Forum Widgets
Latest Discussions
Azure IMDS (Instance Metadata Service) calls to 168.63.129.16 blocked after July 1st, 2025
[ACTION REQUIRED] After1 July2025, it will no longer be possible to queryAzureIMDS endpoints at the IP address168.63.129.16.Pleasebegin using169.254.169.254to communicate withAzureIMDSas soon as possible. Officially,IMDS APIs can only be queried at169.254.169.254.However, due totheinternaldesignof Azure,IMDS endpointscanalsobe queriedat the IP address168.63.129.16from within a virtual machine.Some customersare usingthisunofficialpathway to communicate with IMDS. An upcoming change inAzurewill permanently block IMDS requests on168.63.129.16.After 1 July 2025, you won’t be able to accessAzureIMDS endpoints with that IP. You can continue to use 168.63.129.16to call into IMDS APIsuntilupuntil that date, but we recommend you begin your transition now. HOW TO CHECK IF YOU ARE IMPACTED Code analysis in your application. IMDS has a reserved IP address of “169.254.169.254" VM’s Private communication channel has reserved IP address of "168.63.129.16".Use code search to evaluate that your client is not using IP address “168.63.129.16” for making metadata requests. All IMDS REST requests starts with “/metadata” and all endpoints can be found at IMDS Public endpoints. REQUIRED ACTION Fix all URLs using168.63.129.16to prepare forits decouplingfrom IMDS.For example,thisIMDS token endpoint URLwouldsoonbe blocked: curl -s -H Metadata:true --noproxy"*" "http://168.63.129.16/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/" To avoid service disruptions,fixURLstoinclude169.254.169.254., as inthis example: curl -s -H Metadata:true --noproxy "*" "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/”MinnieLahotiDec 13, 2024Microsoft92Views0likes0CommentsHow to Automate KB5040434 Installation on Multiple VMs?
Hey everyone, I need to install the KB5040434 update on a bunch of VMs. This update is super important because it fixes several vulnerabilities. Doing this one by one is a huge hassle, and each VM also needs a restart after the update. Is there a way to automate this process? Maybe using Azure Cloud Shell, an automation account, or some other Azure feature? Any tips or guides would be really helpful. Thanks in advance!Solvedexperi18Oct 21, 2024Copper Contributor579Views0likes7CommentsAdding VM Instance View Details, e.g. osName, to the VM Resource Object JSON (for Custom Policy Use)
I'm requesting to add more details to the JSON of the VM resource object, particularly from the VM instance view data. This is to include operating system information, such as the name and version (osName and osVersion), for use in a custom Policy. Although these details are visible in the portal, they're not present in the VM's resource object, which is necessary for our custom policy.dkappelleSep 20, 2024Copper Contributor123Views0likes0CommentsAutomating Azure VM Snapshot Creation Across Subscriptions
Introduction Managing virtual machines in Azure can be time-consuming, especially when creating snapshots across multiple subscriptions. Typically, this involves logging into the Azure portal, manually locating the VM, and creating snapshots for both the OS disk and attached data disks an inefficient and tedious process. To simplify this, I developed a PowerShell script that automates snapshot creation, allowing me to create snapshots by simply inputting the VM name. This script is part of my toolkit for automating repetitive Azure tasks. It iterates through all subscriptions linked to my Azure account, identifies the specified VM, and generates snapshots for both the OS and data disks within the VM’s resource group, adhering to a consistent naming convention. This article describes the script, the rationale behind its design, and how it improves the efficiency of managing Azure resources. Design Considerations When designing this script for automating Azure VM snapshot creation, several key considerations were prioritized to enhance efficiency and user experience: 1. Subscription Handling All-Subscription Search: The script loops through all Azure subscriptions associated with the account. This design ensures that the script can locate the VM across any subscription without manual intervention to switch between them. This is particularly useful for environments with multiple subscriptions. 2. Dynamic VM Search Automatic VM Discovery: Instead of requiring users to manually input resource group and subscription details, the script dynamically searches for the VM by its name across all subscriptions. This automation simplifies the process and reduces the likelihood of errors. 