Tag Archives: Azure

Adding or Removing Azure Antimalware

I have a bunch of Azure VMs that have the Microsoft Antimalware extension installed.   I am considering using my SCCM setup in Azure to deploy Endpoint Protection.  This article includes a PowerShell script to remove the Azure extension and more.

If you look in the comments section of the article there is also a command that stops the “Your system administrator has restricted Access to this app” message and allows access to the UI.

Adding or Removing Azure Antimalware Extension

 

How to Change an Azure VM’s Subnet

Oops…put my Windows 8.1 Azure VM on my Azure virtual network, on the server subnet and with a static IP address.  Here’s how to correct with a bit of Azure PowerShell.

Parameters:

  • Client name and Azure Cloud Service name – W81.
  • Client subnet name – ClientVNet

Procedure

  • Connect to Azure and enter credentials when prompted.

Add-AzureAccount

  • Select your Azure subscription.

Select-AzureSubscription -SubscriptionName “Azure Pass”

  • Shutdown the VM ensuring the IP addresses are de-allocated (the –Force bit).

Stop-AzureVM -ServiceName W81 -Name W81 -Force

  • Remove the static IP allocated to the VM.

Get-AzureVM -ServiceName W81 -Name W81 | Remove-AzureStaticVNetIP | Update-AzureVM

  • Allocate the client subnet.

Get-AzureVM -ServiceName W81 -Name W81 | Set-AzureSubnet -SubnetNames ClientVNet | Update-AzureVM

  • Set a new static IP on the client subnet.

Get-AzureVM -ServiceName W81 -Name W81 | Set-AzureStaticVNetIP -IPAddress 10.1.1.81 | Update-AzureVM

Microsoft Azure – Getting Started Tips

Finally convinced my employer to replace my retired TechNet subscription with an MSDN subscription.  This means that I now an Azure subscription as well.

I am a sysadmin and not a developer so my focus is on Infrastructure as a Service (IaaS), i.e. messing about with virtual servers that I will manage myself, including setting up an Active Directory (AD), SCCM, SCOM etc.  Below are a few getting started tips

Before You Start

Before you get stuck into creating Azure Virtual Machines (VMs) consider doing the following:

  • Create an Affinity Group (accessed via the Settings tab).
  • Create a Storage Account and allocate to the Affinity Group created above.
  • Set the Storage Group Replication Setting as Local Redundant – it’s cheaper and is good enough for test environments in my opinion.
  • Create a DNS server (accessed via the Networks tab).
  • Create a Virtual Network and configure a Subnet (these are the addresses your VMs will use to communicate internally and all allocated dynamically).
  • Always create VMs in their own Cloud Services and give the VM and Cloud Service the same name if possible.
  • When creating a VM always give the access account a complex password – it’s used to connect to the VM over the public internet.
  • Download the Windows Azure PowerShell Management Tools.
DNS Server Address

Azure allocates Virtual Network addresses dynamically.  The first address it will use will be x.x.x.4, e.g. 10.0.0.4.  Use this address for the DNS Server.

The First VM

If the plan is to create an AD then first VM created must be the AD server, thus it will be a DNS server.  As it is the first VM created it will be dynamically allocated x.x.x.4 and match the DNS Server address created above.

Cloud Services

Cloud Services are basically containers for things like Azure VMs.  The Cloud Service name is the name used to access an Azure VM over the Internet.  If you want unique names to use when accessing VMs over the Internet always add a new VM to its own dedicated Cloud Service (and if possible give the VM and the Cloud Service the same name).

Reserving the AD Server IP Address.

Either always ensure the AD server is the first server started, thus it will be allocated x.x.x.4 or use PowerShell to set a fixed address for the AD server (search for Set-AzureStaticVNetIP).

Note:  You can use PowerShell to create a VM and allocate the VM on creation – too complicated for a getting started guide.

AD Server, DNS and Internet Access from the Azure VM

Once you have an AD Server running DNS on your own Virtual Network your VMs will not be able to access the Internet because they will now go to x.x.x.4 to resolve names.  To get round this I added a public DNS server as a Forwarder in my AD DNS, e.g. 8.8.8.8 is the Google public DNS server address.

Accessing VMs

Done from the Azure console by clicking the Connect button.  Doing this downloads an RDP file.

Shutting Down VMs

The biggest Azure gotcha unless you like paying Microsoft lots of cash for nothing.

Shutdown VMs from the Azure console and not from within the VM.  Once stopped from the console the VMs become “de-alocated” thus you are not charged the compute fee for the VM while it is not running.  The bad news is a de-allocated VM loses its Virtual Network IP address.