{"id":79422,"date":"2018-06-26T15:12:41","date_gmt":"2018-06-26T15:12:41","guid":{"rendered":"https:\/\/www.red-gate.com\/simple-talk\/?p=79422"},"modified":"2021-02-23T19:21:38","modified_gmt":"2021-02-23T19:21:38","slug":"azure-and-windows-powershell-getting-information","status":"publish","type":"post","link":"https:\/\/www.red-gate.com\/simple-talk\/sysadmin\/powershell\/azure-and-windows-powershell-getting-information\/","title":{"rendered":"Azure and Windows PowerShell: Getting Information"},"content":{"rendered":"<p><strong>The series so far:<\/strong><\/p>\n<ol>\n<li><a href=\"https:\/\/www.red-gate.com\/simple-talk\/sysadmin\/powershell\/azure-windows-powershell-basics\/\">Azure and Windows PowerShell: The Basics<\/a><\/li>\n<li><a href=\"https:\/\/www.red-gate.com\/simple-talk\/sysadmin\/powershell\/azure-and-windows-powershell-getting-information\/\">Azure and Windows PowerShell: Getting Information<\/a><\/li>\n<li><a href=\"https:\/\/www.red-gate.com\/simple-talk\/sysadmin\/powershell\/azure-and-windows-powershell-using-vm-extensions\/\">Azure and Windows PowerShell: Using VM Extensions<\/a><\/li>\n<\/ol>\n\n<p>PowerShell provides a great way of automating many things thus saving the time and effort of an Azure administrator. In the case of Automating Azure tasks, Microsoft has provided the Microsoft Azure PowerShell Module, which can be used to write scripts. As described in the first part of this series, this module is great and provides functionalities that will be described all along this series. But one of the main things to do when you will write your Azure scripts is that you must sign onto your Azure subscription first. You need to install the AzureAD PowerShell module and then use the <strong>Login-AzureRMAccount<\/strong> cmdlet. This cmdlet can be used to perform the login process, but the login needs to be done manually by entering the login and password of the Azure account in the popup window. As obvious it is, there can be no manual intervention during this process! Therefore, before going deeper in this article, I will explain how to get around this problem using <strong>Azure Service Principal<\/strong> to automate this login process.<\/p>\n<h2>What is a Service Principal?<\/h2>\n<p>A service principal is an identity your application can use to log in and access Azure resources. Azure Administrators need to perform a one-time activity to set up a Service Principal, which is similar to a service account. Following are the steps that need to be done so that they can automate the process:<\/p>\n<ul>\n<li>\n<p><strong>Create an AD Application<\/strong>: This application will be used to log on to Azure.<\/p>\n<\/li>\n<li>\n<p><strong>Create a Service Principal<\/strong>: This account will be mapped to the application created above.<\/p>\n<\/li>\n<li>\n<p><strong>Assign a role to the Application<\/strong>: Configure the access level for the user account which can be Reader, Contributor, \u2026<\/p>\n<\/li>\n<\/ul>\n<h3>PowerShell<\/h3>\n<p>Service Principal requires you configure your Azure Active Directory domain. Navigate to <strong>Azure Active Directory<\/strong>, click <strong>Custom Domain Names<\/strong> and you will see your Azure Tenant Domain:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"787\" height=\"230\" class=\"wp-image-79423\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-89.png\" \/><\/p>\n<p>You will get the TenantID from the results of the Login-AzureRMAccount command. Use the <strong>Connect-AzureAD<\/strong> cmdlet to connect to your Azure AD tenant, which also asks you for your credentials:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Login-AzureRmAccount\r\nPS &gt; Connect-AzureAD -TenantId &lt;Tenant_ID&gt;<\/pre>\n<p>The output is below:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"809\" height=\"276\" class=\"wp-image-79424\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-90.png\" \/><\/p>\n<p>Copy the tenant domain and paste it in the following commands. First, create the Azure AD Application with the <strong>New-AzureRmAdApplication<\/strong> cmdlet, then use the <strong>New-AzureRmAdServicePrincipal<\/strong> cmdlet to create the application and, finally, to access resources in your subscription, you must assign the application to a role. In this example, assign the contributor role with the <strong>New-AzureRmRoleAssignment<\/strong> cmdlet. To learn more about the available roles, read <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/role-based-access-control\/built-in-roles\">this guide<\/a>.<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; $SecureStringPassword = ConvertTo-SecureString -String 'P@$$w0rd' -AsPlainText -Force\r\nPS &gt; $azureAdApplication = New-AzureRmADApplication -DisplayName \"AzureAuto\" -HomePage \"https:\/\/&lt;tenant domain&gt;\/\" -IdentifierUris \"&lt;tenant domain&gt;\/AzureAuto\" -Password $SecureStringPassword\r\nPS &gt; New-AzureRmADServicePrincipal -ApplicationId $azureAdApplication.ApplicationId\r\nPS &gt; sleep 20\r\nPS &gt; New-AzureRmRoleAssignment -ServicePrincipalName $azureAdApplication.ApplicationId.Guid -RoleDefinitionName Contributor<\/pre>\n<p>The output is below:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1038\" height=\"443\" class=\"wp-image-79425\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-91.png\" \/><\/p>\n<p>If you run all these commands at one time without the <strong>sleep<\/strong> command, you will get the following error:<\/p>\n<p><em>New-AzureRmRoleAssignment : Principal xxxxxxxxxxxxxxxxxxxxxxxx does not exist in the directory.