3. Snapshot Naming Convention Consistent Naming Format: Snapshots are named using the format VMname_diskname_dd-MM-yyyy_HH_mm. This approach ensures that snapshots are well-organized and easily identifiable. The script also removes random characters, such as GUIDs, often appended to disk names, resulting in clean and consistent snapshot names. 4. OS and Data Disk Snapshots Comprehensive Backup: The script separately handles snapshots for both the OS disk and data disks. This ensures that all disks attached to the VM are included in the backup process, providing complete coverage. 5. Time Efficiency Streamlined Process: The script is designed to eliminate the need for repeated manual input and navigation within the Azure portal. By simply providing the VM name, users can automate the entire process, from VM identification to snapshot creation. This saves considerable time and effort, particularly in environments with many VMs and subscriptions. By focusing on these design considerations, the script offers a robust and user-friendly solution for automating VM snapshot creation across Azure subscriptions. Prerequisites To use this script, you need: Azure PowerShell module installed (Az module). Active Azure account with sufficient permissions to access VMs and create snapshots across subscriptions. A VM name as input. Why Automate Snapshot Creation? In many organizations, virtual machines (VMs) are critical for running services, and regularly creating snapshots of these VMs is essential for disaster recovery and version control. Traditionally, creating snapshots for Azure VMs involves several manual steps: Log in to the Azure Portal: Access the Azure portal to start the snapshot creation process. Navigate Through Subscriptions: Switch between different Azure subscriptions to find the correct VM. Locate the Correct VM: Search for and select the specific VM for which you want to create snapshots. Create Snapshots: Manually create snapshots for both the OS disk and any attached data disks. Repeat the Process: Perform these steps for each disk across multiple VMs or subscriptions. This manual process is not only time-consuming but also prone to errors. Automating snapshot creation simplifies and streamlines the process: Reduces Manual Effort: The entire process can be accomplished with a few clicks. Saves Time: Automation eliminates the need to repeat steps across multiple VMs and subscriptions. Minimizes Errors: By automating the process, you reduce the risk of human error. With the automation script, you only need to provide the VM name, and the script handles the rest, making snapshot management more efficient and reliable. Script Overview Below is the PowerShell script that automates the process of creating snapshots for a VM across multiple subscriptions in Azure: <# .SYNOPSIS This script automates the process of creating snapshots for a virtual machine (VM) in Azure across multiple subscriptions. The script will locate the VM by its name, determine the resource group where it exists, and create snapshots for both the OS disk and any attached data disks. It ensures that the snapshot names follow a specific naming convention while removing any random characters appended to the disk names. .DESCRIPTION - Loops through all Azure subscriptions attached to the account. - Searches for a specified VM by name across all subscriptions. - Identifies the resource group of the VM. - Creates snapshots for the OS disk and all data disks in the same resource group as the VM. - Follows the snapshot naming convention: computername_diskname_dd-mm-yyyy_hh_mm. - Removes random characters (e.g., GUIDs) after the disk name in snapshot naming. .NOTES Author: Vivek Chandran Date Created: 11-09-2023 #> # Login to Azure (if not already logged in) Connect-AzAccount # Prompt the user to enter the VM name $computerName = Read-Host -Prompt "Please enter the name of the VM you want to snapshot" # Get all subscriptions available to the account $subscriptions = Get-AzSubscription # Loop through each subscription to find the specified VM foreach ($subscription in $subscriptions) { # Set the subscription context so that all subsequent commands target this subscription Set-AzContext -SubscriptionId $subscription.Id # Retrieve all VMs in the current subscription $vms = Get-AzVM # Check if a VM with the specified name exists in this subscription $vm = $vms | Where-Object { $_.Name -eq $computerName } if ($vm) { # Output message indicating the VM was found Write-Host "VM '$computerName' found in subscription '$($subscription.Name)'" # Retrieve the resource group where the VM resides $resourceGroup = $vm.ResourceGroupName # Loop through each data disk attached to the VM and create a snapshot foreach ($disk in $vm.StorageProfile.DataDisks) { # Get the name of the data disk $diskName = $disk.Name # Remove any random characters