and change your Azure Security settings via Powershell, you  can also review alerts and recommendations You will first need to provision a service principal that can access your Azure subscription (Windows Azure Service Management API) Procedure https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal/   Per the… Read more

Powershell script to update Azure VM Agent, can be used with script extension

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 #Download link for the latest Azure Guest Agent (windows) $Link="http://go.microsoft.com/fwlink/?LinkID=394789" # Set download path D:\temp, if it doesn't exist – create it $AzAgtPath="D:\temp" if(!(Test-Path -Path $AzAgtPath )){ New-Item -ItemType directory -Path $AzAgtPath } # Download and install Start-BitsTransfer -Source $Link… Read more

Azure ARM Templates, Azure Antimalware

For deploying Azure Antimalware in Azure Virtual Machine ARM templates, I recommend you use one of the following json settings to ensure you’re deploying the latest version of our Antimalware client. “autoUpgradeMinorVersion”: true or hardcode the version using “typeHandlerVersion”: “1.5” Otherwise extension autoupdate is disabled, and your deployment will be stuck with Azure Antimalware… Read more

Azure Antimalware Powershell examples

Powershell code to deploy Azure Antimalware (ASM) $JSONString=”{ ‘AntimalwareEnabled’: true, ‘RealtimeProtectionEnabled’: true, ‘ScheduledScanSettings’: { ‘isEnabled’: true, ‘day’: 0, ‘time’: 120, ‘scanType’: ‘quick’ }, ‘Exclusions’: { ‘Extensions’: ‘mdb;ldb;ndb;dbx’, ‘Paths’: ‘C:\\Program Files\\DB Bin:\\;F:\\DB;G:\\DBs;S:\\LOGS;’, ‘Processes’: ‘DBServr.exe;customprocess.exe’ } }” Get-AzureVM -ServiceName drewcloudv1 -Name vm1 | Set-AzureVMExtension -ExtensionName IaaSAntimalware -Publisher Microsoft.Azure.Security -Version 1.* -PublicConfiguration $JSONString | Update-Azurevm Powershell code to… Read more

Getting started with OMS

http://portal.azure.com click new, type OMS and click on Log Analytics (OMS)   Click on create   1. define your OMS workspace name, select subscription id, resource group, region and location, click create. Once you have provisioned OMS, go ahead and launch OMS. To launch OMS from the Portal: Browse: OMS, Log Analytics (OMS) The blade… Read more