Azure Arc and Defender for Servers: Connectivity and Monitoring Script
2. Overview of Defender for Servers Microsoft Defender for Servers is a plan within Microsoft Defender for Cloud that provides advanced threat protection for Windows and Linux servers, whether they are hosted in Azure, on-premises, or in other cloud environments. It includes capabilities such as endpoint detection and response (EDR), vulnerability assessment, file integrity monitoring, and adaptive application controls. Defender for Servers integrates with Microsoft Defender for Endpoint to provide unified security management and threat detection. For more information on Defender for servers visit documentation at the link below. https://learn.microsoft.com/en-us/azure/defender-for-cloud/tutorial-enable-servers-plan 3. Onboarding On-Premises Servers via Azure Arc To onboard on-premises servers to Defender for Servers, Azure Arc is used to project non-Azure machines into Azure. This enables the application of Azure policies, monitoring, and security configurations. The onboarding process involves: - Installing the Azure Connected Machine Agent on the server - Registering the server with Azure Arc - Enabling Defender for Servers in Microsoft Defender for Cloud - Ensuring the server is reporting and compliant with security policies. For more information on connecting on-premises servers to Azure Arc visit documentation in the link below. Connect hybrid machines to Azure using a deployment script - Azure Arc | Microsoft Learn 4. Script Purpose and Details This PowerShell script is designed to help infrastructure administrators verify the health of the HIMDS service (used by Microsoft Defender for Endpoint) and the connectivity status of the Azure Connected Machine Agent (Azure Arc) on multiple servers. It is especially useful in scenarios where administrators do not have access to the Azure portal but need to ensure that servers are properly onboarded and connected. Key functions of the script include: - Reading a list of computer names from a CSV file - Checking the status of the HIMDS service on each machine - Running the 'azcmagent show' command remotely to verify Azure Arc connectivity - Logging and displaying the results with color-coded output 5. PowerShell Script # Path to the CSV file $csvPath = "C:\Path\To\computers.csv" # Import computer names from CSV $computers = Import-Csv -Path $csvPath | Select-Object -ExpandProperty ComputerName # Array to store connected machines $connectedMachines = @() foreach ($computer in $computers) { Write-Host "Checking $computer..." -ForegroundColor Cyan try { # Check HIMDS service $himdsService = Get-Service -ComputerName $computer -Name "himds" -ErrorAction Stop $himdsStatus = $himdsService.Status # Run azcmagent show remotely and parse output $azcmOutput = Invoke-Command -ComputerName $computer -ScriptBlock { try { $output = azcmagent show | Out-String return $output } catch { Write-Error "Failed to run azcmagent: $_" return $null } } if ($azcmOutput -ne $null) { $statusLine = $azcmOutput -split "`n" | Where-Object { $_ -match "Agent Status\s*:\s*Connected" } if ($statusLine) { Write-Host "[$computer] HIMDS Service: $himdsStatus, Azure Arc Status: Connected" -ForegroundColor Green $connectedMachines += $computer } else { Write-Host "[$computer] HIMDS Service: $himdsStatus, Azure Arc Status: Not Connected" -ForegroundColor Yellow } } else { Write-Host "[$computer] HIMDS Service: $himdsStatus, Azure Arc Status: Unknown (command failed)" -ForegroundColor Red } } catch { Write-Host "[$computer] Error: $_" -ForegroundColor Red } } # Output connected machines Write-Host "`nConnected Machines:" -ForegroundColor Cyan $connectedMachines | ForEach-Object { Write-Host $_ -ForegroundColor Green } 6. How It Simplifies Administrative Tasks This script streamlines the process of verifying Azure Arc connectivity across multiple servers. Instead of manually logging into each server and running individual checks, administrators can execute this script to: - Quickly identify which machines are connected to Azure Arc - Detect issues with the HIMDS service - Generate a list of healthy and connected machines - Save time and reduce the risk of human error
