How to migrate Azure PowerShell from AzureRM to the new Az Module

3 days ago, Microsoft released version 1.0.0 of the new Az Module. Az is a cross-platform PowerShell module to manage resources in Azure that is compatible with both WindowsPowerShell and PowerShell Core.

Why to migrate to Az?

Az is written from ground up in .NET Standard which allows us to use the module in PowerShell Core on Windows, MacOs or Linux platforms. It is the “new” module, all further functionality will be added to the Az module whereas AzureRM will only receive bug fixes.

How to migrate?

Scripts that use the previous AzureRM module won’t automatically work with Az. You can enable a compatibility mode to the AzureRM module using the Enable-AzureRmAlias cmdlet. This allows you to soft migrate existing scripts. Be sure to only enable the mode if you have uninstalled all versions of AzureRM! You can disable the compatiblity mode after you migrated all your scripts using the Disable-AzureRmAlias cmdlet.

You can also have both modules installed at the same time. In this case, don’t enable the compatibility mode! Instead, explicitly import either the Az or the AzureRM modules inside your scripts.

However, It is recommended to uninstall the old AzureRM module before using Az module:

Uninstall the AzureRM module

You can check whether you have any AzureRM module installed using the following cmdlet:

Get-Module -Name AzureRM -ListAvailable

get-module

To uninstall the module you can run the Uninstall-AzureRM cmdlet in an elevated PowerShell prompt.

You may get an error that the term Uninstall-AzureRM is not recognized as the name of a cmdlet:

Uninstall-AzureRM : The term ‘Uninstall-AzureRM’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

In this case, try to find and uninstall “Azure PowerShell” through the Windows system (Start -> Settings -> Apps, or appwiz.cpl). If this also doesn’t work, check this article: Uninstall the AzureRM module

Install the Az Azure PowerShell module

To install the module run the following cmdlet in an elevated session:

Install-Module -Name Az -AllowClobber

You may see the following prompt if this is the first time you use the PSGallery:

psgallery

Just Enter ‘Y’ – Yes or ‘A’ – Yes to All to continue.

You can verify the installation using:

Get-InstalledModule -Name Az -AllVersions

Use the new Az module

To use the new Az module, you first have to sign in using the Connect-AzAccount cmdlet. The interactive login now uses the device login so you have to copy and paste the token into https://aka.ms/devicelogin.

Once you have signed in to an Azure account, you can use the new cmdlets to access and manage your Azrue resoruces. Use Get-Command -Module Az* command to retrieve all available Az cmdlets:

get-command

 

 

 

Configure Azure App Service IP Restrictions using PowerShell

IP Restrictions is a feature I recently start using a lot. It allows me to define a list of IP addresses that are allowed or denied to access my app service. Both IPv4 and IPv6 adresses can be used.

At the moment there is no Azure CLI or PowerShell cmdlet available to set the IP Restrictions programmatically but the values can be set manually with a PUT operation on the app configuration in Resource Manager (REST request) or by using the Set-AzureRmResource cmdlet.

Until there is no Azure cmdlet available to set the IP Restriction Rule, you can use my Add-AzureIpRestrictionRule cmdlet:

function Add-AzureIpRestrictionRule
{
    [CmdletBinding()]
    Param
    (
        # Name of the resource group that contains the App Service.
        [Parameter(Mandatory=$true, Position=0)]
        $ResourceGroupName, 

        # Name of your Web or API App.
        [Parameter(Mandatory=$true, Position=1)]
        $AppServiceName, 

        # rule to add.
        [Parameter(Mandatory=$true, Position=2)]
        [PSCustomObject]$rule
    )

    $ApiVersions = Get-AzureRmResourceProvider -ProviderNamespace Microsoft.Web |
        Select-Object -ExpandProperty ResourceTypes |
        Where-Object ResourceTypeName -eq 'sites' |
        Select-Object -ExpandProperty ApiVersions

    $LatestApiVersion = $ApiVersions[0]

    $WebAppConfig = Get-AzureRmResource -ResourceType 'Microsoft.Web/sites/config' -ResourceName $AppServiceName -ResourceGroupName $ResourceGroupName -ApiVersion $LatestApiVersion

    $WebAppConfig.Properties.ipSecurityRestrictions =  $WebAppConfig.Properties.ipSecurityRestrictions + @($rule) |
        Group-Object name |
        ForEach-Object { $_.Group | Select-Object -Last 1 }

    Set-AzureRmResource -ResourceId $WebAppConfig.ResourceId -Properties $WebAppConfig.Properties -ApiVersion $LatestApiVersion -Force
}

Add your current IP

Usually, I want to add my current IP address to the list of allowed IPs whenever I work outside my company. I use a script where I only have to specifiy the Subscription Id, the App Service name and the Resource Group:

$SubscriptionId = '' 
$AppServiceName = ''
$ResourceGroupName = ''

I use the following piece of code to save my Azure login context so I don’t have to enter my credentials each time I use the script:

$ctxPath = Join-Path $env:APPDATA 'azure.ctx'

if (-not (Test-Path $ctxPath))
{
    Login-AzureRmAccount
    Save-AzureRmContext -Path $ctxPath -Force
}
 
Import-AzureRmContext -Path $ctxPath | out-null
Set-AzureRmContext -SubscriptionId $SubscriptionId | Out-Null

To determine my current IP address I use api.ipify.org:

$clientIp = Invoke-WebRequest 'https://api.ipify.org' | Select-Object -ExpandProperty Content

Finally I add the rule using the above Add-AzureIpRestrictionRule cmdlet. For the rule name I concat my computername with my username (e. g. WD023\mbr):

$rule = [PSCustomObject]@{
    ipAddress = "$($clientIp)/32"
    action = "Allow"  
    priority = 123 
    name = '{0}_{1}' -f $env:computername, $env:USERNAME 
    description = "Automatically added ip restriction"
}

Add-AzureIpRestrictionRule -ResourceGroupName $ResourceGroupName -AppServiceName $AppServiceName -rule $rule

This is how the result looks like:
ipresult

The whole script can be found in my GitHub repository.

Azure DevOps – what’s new?

Today Microsoft announced the relaunch of Visual Studio Team Services (VSTS). VSTS is now renamed to Azure DevOps.

The reason for the name change is that they want to decouple the Suite from the Visual Studio brand and the perception that it is .NET-only whereas Azure is associated with cross-platform – Cloud for all. But of course, Azure DevOps will work for whatever type of cloud you are using.

What’s new?

  • The service URLs moved from

    https://YOURORG.visualstudio.com to https://dev.azure.com/YOURORG

    There are long-term redirects for existing customers in place.

  • The offered services are renamed:
    • Work 👉 Azure Boards
    • Nav-Code Code 👉 Azure Repos
    • Nav-Launch Build and release 👉 Azure Pipelines
    • Nav-Feed Packages 👉 Azure Artifacts
    • Nav-TestTest 👉 Azure Test Plans

  • Azure DevOps GitHub Integration:
    Azure Pipelines is now available in the GitHub marketplace.
  • Azure Pipelines for Open Source projects
    Azure Pipelines includes 10 free concurrent pipelines with unlimited build minutes and users (for Mac, Windows and Linux).