Select Page

Azure Resource Policies – What they are and how to use them

In a previous post I was talking and demonstrating how to create Custom Role Based Access Controls which could be tailored comply with a company’s requirements. Another company requirement is compliance regarding data governance. Say you have one or multiple Azure Subscriptions and one of the company policies is that nobody should be able to create Azure resources outside a specific region. Some / all of the company’s contracts have a mandatory clause that all the data they produce and keep in the cloud should only reside in a specific geographical region. Microsoft has gone to great lengths to ensure that their cloud services (Azure or Office 365) comply with national, regional, and industry-specific requirements governing the collection and use of individual’s data.

PSUG Romania @ Bucharest Cegeka Academy


I’ve received an e-mail two weeks ago from a frequent reader of this blog that he started a PowerShell User Group here in Bucharest and I’m pleased to announce that I will be attending this meeting and I will be presenting a session about building your datacenter with PowerShell DSC.

The event will take place on the 25th October 18:30 at Cegeka Academy (Location). So if you’re interested, you can join the meetup group PSUG Bucharest Romania and come join us for some PowerShell 🙂

Here are the details of the event:

This is going to be the first meeting of (what I hope) is going to be a great sequel of great meetings for all PowerShell enthusiasts.

We are going to debate on the agenda for our next meetings, based on the input of our members, but this will definitely include: DSC, JIT/JEA, Pester, PowerShell for GUIs, crazy PowerShell (creating all kinds of applications with our favorite tool).

We’ll also have the pleasure of welcoming in our midst a great presenter, Florin Loghiade (, who will help us discover the world of DSC with his (introductory) talk “Building and Managing your Virtual Datacenter with PowerShell DSC”.

No cost to attend the meetings! Please join and have an amazing time!

Please look for us also in the calendar of the very popular site: Events on

See you there!

Creating custom RBAC roles in Azure Resource Manager

These days I was doing some Azure work for a customer and I was asked if it was possible to create multiple custom RBAC roles for their Azure subscription because the existing ones don’t suit their needs. So I rubbed my hands together and said to client that’s a definite yes and to let me know the requirements so I can start working on the new roles 🙂

VSTS Hosted Agents – Outdated Azure PS cmdlets

I’m writing this short post because of a small issue that can occur when you’re using hosted agents in your Visual Studio Team Services instance. The problem is that the Azure PS version on the agents is quite old; v.1.3.2 OLD. Which means that if you’re like me and update all your modules on a daily basis you will surely have Azure PS version 2.0.x which has a lot of breaking changes between versions.

One of those breaking changes is the way you can create a Storage Account.

The V2 command version looks like this:

Looks pretty normal right? Here’s the V1 version of the cmdlet:

See the difference? No? In version 1 if you wanted to provision a spindle based or SSD based storage account, you had to type in the parameter -Type, parameter that was later changed in V2 with -SkuName.

So why I’m writing this blog post? Because if you use develop scripts on your local workstation and you have the latest version of the Azure PS cmdlets and then use that script in an Azure PowerShell task in VSTS, you will get a very very nice error saying that the SkuName parameter was not filled. Now go look at the cmdlet and figure it out. In my ignorance I forgot that the Visual Studio Team Service team that manages the hosted agent images didn’t update the PowerShell version / Azure PS version on the machines and that wasted 30 minutes of my time.

Please be aware that if you’re writing PowerShell scripts that are to be later used in VSTS tasks, TEST your scripts in a PowerShell 4 constrained instance. The agents are not using the latest and greatest version of WMF5 nor the latest and greatest Azure PowerShell cmdlets.

Sometimes working with the latest and greatest isn’t always a good thing 🙂

Tokenizing your configuration files

I’ve been constantly working on a project where had to deploy a full blown application in Azure for Dev/Test using VSTS, PowerShell, DSC, ARM templates and the kitchen sink. The main idea was to deploy the application on the Azure VMs and treat them as cattle (as Jeffrey Snover would put it).

The whole point of this was to create a release workflow that would not require any human intervention to make the application work after it was deployed.

Pin It on Pinterest