from the disk name after the first underscore (if present) $cleanedDiskName = ($diskName -split '_')[0..1] -join '_' # Get the current date and time in the format 'dd-MM-yyyy_HH_mm' for use in the snapshot name $currentDateTime = Get-Date -Format 'dd-MM-yyyy_HH_mm' # Construct the snapshot name using the cleaned disk name and the date/time $snapshotNameWithDataDisk = "$computerName-$cleanedDiskName-$currentDateTime" # Define the snapshot configuration using the disk's managed disk ID $snapshotConfig = New-AzSnapshotConfig -SourceUri $disk.ManagedDisk.Id -Location $vm.Location -CreateOption Copy -AccountType Standard_LRS # Create the snapshot in the same resource group as the VM New-AzSnapshot -Snapshot $snapshotConfig -ResourceGroupName $resourceGroup -SnapshotName $snapshotNameWithDataDisk # Output message indicating that the snapshot was successfully created for the data disk Write-Host "Snapshot created for data disk: $snapshotNameWithDataDisk" } # Create a snapshot for the OS disk of the VM $osDisk = $vm.StorageProfile.OsDisk # Get the name of the OS disk $osDiskName = $osDisk.Name # Remove any random characters from the OS disk name after the first underscore (if present) $cleanedOsDiskName = ($osDiskName -split '_')[0..1] -join '_' # Get the current date and time in the format 'dd-MM-yyyy_HH_mm' for use in the snapshot name $currentDateTime = Get-Date -Format 'dd-MM-yyyy_HH_mm' # Construct the snapshot name using the cleaned OS disk name and the date/time $snapshotNameWithOSDisk = "$computerName-$cleanedOsDiskName-$currentDateTime" # Define the snapshot configuration using the OS disk's managed disk ID $snapshotConfig = New-AzSnapshotConfig -SourceUri $osDisk.ManagedDisk.Id -Location $vm.Location -CreateOption Copy -AccountType Standard_LRS # Create the snapshot in the same resource group as the VM New-AzSnapshot -Snapshot $snapshotConfig -ResourceGroupName $resourceGroup -SnapshotName $snapshotNameWithOSDisk # Output message indicating that the snapshot was successfully created for the OS disk Write-Host "Snapshot created for OS disk: $snapshotNameWithOSDisk" # Exit the loop since the VM has been found and processed break } else { # Output message indicating that the VM was not found in this subscription Write-Host "VM '$computerName' not found in subscription '$($subscription.Name)'" } } # Output a final message indicating that the snapshot process has completed Write-Host "Snapshots process completed!" How the Script Works 1. Azure Authentication Connect to Azure: The script starts by authenticating the user to Azure using the Connect-AzAccount command. If the user is already logged in, this step is skipped. 2. Input the VM Name Prompt for VM Name: After successful authentication, the script prompts you to enter the name of the virtual machine (VM) you want to create snapshots for. 3. Subscription Looping Retrieve Subscriptions: The script retrieves all Azure subscriptions associated with the account using Get-AzSubscription. Check Each Subscription: It iterates through each subscription to check if the specified VM exists. When the VM is found, the script switches the context to that subscription using Set-AzContext. 4. Snapshot Creation Data Disk Snapshots: For each data disk attached to the VM, the script creates a snapshot. It follows a consistent naming convention that includes the VM name, disk name, and timestamp to ensure clarity and organization. OS Disk Snapshot: After handling the data disks, the script creates a snapshot for the OS disk, using the same naming convention. 5. Completion Confirmation Message: Once all snapshots (for both OS and data disks) are created, the script outputs a message confirming the successful completion of the snapshot creation process. Conclusion This PowerShell script has greatly improved my workflow for managing Azure VMs. By automating the snapshot creation process, it eliminates the need to manually log into the Azure portal, locate the VM, and create snapshots for each disk individually. Instead, I can simply run the script, provide the VM name, and let it handle the entire process. For anyone managing multiple Azure subscriptions and seeking a reliable method to automate snapshot creation, this script offers a quick and effective solution. It ensures that backups are created consistently and stored properly, enhancing overall backup management and efficiency.VivekChandranSep 11, 2024Copper Contributor609Views0likes0CommentsMove virtual machine between different accounts
Hello guys! Do you know if it is possible to move a virtual machine to another Azure account?SolvedVinícius BarretoAug 28, 2024Copper Contributor70KViews0likes16CommentsXXX virtual machines should enable Azure Disk Encryption or EncryptionAtHost.
