User Profile

nirmalmcse02

Copper Contributor

Joined Oct 12, 2020

12 Posts2 LikesLikes received

View All Badges

User Widgets

Recent Discussions

Re: Configure backup on Azure File Storage with a given tag to an existing recovery services vault
These inbuilt policies are specific to Virtual Machine. However, I am looking for a policy that can Configure backup for Azure File Share Storage with a given tag to an existing recovery services vault.
Oct 26, 2021 Place Azure Governance and Management
3.8KViews
0likes
0Comments
Re: Configure backup on Azure File Storage with a given tag to an existing recovery services vault
I have try to refer this policy & created below custom policy. Somehow this is not working as expected. Could you please help to debug this? { "properties": { "displayName": "Configure backup on Storageaccount with a given tag to an existing recovery services vault in the same location", "policyType": "BuiltIn", "mode": "Indexed", "description": "Enforce backup for all stoageaccount by backing them up to an existing central recovery services vault in the same location and subscription as the virtual machine. Doing this is useful when there is a central team in your organization managing backups for all resources in a subscription. You can optionally include virtual machines containing a specified tag to control the scope of assignment. See https://aka.ms/AzureVMCentralBackupIncludeTag.", "metadata": { "version": "3.0.0", "category": "Backup" }, "parameters": { "vaultLocation": { "type": "String", "metadata": { "displayName": "Location (Specify the location of the VMs that you want to protect)", "description": "Specify the location of the VMs that you want to protect. VMs should be backed up to a vault in the same location. For example - CanadaCentral", "strongType": "location" } }, "inclusionTagName": { "type": "String", "metadata": { "displayName": "Inclusion Tag Name", "description": "Name of the tag to use for including VMs in the scope of this policy. This should be used along with the Inclusion Tag Value parameter. Learn more at }, "defaultValue": "" }, "inclusionTagValue": { "type": "Array", "metadata": { "displayName": "Inclusion Tag Values", "description": "Value of the tag to use for including VMs in the scope of this policy (in case of multiple values, use a comma-separated list). This should be used along with the Inclusion Tag Name parameter. Learn more at https://aka.ms/AppCentricVMBackupPolicy." } }, "backupPolicyId": { "type": "String", "metadata": { "displayName": "Backup Policy (of type Storage Account from a vault in the location chosen above)", "description": "Specify the ID of the Azure Backup policy to configure backup of the Storage Account. The selected Azure Backup policy should be of type Azure Storage Account. This policy needs to be in a vault that is present in the location chosen above. For example - /subscriptions/<SubscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.RecoveryServices/vaults/<VaultName>/backupPolicies/<BackupPolicyName>", "strongType": "Microsoft.RecoveryServices/vaults/backupPolicies" } }, "effect": { "type": "String", "metadata": { "displayName": "Effect", "description": "Enable or disable the execution of the policy" }, "allowedValues": [ "deployIfNotExists", "auditIfNotExists", "disabled" ], "defaultValue": "deployIfNotExists" } }, "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "Microsoft.Storage/storageAccounts" }, { "field": "id", "notContains": "/resourceGroups/databricks-rg-" }, { "field": "location", "equals": "[parameters('vaultLocation')]" }, { "field": "[concat('tags[', parameters('inclusionTagName'), ']')]", "in": "[parameters('inclusionTagValue')]" } ] }, "then": { "effect": "[parameters('effect')]", "details": { "roleDefinitionIds": [ "/providers/microsoft.authorization/roleDefinitions/XXXXXXXXXXXX", "/providers/microsoft.authorization/roleDefinitions/XXXXXXXXXXXX" ], "type": "Microsoft.RecoveryServices/backupprotecteditems", "deployment": { "properties": { "mode": "incremental", "template": { "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "backupPolicyId": { "type": "String" }, "fabricName": { "type": "String" }, "protectionContainers": { "type": "String" }, "protectedItems": { "type": "String" }, "sourceResourceId": { "type": "String" } }, "resources": [ { "apiVersion": "2017-05-10", "name": "[concat('DeployProtection-',uniqueString(parameters('protectedItems')))]", "type": "Microsoft.Resources/deployments", "resourceGroup": "[first(skip(split(parameters('backupPolicyId'), '/'), 