Why Cloud Management Gateway Is So Important Now

Posted on April 16, 2021 by Thomas.Marcussen

With the prevailing global situation requiring more and more people to work from home, businesses need to ensure that productivity does not suffer. And to do that, you need to effectively manage remote devices. Hence the need for technology such as the Cloud Management Gateway (CMG).

By utilizing the CMG, your business has an alternative to IBCM that most would consider a significant upgrade. This creates a favorable environment that allows your organization to eliminate the obstacles of having a remote workforce. Needless to say but the CMG can play a massive role in your organization and its importance is certainly worth discussing.

Requirements

Before you can use the Cloud Management Gateway you need to meet the following requirements:

An Azure subscription to host the CMG,
You need a Full administrator or Infrastructure administrator user account in Configuration Manager,
During the initial creation of certain components, the participation of an Azure admin is needed,
You need at least one on-premises Windows server to host the CMG connection point,
A server authentication certificate for the CMG,
There needs to be an integration of the site with Azure AD to deploy the service with Azure Resource Manager,
Depending on your client OS version and authentication model, other certificates may be required,
Clients are required to use IPv4.

When is it useful?

There are several scenarios where the CMG could come in handy and they include the following:

For management of traditional Windows 10 clients using modern identity which can either be hybrid or pure cloud domain-joined with Azure AD.
For management of traditional Windows clients with Active Directory domain-joined identity. The clients included are Windows 8.1 and Windows 10.
For installation of the Configuration Manager client on Windows 10 devices over the internet.
For new device provisioning with co-management.

Benefits to your business

CMG enables your Enterprise admins to perform several actions. Among the things they can do, they can manage the following over the internet:

Push software updates and enable endpoint protection,
Inventory and client status,
Compliance settings,
Software distribution,
Windows 10 in-place upgrades,
Manage branch office devices over less expensive internet instead of across expensive WAN or VPN connections.

Eliminates complications

Although Internet-based client management (IBCM) has been around for years, a lot of users tend to find it complicated. CMG aims to be a simpler solution. It is an Azure-hosted service that manages internet-based clients through a new role called the cloud management gateway connector point.

By adding the CMG to your environment, you’ll get an intermediary cloud solution. And this can be your bridge to a full cloud management solution of your Windows 10 devices through Microsoft Intune.

Also, your organization doesn’t need to expose on-premises infrastructure to the internet and neither will you require additional infrastructure. So by using the CMG, you get rid of a lot of what users don’t like about IBCM.

Manage internet clients

Cloud Management Gateway helps you to easily and effectively manage clients that are on the internet. Often, there are going to be events in your environment that will require a swift response.

However, previously this was problematic for clients that would not be currently on-premises. By leveraging the CMG, you can manage clients all over the world as long as they have an internet connection.

Furthermore, it doesn’t require you to buy any additional IT infrastructure. So unlike IBCM that would need additional hardware that you need to maintain, for the CMG you just need to have Azure.

Strengthen your security

The moment you have systems that are not directly connected to your IT infrastructure, your data security is at an increased risk. This is particularly evident with remote work.

Although a lot of businesses have responded by using VPNs, you cannot adequately protect workstations through VPN channels. Hence the importance of the Cloud Management Gateway.

With it, you can better manage devices connected to the Internet and thus improve your corporate security posture. This is further enhanced by the fact that you can leverage Microsoft Azure services so that there is no need to expose your infrastructure to the internet.

Cost management

Whenever you use cloud services, you will incur costs associated with your usage. And the Cloud Management Gateway is no exception. Fortunately for clients, Microsoft intends to help you to keep those costs under control. You can do this through client settings, for instance, where you can determine which clients can access the CMG.

Another feature you can leverage is virtual machine configuration. The latter enables you to choose between 1 and 16 virtual machines per instance of Cloud Management Gateway. Also, if you want to, you can stop the CMG so that it’s no longer serving clients.

Therefore, to optimize user experience for all clients, the CMG helps to reduce the unavoidable costs that come with cloud services.

Constantly evolving

Another reason why the CMG is so important is how the technology is constantly evolving. There has been a lot of innovation taking place such as the ability to automatically do a client install through the CMG.

This is a great option to have because it eliminates the need for the client to be on the intranet. In addition, the platform is adaptable to your organization’s needs. So it can handle several scenarios such as:

Traditional PC management (Windows 7, 8.1, 10),
Modern PC management (Windows 10 with modern identity),
Internet client installs.

Wrap up

Every organization should be looking for ways to make the most of its IT investments. Thus from the information available, we can see that every environment that uses ConfigMgr can benefit from using the Cloud Management Gateway. And you can leverage the CMG for clients all across the globe. The convenience that this provides you cannot be overstated. As the world changes and technology evolves, we need platforms that can help organizations to become more efficient and enhance productivity.

Microsoft Intune – New Updates in PowerShell Scripts

Posted on January 14, 2021 by Thomas.Marcussen

Microsoft Intune is one of those brilliant products that has helped to optimize IT infrastructure for many businesses. It’s a platform that can transform your business into a modern workplace. And its capabilities are almost without limit. If you want to upload PowerShell scripts in Intune, there is the Microsoft Intune management extension (IME) that you can use for that. This management extension can enhance Mobile Device Management (MDM) resulting in a simpler move to modern management. With all this done, you can then run these scripts on Windows 10 devices. PowerShell scripts are important in a lot of different use cases and this blog is going to take a look at what this technology can do.

