by ezs | Jun 1, 2023 | evilzenscientist
Another one, again demonstrating the use of extend and mv-expand to pull out the multi-valued array.
resources
| join kind=leftouter (ResourceContainers | where type==’microsoft.resources/subscriptions’ | project SubName=name, subscriptionId) on subscriptionId
| where type == “microsoft.network/virtualnetworks”
| extend vnetCount =array_length(properties.addressSpace.addressPrefixes)
| mv-expand vnet = properties.addressSpace.addressPrefixes
| project SubName, resourceGroup, name, vnetCount, vnet
| order by tostring(vnet) asc
by ezs | Jun 1, 2023 | evilzenscientist
Lots of hygiene work, including cleaning up Azure Action Groups that send to individual emails. That’s a red flag and anti pattern.
Here’s the KQL to read the Action Groups, their subscriptions, and expand out the recipients.
It’s easy work to continue to audit this, and clean up the dead wood.
resources
| join kind=leftouter (ResourceContainers | where type==’microsoft.resources/subscriptions’ | project SubName=name, subscriptionId) on subscriptionId
| where type == “microsoft.insights/actiongroups”
| extend emailRecsCount =array_length(properties.emailReceivers)
| mv-expand emailRecs = properties.emailReceivers
| project SubName, resourceGroup, name, emailRecsCount, emailRecs.name, emailRecs.status, emailRecs.emailAddress
| order by [‘name’] asc
by ezs | Jun 1, 2023 | evilzenscientist
I discovered a pool of servers that seemed to be unused, and used the Azure VM Agent “Run PowerShell Script” to determine the real health.
The output told me: not domain joined, not managed, not being patched, so targets for decommissioning.
$boot = Get-CimInstance -ClassName Win32_OperatingSystem
$hotfix = Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 1
$name = Get-CimInstance -Classname Win32_ComputerSystem
write-host “Server $($name.name) Domain $($name.domain)”
write-host “Last reboot $($boot.LastBootUpTime)”
write-host “Last patch $($hotfix.HotFixID) $($hotfix.InstalledOn)”
Server FOOSERVER Domain WORKGROUP
Last reboot 10/12/2022 18:50:02
Last patch KB4495585 05/15/2019 00:00:00
by ezs | May 9, 2023 | evilzenscientist
Back in a previous life I worked closely with colleagues working on the integration of Dell, HPE and other server hardware vendors into the Microsoft infrastructure management tooling from System Center.
I’m a year in to using Windows Admin Center and the integration with Dell OpenManage and the Dell iDRAC.
It’s (usually) a joy; as part of the patching cycle, open the Dell OpenManage integration blade in Windows Admin Center, check for compliance, see which components need updating, update them.


by ezs | Apr 24, 2023 | evilzenscientist
Four re-certifications in the last few days.
I really like the Microsoft model – free to re-certify, keep up to date on the latest areas of technology.
AZ-104, AZ-700, AZ-400, AZ-500 all current again.
If you’re about to re-sit these my top tips: read the exam subject matter, see what changed since you took the last test. Microsoft Learn has training, documentation and guidance – https://learn.microsoft.com – and you can also revisit learning resources such as John Savills Technical Training.
Open book test, 45 minutes. Bing is your friend.




Recent Comments