Manipulating the registry via Intune push
Our goal is simple: Manipulate the registry as part of application deployment or PowerShell script. Use case: When we install our VPN client, there are a raft of registry updates that need to be made to configure it for use in our environment. The easiest way of doing this is simply by importing a .reg file we've created. The problem that I just can't seem to overcome is how to import a .reg file using PowerShell as part of an Intune deployment. For testing purposes, I've created a simple test registry file and I'd ideally like to use a PS script that simply has the command "reg.exe import .\1Test.reg" in it. The command runs perfectly from CLI but when I try pushing it as part of a Win32 app, it fails. When I build in other diagnostic steps, everything in the script runs perfectly except for the actual import. I've tried using the script to create a temporary directory, copy the files to it, set it as the working directory, and importing from there in case there were path issues. Everything works perfectly all the way up to the actual import, which never works. I've tried using "regedit.exe /silent" as well as "reg.exe" and I've spun it off as a separate process; nothing seems to work. I think it needs to run in the user instead of system context so I've tried both of those. I'm currently at a 100% failure in my ability to figure this out and I'm hoping that someone out there in the community has dealt with this and knows the incredibly simple secret and can demystify it for me. Thanks in advance for your help!Azure - PowerShell Script to delete a specific Tag for any resources in all your Subscriptions
A classical question after many months of usage and delegation to different admin is related to the TAG Cleanup. You can be faced to a large diversity of Tags created at one moment, but not useful and mainly not maintained. This small script will help you to execute this cleanup in all your subscriptions you are in charge. Import-module Az Connect-AzAccount [string]$TagName = "YourSpecificTagKey" $TagCount = 0 $All_Az_Subscriptions = Get-AzSubscription Foreach ($Az_Subscription in $All_Az_Subscriptions) { Write-Host " " Write-Host " --------------------------------------- " Write-Host "Working on subscription ""$($Az_Subscription.Name)""" -foregroundcolor "yellow" $TagCount = 0 Set-AzContext -SubscriptionObject $Az_Subscription | Out-Null $AllTaggedresources = Get-AzResource -TagName $TagName $TagCount = $AllTaggedresources.Count Write-Host " >> TAG "" $($TagName) "" found "" $($TagCount) "" times" -foregroundcolor "green" if($TagCount -gt 0) { $AllTaggedresources.ForEach{ if ( $_.tags.ContainsKey($TagName) ) { $_.tags.Remove($TagName) } $_ | Set-AzResource -Tags $_.tags -Force } } } This script was inspired by these pages: https://stackoverflow.com/questions/54162372/how-to-fix-this-error-in-azure-powershell-can-not-remove-tag-tag-value-becaus https://learn.microsoft.com/en-us/powershell/module/az.resources/set-azresource?view=azps-11.6.0 Fabrice Romelard
GIA - Get Intune Assignments Application
Hello Everyone, Some time ago I was struggling to get all Assignments Intune for a Specific Azure AD Group. This option does not exist at console, and we need to run a lot of queries at MS Graph and/or use PowerShell to retrieve. So, to help the community I started to create PowerShell scripts to help to query some of the Assignments but, still, I had a lot of scripts each one to retrieve a specific type of items (like profiles, conditional access, apps, etc). After a while I decide to develop a C# .NET Application to facilitate the process. Today I want to share with all you my GIA App (Get Intune Assignments). It's available on my gitHub page: https://github.com/sibranda/GetIntuneAssignments I hope this app can help you guys the same way is helping me and my customers. RegardsHow to Detect Files of the Same Size on your Computer via PowerShell
Learn how to use PowerShell to detect files of the same size on your computer quickly and easily. This article provides a script to automate the process and save storage space. Follow the step-by-step instructions and improve your file management skills with PowerShell automation.
