====== Azure Powershell (QnD) ======
====== Common Commands ======
==== Connect and Select ====
Authenticate with Azure, list subscriptions for tenants and select a subscription to work with.
<code powershell>
Connect-AzAccount -Tenant <tenant id>

Get-AzSubscription

Select-AzSubscription -SubscriptionId <id>
</code>

====== Command Context ======
Get Azure tenants that there is an authenticated session for.
<code>
Get-AzTenant | select id,name
</code>

==== See and set current context for Azure Powershell commands ====
This shows subscription and tenant info for current connections.
<code powershell>
Get-AzContext -ListAvailable | fl
</code>

<code powershell>
Set-AzContext -Tenant "xyz"
</code>

<code powershell>
Set-AzContext -Subscription "xyz"
</code>

==== Remove item from available context ====

<code powershell>
(Get-AzContext -ListAvailable).Name
</code>

<code powershell>
Remove-Context -Name <context name>
</code>

====== Get Resources ======
List all resources in the current subscription.
<code powershell>
Get-AzResource
</code>

<code powershell>
Get-AzResource | select Name,Type,ResourceGroupName,SubscriptionId | Export-Csv resources.csv
</code>

====== Loop Over All Subscriptions ======
Loop over all subscriptions in a tenant and run some command against them.

<code powershell>
foreach ($sub in Get-AzSubscription -TenantId "xyz") {
    Write-Host $sub.id
}
</code>

=== Example ===
Example of getting creation/last update timestamp for all custom policy definitions.
<code powershell>
foreach ($sub in Get-AzSubscription -TenantId "xyz") {
    Get-AzPolicyDefinition -SubscriptionId $sub.id | select -ExpandProperty Properties | where {$_.PolicyType -eq "Custom"} | select DisplayName -ExpandProperty Metadata | select DisplayName, createdOn, updatedOn | fl
}
</code>

Loop over all subscriptions in a tenant and for each subscription run some commands.
<code powershell>
foreach ($sub in Get-AzSubscription -TenantId "xyz") {
    Set-AzContext -Subscription $sub.id | Out-Null
    #
    # Other commands
    #
}
</code>


<code powershell>
Set-AzContext -Tenant "xyz"

foreach ($sub in Get-AzSubscription) {
    Set-AzContext -Subscription $sub.id | Out-Null
    #
    # Other commands
    #
}
</code>

====== Loop Over Resource Groups ======
<code powershell>

Get-AzResourceGroup | foreach {
  $_.ResourceGroupName
  #
  # Do something with RG info
  #
}
</code>

====== List Policy Assignments ======
<code powershell>
Set-AzContext -Tenant "xxxx…"

foreach ($sub in Get-AzSubscription) {
    Set-AzContext -Subscription $sub.Id
    $p += Get-AzPolicyAssignment
}

$p | select -ExpandProperty Properties | select DisplayName,Scope
</code>

====== List All Extension on VMs ======
<code powershell>
function AvGet-VMExtensions ($TenantId) {
    $extList = @()
    foreach ($sub in Get-AzSubscription -TenantId $TenantId) {
        Get-AzVM | foreach {        
            $vm = $_.Name
            $ext = Get-AzVMExtension -VMName $_.Name -ResourceGroupName $_.ResourceGroupName         
            $ext | foreach {
            $obj = [PSCustomObject]@{
                    Name = $vm
                    ExtName = $_.Name        
                }        
                $extList += $obj
            }        
            $extList | Format-Table -AutoSize 
        } 
        $extList |  Tee-Object $env:tmp\vm-exts.txt
    }
}
</code>

====== List Subnets with no associated NSG ======
<code powershell>
foreach ($sub in Get-AzSubscription -TenantId "xxxx") {
    Set-AzContext -Subscription $sub.id | Out-Null

    (Get-AzVirtualNetwork | foreach {$_.Subnets} | where {$_.NetworkSecurityGroup -eq $null}).Name

}
</code>


====== Enumerating Resources ======

=== § ===
<code powershell>
$azResources = Get-AzResource

$azResources | foreach {
  $_.ResourceId
}
</code>

=== § ===
<code powershell>
Get-AzResourceGroup | foreach {Get-AzStorageAccount -ResourceGroupName $_.ResourceGroupName}
</code>

====== Related ======
  * [[:powershell|Powershell]]