4))]", "subscriptionId": "[first(skip(split(parameters('backupPolicyId'), '/'), 2))]", "properties": { "mode": "Incremental", "template": { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "backupPolicyId": { "type": "String" }, "fabricName": { "type": "String" }, "protectionContainers": { "type": "String" }, "protectedItems": { "type": "String" }, "sourceResourceId": { "type": "String" } }, "resources": [ { "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems", "name": "[concat(first(skip(split(parameters('backupPolicyId'), '/'), 8)), '/', parameters('fabricName'), '/',parameters('protectionContainers'), '/', parameters('protectedItems'))]", "apiVersion": "2016-06-01", "properties": { "protectedItemType": "Microsoft.Storage/storageAccounts", "policyId": "[parameters('backupPolicyId')]", "sourceResourceId": "[parameters('sourceResourceId')]" } } ] }, "parameters": { "backupPolicyId": { "value": "[parameters('backupPolicyId')]" }, "fabricName": { "value": "[parameters('fabricName')]" }, "protectionContainers": { "value": "[parameters('protectionContainers')]" }, "protectedItems": { "value": "[parameters('protectedItems')]" }, "sourceResourceId": { "value": "[parameters('sourceResourceId')]" } } } } ] }, "parameters": { "backupPolicyId": { "value": "[parameters('backupPolicyId')]" }, "fabricName": { "value": "AzureStorage" }, "protectionContainers": { "value": "[concat('/azfileshare;', resourceGroup().name, ';' ,field('name'))]" }, "protectedItems": { "value": "[concat('/azfileshare;', resourceGroup().name, ';' ,field('name'))]" }, "sourceResourceId": { "value": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/virtualMachines/',field('name'))]" } } } } } } } }, "id": "/providers/Microsoft.Authorization/policyDefinitions/XXXXXXXXXXXXXXX", "type": "Microsoft.Authorization/policyDefinitions", "name": "XXXXXXXXXXXXXXX" }
Oct 26, 2021 Place Azure Governance and Management
3.8KViews
0likes
2Comments
Configure backup on Azure File Storage with a given tag to an existing recovery services vault
How to create a Custom Azure Policy that Configure backup on Azure File Share Storage with a given tag to an existing recovery services vault.
Oct 21, 2021 Place Azure Governance and Management
azure policy
4.1KViews
0likes
4Comments
Re: Azure PowerShell Script to create Virtual machine from Azure Recovery Service vault restore
omarmciver I have replaced the lines as you have shared. Still this powershell is getting failed due to same error. Please suggest. Below is error. Name : TestVMRESTORE HardwareProfile : {VmSize} NetworkProfile : {NetworkInterfaces} StorageProfile : {OsDisk} PS C:\> # Step 9 - Start the VM restore PS C:\> New-AzVM -ResourceGroupName "$VMRestoreRGName" -Location "$VMNICLocation" -VM $VMCreateName -Verbose New-AzVM : This operation is not supported for a relative URI. At line:1 char:1 + New-AzVM -ResourceGroupName "$VMRestoreRGName" -Location "$VMNICLocat ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : CloseError: (:) [New-AzVM], InvalidOperationException + FullyQualifiedErrorId : Microsoft.Azure.Commands.Compute.NewAzureVMCommand
Oct 14, 2021 Place Azure
2.1KViews
0likes
1Comment
Azure PowerShell Script to create Virtual machine from Azure Recovery Service vault restore
I am using below PowerShell script to create VM from Recovery Service Vault restore however this is not working. Could you please help me to debug? ============================================================= PowerShell Error New-AzVM : This operation is not supported for a relative URI. ================================================================= Below is my PowerShell Script $ConfigBlobName = "resotevmconfig.json" $ContainerName = "restorevmcontainername" $TemplateName = "azuredeploy.json" $JSONpath = "exportjsonpath" $StorageAccountRestore = "storageaccountnamewhererestorewashappened" $StorageAccountRestoreRGName = "Resourcegroupnameofstorage" $VMRestoreName = "TestVMRESTORE" $VMVNETName = "Virtualnetworkname" $VMVNETRGName = "virtualnetworkRG" $VMNICLocation = "location" $VNETSubnetIndex= 1 $VMRestoreRGName = "RestorevmRGname" # Step 8 - Prepare the VM restore Set-AzCurrentStorageAccount -Name $StorageAccountRestore -ResourceGroupName $StorageAccountRestoreRGName New-AzStorageBlobSASToken -Container $ContainerName -Blob $TemplateName -Permission r -FullUri Get-AzStorageBlobContent -Container $ContainerName -Blob $ConfigBlobName -Destination $JSONpath $VMObject = ((Get-Content -Path $JSONpath -Raw -Encoding Unicode)).TrimEnd([char]0x00) | ConvertFrom-Json $VMCreateName = New-AzVMConfig -VMSize $VMObject.'properties.hardwareProfile'.vmSize -VMName "$VMRestoreName" Set-AzVMOSDisk -VM $VMCreateName -Name "$VMRestoreName" -VhdUri $VMObject.'properties.StorageProfile'.OsDisk -CreateOption "Attach" Set-AzVMOSDisk -VM $VMCreateName -Name "test1-restored-OsDisk" -VhdUri $VMObject.'properties.storageProfile'.osDisk.vhd -CreateOption "Attach" -Windows $VMCreateName.StorageProfile.OsDisk.OsType = $VMObject.'properties.StorageProfile'.OsDisk.OsType $VMNICName="$VMRestoreName" $VNETName = Get-AzVirtualNetwork -Name "$VMVNETName" -ResourceGroupName "$VMVNETRGName" $VMNIC = New-AzNetworkInterface -Name $VMNICName -ResourceGroupName "$VMRestoreRGName" -Location "$VMNICLocation" -SubnetId $VNETName.Subnets[$VNETSubnetIndex].Id $VMCreateName=Add-AzVMNetworkInterface -VM $VMCreateName -Id $VMNIC.Id # Step 9 - Start the VM restore New-AzVM -ResourceGroupName "$VMRestoreRGName" -Location "$VMNICLocation" -VM $VMCreateName -Verbose =============================================================
Solved
Oct 07, 2021 Place Azure
2.2KViews
0likes
3Comments
Azure Virtual machine Core VS VCPU
Hi All, Please suggest how many CPU cores having Vcpu in the Azure virtual machine? Example in my azure virutal machine having 1 Vcpu how can i get this 1 vcpu have how many cores.
Sep 08, 2021 Place Azure Governance and Management
azure portal
2.3KViews
0likes
0Comments
Azure bit locker Encryption
Hi All, I have 100+ Virtual machines for that i want to enable azure bit locker encryption running single PowerShell script. Is there any script is available that i can refer too? My All VM's are part of same Resource Group, Location & i am using single key Vault. Below is the script which i am using where i am specifying single VM name at a time. $RGName = "RGNAME" $VMName = "TestVM1" $VaultName= "TestKV" $KeyVault = Get-AzKeyVault -VaultName $VaultName -ResourceGroupName $RGName $DiskEncryptionKeyVaultUrl = $KeyVault.VaultUri $KeyVaultResourceId = $KeyVault.ResourceId $VolumeType = "All" Set-AzVMDiskEncryptionExtension -ResourceGroupName $RGName -VMName $VMName -DiskEncryptionKeyVaultUrl $DiskEncryptionKeyVaultUrl -DiskEncryptionKeyVaultId $KeyVaultResourceId -VolumeType $VolumeType
Jul 19, 2021 Place Azure Infrastructure
677Views
0likes
1Comment
Azure Policy for Key Vault Soft Delete Retention
Hi All, Is there any Custom Azure Policy which we can use to enforce Azure Key vault Soft deletion retention period as per our Requirement. By default its 90 days but we want to set as 10 for all of key vault.
Solved
Jan 27, 2021 Place Azure
4.9KViews
0likes
3Comments
Outbound Connectivity after azure site recovery failover
How outbound connectivity works of any virtual machines after failover initiated from Azure Site Recovery. Explanation of above query is:- On-premise environment Servers DR site is set up on Azure using Azure site recovery & Express route is set up for connectivity between on-premise to Azure. In case a failover happens immediately ASR initiates spinning up virtual machines. Once Virtual Machines is ready to use. How outbound traffic will flow of this VM. Either Outbound traffic will go to On-premise or it will directly go to the Azure backbone. We would like to validate that whatever internet restrictions are applied on on-premise same should be applied to DR VM without deploying any NVA on the Azure side.
Solved
Jan 06, 2021 Place Azure Migration and Modernization
1.2KViews
1like
1Comment
Azure DDoS Protection Standard
Hi Team, Is it recommended to have Azure DDoS Protection Standard enabled for Virtual Network where Virtual network gateways are associated with that Virtual network? This VNG is establishing a VPN tunnel with Onprem VPN Devices. what is the security risk if I am using basic DDoS protection?
Oct 15, 2020 Place Azure Networking
911Views
0likes
1Comment
Multiple DEVOPS organization
Hi All, Is there any risk associated if we have multiple azure DevOps organizations connected to the Azure AD tenant active directory? Regards, Nirmal Singh
Oct 14, 2020 Place Microsoft Security
azure active directory
1.4KViews
1like
1Comment
ARM template for existing Vnet Peering
Hi All, Is there any ARM template available for establishing VNET Peering for two existing Virtual Network. I am referring below GitHub template. However it is creating one side peering only not vise versa. https://github.com/Azure/azure-quickstart-templates/tree/master/201-existing-vnet-to-vnet-peering
Solved
Oct 12, 2020 Place Azure Migration and Modernization
4.6KViews
0likes
1Comment

Recent Blog Articles

No content to show