<\/em><\/p>\n<p>After creating the Azure Service Principal, you must wait around 10 or 15 seconds before running the <strong>New-AzureRMRoleAssignment<\/strong> cmdlet to replicate the content in your Azure Subscription.<\/p>\n<p>Confirm the login process by running the following commands in a new PowerShell console. Copy in the <strong>ID<\/strong> and tenant ID from the previous results.<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; $SecureStringPassword = ConvertTo-SecureString -String '&lt;Password&gt;' -AsPlainText -Force\r\nPS &gt; $azureAccountName = \"&lt;AppID&gt;\"\r\nPS &gt; $psCred = New-Object System.Management.Automation.PSCredential($azureAccountName, $SecureStringPassword)\r\nPS &gt; Login-AzureRmAccount -Credential $psCred -ServicePrincipal -tenant &lt;TENANT_ID&gt;<\/pre>\n<h3>Azure CLI<\/h3>\n<p>For those of you who want to use Azure CLI, it is possible to automate the same process using an Azure Service Principal. Run the <strong>az login<\/strong> command to log in to your Azure account. You will be prompted to authenticate with a code. This command is similar to the <strong>Login-AzureRmAccount<\/strong> cmdlet:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">az login<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"639\" height=\"236\" class=\"wp-image-79426\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-92.png\" \/><\/p>\n<p>Then use the <strong>az account set <\/strong>command to select the desired subscription using the name parameter:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">az account set -s &lt;Azure_Subscription_Name&gt;<\/pre>\n<p>Finally, run the <strong>az ad sp<\/strong> command to create the service principal. Be sure to replace the service principal name and strong password.<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">az ad sp create-for-rbac --name &lt;Service_Principal_Name&gt; --password &lt;StrongPassword&gt;<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1034\" height=\"391\" class=\"wp-image-79427\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-93.png\" \/><\/p>\n<p>After running the <strong>az login<\/strong> command, copy the tenant ID and app ID for the next command.<\/p>\n<p>Now it\u2019s time to test the new service principal. Run the <strong>az login<\/strong> command in a new window and provide the following parameters to log in with a service principal:<\/p>\n<ul>\n<li>\n<p><strong>&#8211;username<\/strong>: the service principal name using the AppID or the name but don\u2019t forget to include \u2018http:\/\/\u2019<\/p>\n<\/li>\n<li>\n<p><strong>&#8211;password<\/strong>: the service principal password<\/p>\n<\/li>\n<li>\n<p><strong>&#8211;tenant<\/strong>: the tenant associated with the service principal<\/p>\n<\/li>\n<\/ul>\n<pre class=\"theme:powershell-output lang:ps decode:true\">az login --service-principal --username &lt;AppID&gt; --password &lt;Password&gt; --tenant &lt;TenantID&gt;<\/pre>\n<p>The output is shown below:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1034\" height=\"518\" class=\"wp-image-79428\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-94.png\" \/><\/p>\n<h3>Azure Portal<\/h3>\n<p>As you may imagine, creating a service principal can also be done with the Azure Portal. Log in to your Azure Account through the Azure portal. Then, select <em>Azure Active Directory<\/em>, <em>App registrations<\/em> and <em>New application registration<\/em>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"884\" height=\"357\" class=\"wp-image-79429\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-95.png\" \/><\/p>\n<p>Provide a name and URL for the application. Select <em>Web app \/ API<\/em> for the type of application you want to create. Replace the URL with your tenant domain.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"302\" height=\"226\" class=\"wp-image-79430\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-96.png\" \/><\/p>\n<div class=\"note\">\n<p><em>Note: you cannot create credentials for a Native application; therefore, that type does not work for an automated application.<\/em><\/p>\n<\/div>\n<p>To retrieve the App ID, go to the <em>App registrations<\/em> tab and select the newly created application. Do not forget to switch from <em>My Apps<\/em> to <em>All Apps<\/em> to list all the Applications:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"439\" height=\"97\" class=\"wp-image-79431\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-97.png\" \/><\/p>\n<p>Copy the Application ID and save it on your machine because you will need to use it when connecting in your scripts.