As the Azure Blueprints service is still in Preview, you won’t find a full-featured set of supporting PowerShell commands just yet. However there is one handy little command currently in the PowerShell gallery which gives you some functionality you won’t find in the Azure Portal. Introducing Manage-AzureRMBlueprint
Azure Blueprints give you an easy way to bundle together governance artifacts like Azure Policy, RBAC and Resource Manager Templates, then apply them to the relevant subscriptions under a management group. But what if you want to duplicate these across to a subscription in a different management group? There’s no copy and paste capability in the portal for that, so the PowerShell command can help.
With the appropriate switch, we can use this PowerShell command to export the details of an existing Blueprint into .json files. That includes both the Blueprint definition and the corresponding artifacts contained inside it. And with the import switch, we can then easily upload those files into a different management group, ready for the Blueprint to then be assigned to the relevant subscriptions. During the import process, we can even change the name of the Blueprint itself.
Azure Blueprint exported to .json
This functionality is helpful if you’ve made changes to a Blueprint and tested it against your test environment subscriptions, and now you want to move it across to apply to your production subscriptions.
It’s also handy for anyone who manages multiple different Azure customer environments (Azure tenancies), such as Managed Service Providers or Partners and even larger Enterprises who may have their environments segregated for legal or financial reasons. Now you can define a base Blueprint with your standard governance requirements and connect to your different Azure tenancies to import it.
And finally, with the Report switch you can see the details of what is configured in a Blueprint, without leaving the comfort of your PowerShell window.
Version 2.2 only supports exporting the latest version of a published blueprint, or the current version of a draft blueprint.
It’s also important to note that the command only lets you export built-in policy definitions, not custom policies.
A note on the command syntax
Now that we’re moving away from AzureRM-style commands in favor of Az module commands, this script supports both. Use the -ModuleMode switch to specify either AzureRM or Az, depending on how your PowerShell environment is currently configured. Miss this switch and you may get errors!
Within a PowerShell terminal that’s already authenticated to an Azure tenancy, this script can run with minimal input. With only the ModuleMode, Mode, and an import or export directory, the command will read the available subscriptions, management groups and blueprints and will pause for you to enter your selections.
Or you can specify those components with the SubscriptionID, ManagementGroupID and BlueprintName parameters and then use the Force switch to suppress any confirmation prompts.
Manage-AzureRMBlueprint Import mode
Version 2.2 now also include cross platform support, so it’s functional on both Windows PowerShell and PS Core, including on Mac and Linux.