Hello everyone, I'm facing issues related to a policy: Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. After enabling EncryptionAtHost, it appears as encrypted in the portal. However, the policy does not recognize that it is encrypted and shows it as non-compliant. The same happens when enabling Azure Disk Encryption (ADE): the policy still indicates that it is non-compliant. Has anyone else experienced this?rafaelmaferreiraAug 01, 2024Copper Contributor552Views0likes1CommentFinding Azure Batch Python client in Conda packaging
I've started working with Azure Batch and use Python, with my Python environment managed by Anaconda. I'd like to install the Azure Batch Client Library and Azure Batch Management Client Library from the Azure SDK for Python in my Anaconda environments, preferably using conda instead of pip. These are the azure.batch and azure.mgmt.batch modules (or "module packages"; whatever they're called), found in the azure-batch and azure-mgmt-batchPyPI packages. But I don't know where to find them in the Conda packaging of Azure SDK for Python. The Azure SDK for Python introduced a Conda packaging of it back in 2021, and its use is described in the "How to install Azure library packages for Python" page. The Conda packaging differs from the PyPI packaging. The Python Azure SDK modules are packaged in to a smaller number of packages in the Conda form, with sometimes different naming. Is the Azure Batch client library available in the Microsoft-supplied Conda packages somewhere (the ones in the microsoft conda channel, instead of the conda-forge channel)? If so, which Conda package? And more generally, if I know what Azure SDK for Python module I want, or what PyPI package it's in, how can I find out which microsoft-channel Conda package it's in? I haven't been able to find a list of which module is in which Conda package anywhere. There's an azure-batch conda package in the conda-forge channel (instead of the microsoft channel). But if I understand correctly, those conda-forge Azure packages are the old ones from before the 2021 introduction of the microsoft conda channel's packaging, and have different dependencies and stuff. I'd prefer to install the Azure Batch client from the microsoft-channel Conda packages, instead of the conda-forge channel package or from PyPI/pip, for consistency with my other Azure Python packages, which are all installed from the microsoft-channel Conda packages. I've read that mixing interdependent packages from different channels can sometimes cause problems, and if you're mixing conda-managed and pip-managed packages in an Anaconda environment, you're supposed to install all the conda packages first, then the pip packages, and then don't go back and install or update any conda packages afterwards, or something like that.apjankeJul 22, 2024Copper Contributor1.2KViews1like4CommentsPower Management of Client Machines VM: Credential Handling and Solutions
We handle the power on/off operations of client machines as needed. To perform these tasks, we collect AD-APP credentials from clients, as the AD-APP has the necessary permissions to manage the VMs. Problem: We need to gather and securely store AD-APP details from multiple clients. Managing these credentials for each VM individually is becoming a significant overhead. Looking for a Solution: Can we solve this problem with a multi-tenant AD-APP, where we use a single multi-tenant app and request clients to grant access to their VMs? Considerations: Clients will have different accounts with no relation to our subscription. Questions: If a multi-tenant AD-APP is a viable solution, what configurations are required on our side and the client's side? Please share in detail. If it's not possible, is there an alternative way to achieve this?saikat100Jul 17, 2024Copper Contributor288Views0likes2CommentsASR Replication is stuck at "Waiting for First Recovery Point"
Hi All, I am trying to add ASR for one of my setup[VM's] present in Azure environment. But, all the VM's are stuck in "Waiting for First Recovery Point". Please find more details below. Configuration: 1. All the VM's re located in "East US2" 2. All the VM's are installed with Linux[Cent OS] Status of ASR: Created a new Recovery Service Vault “SoakASR-Vault” Enabled Replication for 3 servers for 3 performance servers. You can find the replicated servers in “SoakASR-Vault | Replicated items” Issue: All the 3 servers are stuck at “Waiting for First Recovery Point" Observations: I have created Recovery Services Vault in “Central US”. But, I see Network Mapping as WEST US in "Site Recovery infrastructure | Network mapping" Extension update is failing at "Site Recovery infrastructure | Extension update settings" I see 'Installing Mobility Service and preparing target' with status as “Completed with Information” message. Error ID: 151083 Error Message: Site recovery mobility service update completed with warnings Please help if you have any idea where I am going wrong. Thanks in advance.psamudralaJul 13, 2024Copper Contributor14KViews0likes2CommentsMachine Learning/AI Studio VM Quota Issues
Anyone ran into the issue where your subscription has 0 quota for ML/AI? 0 Cores Available Request quota increase gives a weird error "Could not find Cloud Solution Provider information for this subscription"mwashamJun 27, 2024Copper Contributor584Views0likes2Comments
Resources
Tags
- virtual machine222 Topics
- Compute101 Topics
- Cloud Services29 Topics
- Azure Containers25 Topics
- app service15 Topics
- Hands-on-Labs12 Topics
- machine learning7 Topics
- Cloud Essentials7 Topics
- Backup6 Topics
- Service Fabric5 Topics