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"568\" height=\"202\" class=\"wp-image-79432\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-98.png\" \/><\/p>\n<p>The App ID equals to the login, so now, create a key for this application that will be used as a password. Click <em>Settings<\/em> <em> Keys<\/em> to create the key:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"249\" height=\"115\" class=\"wp-image-79433\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-99.png\" \/><\/p>\n<p>Add a description, and a duration. This duration is used to limit access. Click <em>Save<\/em> to generate the key and then copy the key value because you won&#8217;t be able to retrieve it after you leave this blade.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"853\" height=\"364\" class=\"wp-image-79434\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-100.png\" \/><\/p>\n<p>At this step, the Application is created, and the ID and the key are generated. The last step will add a role to the application. Go to the <em>Subscriptions<\/em> blade and select your subscription, navigate to <em>Access control<\/em> and click <em>Add<\/em>:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"934\" height=\"479\" class=\"wp-image-79435\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-101.png\" \/><\/p>\n<p>Here is a very nice bug! By default, Azure Active Directory applications are not displayed. It means that you must manually provide the name to find the application and click <em>Save<\/em>:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"403\" height=\"285\" class=\"wp-image-79436\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-102.png\" \/><\/p>\n<p>Validate and test your service principal using Azure CLI or PowerShell. In this example, run the <strong>az login<\/strong> followed by the username which is the <em>AppID<\/em>, the password which is the generated key and your Tenant ID. Now confirm you are authenticated:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1034\" height=\"209\" class=\"wp-image-79437\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-103.png\" \/><\/p>\n<h2>Retrieving information<\/h2>\n<p>Before going deeper in this series, I will discuss in this part of all the necessary commands to retrieve information about your Azure account including:<\/p>\n<ul>\n<li>\n<p>Subscription<\/p>\n<\/li>\n<li>\n<p>Resources<\/p>\n<\/li>\n<li>\n<p>Cost<\/p>\n<\/li>\n<li>\n<p>And logs<\/p>\n<\/li>\n<\/ul>\n<h3>Azure Subscription<\/h3>\n<p>After logging in to your Azure subscription, the <strong>login-AzureRmAccount<\/strong> cmdlet returns the same output as the <strong>Get-AzureRmContext <\/strong>cmdlet. Run this cmdlet to display information about the subscription. This cmdlet is helpful when you need to retrieve the tenant ID:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Get-AzureRmContext<\/pre>\n<p>\n The same information can be retrieved using Azure CLI but in JSON. Run the following command:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">az account list<\/pre>\n<p>\n Depending your needs, you may work with multiple Azure subscriptions. When you login, you get a default subscription set, so running some commands may fail if you don\u2019t set the correct subscription. To switch between them, use the following PowerShell commands:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Set-AzureRmContext -SubscriptionId &lt;Subscription_ID&gt;<\/pre>\n<p>\n Retrieve the Azure subscriptions with Azure CLI:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">az account list --output table<\/pre>\n<p>\n And switch to a new subscription:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">az account set --subscription &lt;Azure Subscription Name&gt;<\/pre>\n<div class=\"note\">\n<p><em>Note: You can use either the subscription ID or the subscription name to select the subscription.<\/em><\/p>\n<\/div>\n<h3>Azure Resources<\/h3>\n<p>Getting all Azure Resource Manager resource groups with PowerShell is very simple. Just use the <strong>Get-AzureRMResourceGroup <\/strong>cmdlet:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Get-AzureRMResourceGroup<\/pre>\n<p>\n Depending the number of Resource Groups your Azure subscription contains, you can filter the output:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Get-AzureRMResourceGroup | Where-Object { $_.ResourceGroupName \u2013like \u2018*Nico*\u2019 }<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"826\" height=\"200\" class=\"wp-image-79438\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-104.png\" \/><\/p>\n<div class=\"note\">\n<p><em>Note: depending which service principal you use to connect to your Azure subscription, some results could be incomplete due to the assigned role (e.g. Contributor, Reader).<\/em><\/p>\n<\/div>\n<p>For better visibility, I recommend the <strong>Out-GridView<\/strong> cmdlet:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Get-AzureRMResourceGroup | Select-Object ResourceGroupName, location | Out-GridView -Title 'Azure Resource Groups'<\/pre>\n<p>\n The output is below:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"360\" height=\"412\" class=\"wp-image-79439\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-105.png\" \/><\/p>\n<p>Working with Tags in Azure is helpful when you need to manage a large number of items. To list all the resource groups with their tags, run the <strong>Get-AzureRmResourceGroup<\/strong> cmdlet.