PowerShell Novice: Script Timeout #WSUS
Hi I'm an idiot. Have to say this at the beginning so you are ready to help a moron understand what is happening!!! And in plain English, or crayon...... I'm trying to schedule a PowerShell script to clean up my WSUS which is proving to be a pain to keep on top of.......little bit of research and I find the following basic script which appears to do what I need, however I get a red warning that this basically times out and then fails in its task. Is my script too basic and I am expecting too much, or can the time frame be increased to allow it to do what it needs to do?! I don't want to pay for the infamous AdamJ script and had hoped WSUS would be developed further by now to accommodate such cleaning tasks....but hey ho! Any help would be most welcome...thanks!! Get-Date >> E:\WSUS_Logs\WSUS_Decline.txt Get-WsusServer | Invoke-WsusServerCleanup -DeclineExpiredUpdates -DeclineSupersededUpdates >>E:\WSUS_Logs\WSUS_Decline.txt and a second script for the following Get-Date >> E:\WSUS_Logs\WSUS_Cleanup.txt Get-WsusServer | Invoke-WsusServerCleanup -CleanupObsoleteComputers -CleanupObsoleteUpdates -CleanupUnneededContentFiles >>E:\WSUS_Logs\WSUS_Cleanup.txt
Automating OneNote text with format to new Outlook message
Hello, I’m getting into PS, I’d like to automate basic processes on my own PC to start. There’s a constant process I do day in and day out, wanted to eliminate all the clicking, copying, pasting, typing and automate it. Taking texts in its format from OneNote, to opening a new Outlook message, pasting the text in the same format into the body of the new message. So all I’d have to do is fill in the email address and subject then click send.
Having trouble moving multiple folders up a level
Hi all, I have a requirement to change a file structure for a client. Basically they want all files within an "FYxx" folder to be moved one level up while maintaining the folder structure. I developed a script to do this for one specified folder but now I want to expand that to all folders in the directory. This is the original script that works using one folder: # Define the source directory $source = "C:\SP\AGA" # Get all the FY folders in the source directory $fyFolders = Get-ChildItem -Path $source -Directory | Where-Object { $_.Name -like "FY*" } # Loop through each FY folder foreach ($fyFolder in $fyFolders) { # Get all the subfolders in the FY folder $subfolders = Get-ChildItem -Path $fyFolder.FullName -Recurse -Directory # Get all the files in the FY folder $subfiles = Get-ChildItem -Path $fyFolder.FullName -Recurse -File # Combine the subfolders and files into one array $subitems = $subfolders + $subfiles # Loop through each subfolder and file foreach ($subitem in $subitems) { # Get the relative path to the subfolder or file $relativePath = $subitem.FullName.Substring($fyFolder.FullName.Length) # Move the subfolder or file to the parent folder Move-Item -LiteralPath $subitem.FullName -Destination ($fyFolder.Parent.FullName + $relativePath) } # Get the contents of the FY folder after all subfolders and files have been moved $contents = Get-ChildItem -Path $fyFolder.FullName # Check if the FY folder has no files if (!$contents.Where{ $_.PsIsContainer -eq $false }) { # Delete the FY folder if it has no files Remove-Item -Path $fyFolder.FullName -Recurse } } I then wanted to add a capability to scan the parent directory and use those results as the source. This is what I have but it doesn't actually do anything. It doesn't fail with an error it just does nothing: # Define the path to the parent folder $parentFolder = "C:\SP" # Get all subfolders in the parent folder $subFolders = Get-ChildItem -Path $parentFolder -Directory # Loop through each subfolder foreach ($subFolder in $subFolders) { # Get the source folder $source = $subFolder.FullName # Get all subfolders with "FY" in the name $fyFolders = Get-ChildItem -Path $source -Recurse | Where-Object { $_.PSIsContainer -and $_.Name -like "*FY*" } # Loop through each FY folder foreach ($fyFolder in $fyFolders) { # Get all items (files and subfolders) in the FY folder $items = Get-ChildItem -Path $fyFolder.FullName -Recurse -File -Directory # Move all items to the parent folder foreach ($item in $items) { $destination = Join-Path -Path $fyFolder.Parent.FullName -ChildPath $item.Name Move-Item -LiteralPath $item.FullName -Destination $destination } } # Delete all empty FY folders $emptyFyFolders = Get-ChildItem -Path $source -Recurse | Where-Object { $_.PSIsContainer -and $_.Name -like "*FY*" -and (!(Get-ChildItem -Path $_.FullName -Recurse)) } foreach ($emptyFyFolder in $emptyFyFolders) { Remove-Item -Path $emptyFyFolder.FullName -Force -Recurse } } Any idea where I am going wrong? Thanks, David
