First Steps in Azure Automation

I wanted my blog to be informative, but also share bits about me so a fact about me: I love the Marvel Cinematic Universe. For anyone that cares, no film will ever beat Avengers: Endgame and Spider-Man is my favourite hero. My ever-patient girlfriend gets dragged to Cineworld for every new release, usually as close to opening night as possible to dodge spoilers.

So in honour of The Fantastic Four: First Steps being released this week, I thought I would go through my First Steps in automating processes using PowerShell and Azure CLI. Like coming against Galactus in the movie, automating a process in PowerShell can be an intimidating task; before I had more experience writing automation scripts, I often found myself wondering how do I get started and what CLI commands do I need?

In this post, I recall a recent experience of needing to add the Microsoft.Maintenance resource provider to every subscription in my tenant for the deployment of Azure Update Manager maintenance schedules, and the First Steps I usually take to automate such processes.

Why automate such tasks?

I could have gone to every subscription in my tenant and registered the resource provider, but with dozens (or even hundreds) of subscriptions, manually registering a resource provider in each one is inefficient and error-prone.. A quick script in PowerShell using Azure CLI sped up this task to minutes. Automation ensures consistency, saves time, and reduces the risk of missing a subscription.

My Thought Process

When dealing with a task like this, I usually follow a similar approach. Microsoft has a wide range of useful documentation for lots of processes in Azure, so my first place is to make my way over to Learn to see if I can find a helpful document. In this case, I found a page on registering resource providers using Azure CLI: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#azure-cli

Why Azure CLI over Azure PowerShell? I think it comes down to personal preference. Both tools do the same thing, manipulate the Azure Resource Manager API with an easy-to-use developer tool. I just prefer the more literal syntax in Azure CLI over Azure PowerShell, and find that az deployment group create is easier to understand than New-AzResourceGroupDeployment.

In this use case, having found a helpful Learn page, I didn't also need to use the Azure CLI reference page: https://learn.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest, however this is a super useful tool in my Azure toolkit (a future blog post I think).

My Approach

My next step was to think about how I would complete this task in the Azure Portal and what CLI commands I could use in PowerShell.

Step 1: Get all the subscriptions in my tenant and the corresponding subscription IDs, and pop them in a variable like $subs. I also setup a variable to hold the name of the provider I wanted to register. I chose to put the provider in a variable to make my script reusable in the future with a different provider.

$subs = az account list --query "[?state=='Enabled'].id" -o tsv
$providerToRegister = "Microsoft.Maintenance"

Step 2: Loop over each subscription in my $subs variable and check whether the $providerToRegister was registered or not.

foreach ($sub in $subs) {
    $provider = az provider show --namespace $providerToRegister --subscription $sub | ConvertFrom-Json -Depth 32
}

Step 3: Check the registrationState of the provider is not Registered and if not, register the provider using az provider register.

foreach ($sub in $subs) {
    $provider = az provider show --namespace $providerToRegister --subscription $sub | ConvertFrom-Json -Depth 32
    if ($provider.registrationState -ne "Registered") {
        Write-Host "Registering provider $providerToRegister for subscription $sub"
        az provider register --namespace $providerToRegister --subscription $sub | Out-Null
    }
    else {
        Write-Host "Provider $providerToRegister already registered for subscription $sub"
    }
}

And that was it! I had now looped through every single subscription in my tenant, checked if the resource provider was registered or not, and then registered it. All in all, this process took me less than half an hour, speeding up a task that could have taken me hours in the Portal.

A Quick Reflection

This task was a simple example of what can be automated in Azure, a quick script to save hours of work (so I can go to the cinema instead), and I am sure I will write about a more complex use-case in the future. This does show how powerful scripting in Azure can be and for anyone that has got this far, as a helpful tip, having your own Jarvis (aka GitHub Copilot) can help speed this process up even more 😉