<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Get-AzureRmResourceGroup | Select-Object ResourceGroupName, tags<\/pre>\n<p>You can easily get the pair \u2018key=value\u2019 for a specific resource group by using the following command:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; (Get-AzureRmResourceGroup -ResourceGroupName &lt;RG_Name&gt;).tags<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"609\" height=\"112\" class=\"wp-image-79440\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-106.png\" \/><\/p>\n<p>You can add tags on a Virtual Machine, a Resource Group, a Virtual Network, etc., using PowerShell and the Azure Portal:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1381\" height=\"280\" class=\"wp-image-79441\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-107.png\" \/><\/p>\n<p>To add tags to a resource group without existing tags, use the <strong>Set-AzureRMResourceGroup<\/strong> command with the <strong>tag<\/strong> parameter:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"786\" height=\"374\" class=\"wp-image-79442\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-108.png\" \/><\/p>\n<p>To add tags to a resource group that has existing tags, retrieve the existing tags, add the new tag, and reapply the tags:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"720\" height=\"472\" class=\"wp-image-79443\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-109.png\" \/><\/p>\n<p>To finish with the Resource Groups, of course you can list Resource Groups using Azure CLI:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">az group list<\/pre>\n<p>\n Filtering by tag is very simple as well:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">az group list --tag Measure=Test<\/pre>\n<p>The output is below:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"772\" height=\"472\" class=\"wp-image-79444\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-110.png\" \/><\/p>\n<h3>Azure Costs<\/h3>\n<p>Monitoring and visualizing cloud usage and costs can be done using PowerShell. In my opinion, the Azure Portal is a nice way to get the information about Azure costs, but sometimes, you may need to retrieve this information by command line to generate some reports, for instance. You can use the <strong>Get-UsageAggregates<\/strong> cmdlet to get billing information. Several parameters can be used to filter the results:<\/p>\n<ul>\n<li>\n<p>ReportedStartTime<\/p>\n<\/li>\n<li>\n<p>ReportedEndTime<\/p>\n<\/li>\n<li>\n<p>AggregationGranularity<\/p>\n<\/li>\n<li>\n<p>ShowDetails<\/p>\n<\/li>\n<\/ul>\n<p>Below is the syntax:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Get-UsageAggregates -ReportedStartTime \"2018-01-01\" -ReportedEndTime \"2018-01-07\" -AggregationGranularity \"Daily\" -ShowDetails $true<\/pre>\n<p>In this example, I can get usage details of the current subscription between 2018-01-17 to 2018-01-19:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1348\" height=\"252\" class=\"wp-image-79445\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-111.png\" \/><\/p>\n<p>Listing the details of Azure resource consumption can be performed with the following Azure CLI command:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">az consumption usage list<\/pre>\n<p>This command can be filtered because, depending your subscription, it can take a long time to run. You can add the <strong>&#8211;top<\/strong> parameter to limit the number of items to return:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">az consumption usage list \u2013top 100<\/pre>\n<p>Listing the resource consumption by date can be performed by using the <strong>start-date<\/strong> and <strong>end-date<\/strong> parameters:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">az consumption usage list --start-date \"2017-06-01\" --end-date \"2018-01-01\"<\/pre>\n<h3>Azure Logs<\/h3>\n<p>The command line is interesting to automate some tasks, but Azure logs is very well implemented in the Azure Portal. So of course, PowerShell and Azure CLI can be used to get the log activities, but the Azure Portal allows creating great dashboards, and performing rich data exploration with interactive queries. Using the Azure Logs, you can determine the \u201cwhat, who, and when\u201d for any operations taken on the resources in your subscription. Azure logs are different from Windows logs or Linux logs. It means that if you deploy a Virtual Machine in your subscription, Azure logs contains information regarding the deployment of this VM. Information about the operating system itself will not be displayed.<\/p>\n<p>Nevertheless, PowerShell provides the <strong>Get-AzureRmLog<\/strong> cmdlet to show logs. By default, this cmdlet will query all the resource groups:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Get-AzureRmLog<\/pre>\n<p>\n Filtering certain resource group, for certain actions and from a given time is possible. Depending on the start time you specify, the previous commands can return a long list of operations for the resource group. For instance, to find all logs in the last day and for a specific Resource Group, the following command retrieve this information:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Get-AzureRmLog -ResourceGroup &lt;RG_Name&gt; -StartTime (Get-Date).AddDays(-1)<\/pre>\n<div class=\"note\">\n<p><em>Note: If you do not specify a start and end time, entries for the last hour are returned.