• A shared access signature (SAS) provides secure delegated access to resources in Azure Storage. SAS tokens can be signed in one of two ways: by using storage access keys and by using Azure Active Directory. SAS tokens that are signed by Azure AD accounts are also known as "user delegation SAS tokens." In this post, we present an overview of storage account security and then focus on managing user delegation SAS tokens.

  • Azure Private Link is a new service that enables you to connect to specific Azure endpoints through the Microsoft internal backbone, avoiding data transfer through the public internet. In this post, I will explain how to create and manage an Azure Private Link in the portal and with PowerShell.

  • Azure public IP address prefixes is a new service, and in this post, I'll walk you through the steps of how to create and manage public IP prefixes using PowerShell.

  • Azure Front Door is a newly available service that can efficiently control routing and web traffic for applications because it uses Microsoft WAN to optimize the traffic.

  • Hi RamaKrishna,

    that's because Contributor role has all actions BUT the actions listen in the property named "NOTaction"

    so, think of it as it has all the actions except the ones listed in "Notactions"

    (get-azurermroledefinition "Contributor") | select -ExpandProperty actions
    (get-azurermroledefinition "Contributor") | select -ExpandProperty notactions



  • Hi Naveen,

    Can you please elaborate what you need to achieve?



  • Hi Ramesh,

    this is what you are looking for



    foreach($subscriptionid in $subscriptions){

    Get-AzureRmRoleAssignment -scope "/subscriptions/$subscriptionid" | foreach{

    $actions=(Get-AzureRmRoleDefinition -Name $_.roledefinitionname).actions


    $result | out-file c:filename.csv

  • Hi Hasan,

    The following code would allow you to add group membership information if the object type is "user".

    $groups=(Get-AzureRmADUser | select id).id.guid

    Get-AzureRmRoleAssignment -scope "/subscriptions/SUBSCTIPTIONID" | foreach{

    if($objecttype -eq "user"){
    $groups=(Get-AzureADUserMembership -ObjectId $objectid).objectid.guid
    $actions=(Get-AzureRmRoleDefinition -Name $_.roledefinitionname).actions
    $result | out-file c:filename.csv

  • Hi Antyp,

    The following code can be used for what you were looking for

    $rg= "resourcegroupname"
    $tagname = "tagname"
    $TagValue ="tagvalue"
    get-AzureRmResource -TagName $tagname -TagValue $TagValue | Remove-AzureRmResource -force

  • Hi Sandeep,

    you can use the following code

    $Key = Add-AzureKeyVaultKey -Destination Software -Name "keyname" -VaultName "keyvaultname"
    $KeyId = $Key.Version.ToString()
    New-AzureRmResourceGroupDeployment -ResourceGroupName "resourcegroupname" -TemplateFile "armtemplate.json" -DataLakeStoreName "ADLSName" -KeyVaultName "keyvaultname" -DataLakeStoreKeyVaultKeyName $key -DataLakeStoreKeyVaultKeyVersion $KeyId
    $ADSLACC = Get-AzureRmDataLakeStoreAccount -Name "ADSLName"
    $ADSLACCSPNID = $ADSLACC.Identity.PrincipalId
    Set-AzureRmKeyVaultAccessPolicy -VaultName "keyvaultname" -ObjectId $ADSLACCSPNID -PermissionsToKeys encrypt,decrypt,get -BypassObjectIdValidation
    Enable-AdlStoreKeyVault -Account $ADSLACC.Name

  • Hi Gaurav,

    You can indirectly use powershell along with Alert API to manage Alerts in Azure.

    Have you checked the following?


    You can use armclient (https://github.com/projectkudu/ARMClient) or Powershell with the API to manage the alerts.




  • Hi Leila,

    You can use the following code to check KeyVault Name availability on Azure.

    Please ensure you've filled the first section of the code

    ## change here ##



    ### do not make any changes here ###

    $result=Invoke-RestMethod -Uri https://login.microsoftonline.com/$TENANTID/oauth2/token?api-version=1.0 -Method Post -Body @{"grant_type" = "client_credentials"; "resource" = "https://management.core.windows.net/"; "client_id" = "$APPID"; "client_secret" = "$PASSWORD" }

    $Body = @{

    "name"= $NameToCheck
    "type"= "Microsoft.KeyVault/vaults"

    'authorization'="Bearer $token"

    $Uri = "https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.KeyVault/checkNameAvailability?api-version=2018-02-14"

    Invoke-RestMethod -Uri $uri -Headers $Headers -Method POST -Body $body


  • KeyVaults are critical instruments in Azure as they are responsible for storing secrets and certificates. They are widely used in many different scenarios where secrets and certificates need to be retrieved from a script or an ARM template. With this in mind, dynamically checking their expiration dates to ensure they are valid is extremely important.

  • There are several ways to run commands and scripts on Azure VMs depending on the design you need to implement. You can use runbooks, Desired State Configuration (DSC) scripts, Azure DevOps pipelines, and many other third-party solutions for this. There's also a pretty simple standalone solution to execute commands on Azure VMs, which is a built-in feature in Azure Portal and is also usable through PowerShell.

  • Baki Onur Okutucu posted a new activity comment 1 year, 1 month ago

    I think they must have wanted to have one single module which works on both platforms. Also, "az" is now an easier name to remember as it sounds similar to CLI (az).

  • Baki Onur Okutucu posted an update in the group Group logo of PowerShellPowerShell 1 year, 1 month ago

    Microsoft has announced a new Azure Powershell module which is compatiable with Powershell Core and Powershell.
    The name of this new module is "Az".
    Az is basically a replacement for AzureRM and AzureRM.Netcore.
    in this module and all its dependent modules, all cmdlets use "Az" as their noun prefix (i.e Get-AzVm instead of Get-AzureRmVm).

    You can install and use the new module from here

    • I wonder why MS released again a new module for Azure. What was wrong with AzureRM.NetCore?

    • I think they must have wanted to have one single module which works on both platforms. Also, “az” is now an easier name to remember as it sounds similar to CLI (az).

    • …and also shorter to write then AzureRM…
      It’s bothering to write for every cmdlet AzureRMxxxxxx
      Even PSWSUS is bothering when you want to write verb-PSWSUSxxxxxx for every cmdlet of the module.

  • As Azure services are growing day by day, it is becoming more important to monitor them in a fully automated way. When it comes to monitoring Azure virtual machines (VMs), it is useful to use Log Analytics, also known as OMS (Operations Management Suite). Its wide range of solutions can monitor various services in Azure.

  • Immutable storage for Azure Blobs enables organizations to store business-critical data in a read-only manner, also know as the write once, read many (WORM) state. Organizations can only create and read data while disallowing modification and deletion for a specific time, also known as the retention interval that organizations define.

  • Azure Table storage is a data store you can use to store structured data in a non-relational way. Azure Table storage is easy to manage, and you can create multiple independent tables in a single storage account.

  • Load More