<\/em><\/p>\n<\/div>\n<p>You can also look up the actions taken by a particular user using the <strong>\u2013Caller<\/strong> parameter:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Get-AzureRmLog -ResourceGroup &lt;RG_Name&gt; -StartTime (Get-Date).AddDays(-14) -Caller someone@domain.com<\/pre>\n<p>\n You can filter for failed operations using the <strong>\u2013Status<\/strong> parameter:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Get-AzureRmLog -ResourceGroup &lt;RG_Name&gt; -Status Failed<\/pre>\n<p>\n Now, if you need more information about Azure deployments, in order to get the status of a Virtual Machine deployment, for example, use the<strong> Get-AzureRmResourceGroupDeployment <\/strong>cmdlet:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Get-AzureRmResourceGroupDeployment -ResourceGroupName &lt;RG_Name&gt;<\/pre>\n<p>This cmdlet is very helpful for Azure administrators, because troubleshooting can be done very quickly by filtering the output. For instance, filtering by failed deployment status can be perform using the following command:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1262\" height=\"644\" class=\"wp-image-79446\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-112.png\" \/><\/p>\n<p>Here is one of my favorite command to quickly and easily check deployment status in the current Azure subscription:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">PS &gt; Get-AzureRmResourceGroupDeployment -ResourceGroupName &lt;RG_Name&gt; | Select-Object DeploymentName, ResourceGroupName, ProvisioningState, Timestamp | Out-GridView -Title 'Deyploment status'<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"803\" height=\"385\" class=\"wp-image-79447\" src=\"https:\/\/www.red-gate.com\/simple-talk\/wp-content\/uploads\/2018\/06\/word-image-113.png\" \/><\/p>\n<p>The <strong>az monitor activity-log list<\/strong> command return Azure logs with Azure CLI:<\/p>\n<pre class=\"theme:powershell-output lang:ps decode:true\">az monitor activity-log list --resource-group &lt;RG_Name&gt;<\/pre>\n<h2>Conclusion<\/h2>\n<p>This second article in this series described important steps to automate Azure tasks and retrieve the required information from your Azure account:<\/p>\n<ul>\n<li>\n<p>Creating a service principal<\/p>\n<\/li>\n<li>\n<p>Automating the login process using PowerShell, Azure CLI and Azure Portal<\/p>\n<\/li>\n<li>\n<p>Retrieving Azure Resources information<\/p>\n<\/li>\n<li>\n<p>Viewing Azure costs<\/p>\n<\/li>\n<li>\n<p>and getting the Azure logs<\/p>\n<\/li>\n<\/ul>\n<p>At this step, you know how to automate the login process using PowerShell and Azure CLI. It means that you can create your own scripts in order to interact with your Azure resources. In the next articles, I will describe how to create and manage your Azure Resources in practice, such as:<\/p>\n<ul>\n<li>\n<p>Creating Virtual Network<\/p>\n<\/li>\n<li>\n<p>Creating and attaching Disk to a VM<\/p>\n<\/li>\n<li>\n<p>Backing up Virtual Machines<\/p>\n<\/li>\n<li>\n<p>Deploying Network devices (Load Balancer, \u2026)<\/p>\n<\/li>\n<li>\n<p>\u2026<\/li>\n<\/ul>\n<p>I will not explain how to create Virtual Machines in detail, because Robert Cain published a great series about Azure VMs: <a href=\"https:\/\/www.red-gate.com\/simple-talk\/sysadmin\/powershell\/create-azure-vms-powershell-part-1\/\">Create Azure VMs<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the second part of his series, Nicolas Prigent describes in detail how to automate the login process using PowerShell and Azure CLI. Nicolas also explains how to retrieve information about your Azure subscription.&hellip;<\/p>\n","protected":false},"author":158223,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[137091,35],"tags":[95506],"coauthors":[6804],"class_list":["post-79422","post","type-post","status-publish","format-standard","hentry","category-azure","category-powershell","tag-automate"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/79422","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/users\/158223"}],"replies":[{"embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/comments?post=79422"}],"version-history":[{"count":14,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/79422\/revisions"}],"predecessor-version":[{"id":79468,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/posts\/79422\/revisions\/79468"}],"wp:attachment":[{"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/media?parent=79422"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/categories?post=79422"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/tags?post=79422"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.red-gate.com\/simple-talk\/wp-json\/wp\/v2\/coauthors?post=79422"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}