What is PowerShell?

PowerShell is a scripting and automation platform belonging to Microsoft. It’s an amazing product that is both a scripting language as well as an interactive command environment that is built on the .NET framework. Released back in 2006, PowerShell was basically a replacement for Command Prompt as the default method for automation of batch processes and creation of customized system management tools. PowerShell can easily automate laborious admin tasks by combining commands known as cmdlets and creating scripts. Available in all Windows OS starting with Windows 2008R2, PowerShell plays a huge role in helping IT professionals configure systems.

Adopting modern management

Modern workplaces now have plenty of user and business-owned platforms allowing users to work from anywhere. With MDM services like Microsoft Intune, you can manage devices that are running Windows 10. The Windows 10 management client will communicate with Intune to run enterprise management tasks. Windows 10 MDM features will be supplemented by IME. With this in place, you can create PowerShell scripts to run on Windows 10 devices e.g, creating a PowerShell script that does advanced device configurations. Having done this, you can upload the script to Intune and assign the script to an Azure AD group. Then run the script. Moreover, you can monitor the run status of the script from start to finish.

Latest updates from Microsoft

In November 2020, Microsoft announced the general availability of PowerShell 7.1 which is built on the foundation of PowerShell 7.0. The goal was to bring about improvements and fixes to the existing technology. Some of these features, updates, and breaking changes include:

PSReadLine 2.1.0, including Predictive IntelliSense
PowerShell 7.1 has been published to the Microsoft Store
Installer packages have been updated for new operating system versions with support for ARM64
4 new experimental features and 2 experimental features promoted to mainstream
A number of breaking changes that improve usability

Using scripts in Intune

Before IME can automatically install, when a PowerShell script or a Win32 app is assigned to the device or user, a few prerequisites should be met:

Windows 10 version 1607 or later, Windows 10 version 1709 or later for devices enrolled using bulk auto-enrollment.
Devices joined to Azure AD including Hybrid Azure AD-joined which consists of devices that are joined to Azure AD, and are also joined to on-premises Active Directory (AD).
Devices enrolled in Intune namely devices enrolled in a group policy, devices that are manually enrolled in Intune, and co-managed devices that use both Configuration Manager and Intune.

Script policy creation

Start by signing in to the Microsoft Endpoint Manager admin center. From there you’ll select Devices then PowerShell scripts then add. Under Basics, you will then have to provide a name and a description for the PowerShell script. Next, you go to Script settings and you’ll have to enter the required properties. After that, you select Scope tags, however, these are optional. And then select Assignments > Select groups to include and an existing list of Azure AD groups will be shown. Lastly, in Review + add, you’ll see a summary of the settings you configured. Select Add to save the script. When you have done so, the policy is deployed to the groups you chose.

Important considerations

If you have scripts that are set to user context with the end-user having admin rights, by default, the PowerShell script runs under the administrator privilege. Also, end-users don’t need to sign in to the device to execute PowerShell scripts. The IME agent checks with Intune once per hour and after every reboot for any new scripts or changes. In the event of a script failing, the agent attempts to retry the script three times for the next 3 consecutive IME agent check-ins. And as far as shared devices are concerned, the PowerShell script runs for every new user that signs in.

PowerShell scripts limitations

Although with Microsoft Intune you can deploy PowerShell scripts to Windows 10 devices, there are a few limitations worth noting. These include:

You won’t get support for running PowerShell scripts on a scheduled basis.
Although you can see whether the PowerShell script execution succeeded or failed, the output generated is only available on the endpoint that executes it and is not returned to the MEM Admin Portal.
Since executed PowerShell scripts are visible in the Intune Management Extension log file as plain text, credentials can’t be passed securely.
The Intune Management Extension agent responsible for executing PowerShell scripts on the endpoints only checks once an hour for new scripts so there is a delay with execution.

Wrap up about Microsoft Intune

Maximizing the time we have is increasingly a massive concern for most organizations. Technological innovation has made it such that we can have more productive time on our hands. PowerShell is a product that is very useful to IT professionals for overall system management. By being able to automate the administration of Windows OS and other applications, organizations can operate more efficiently. The evolution of this platform since its release fourteen years ago has seen it grow from strength to strength. Undoubtedly, this is a product that can easily boost your productivity.

7 Ways Microsoft 365 Can Help Manage Your Organizational Governance

Posted on January 7, 2021 by Thomas.Marcussen

These days, you will find cloud services offering some pretty amazing features. Platforms like Microsoft 365 (M365) have been developing their functionalities at a very fast pace. With all of those changes, businesses can expect to benefit as well. And they do. The advances in cloud technology have had a significant impact on things like corporate data security and remote work. Moreover, the round the clock support you get from Microsoft experts allows you to swiftly deal with any issues. Even more importantly, M365 helps you manage your organizational governance and that’s something we want to take a closer look at in this conversation.

Governance in Microsoft 365

Under Microsoft 365, the key thing is the protection of essential data assets while minimizing risk. There are a few crucial areas that need consideration. Firstly, there is operational assurance. This is mainly an IT task responsible for the operation and performance of the platform. Next, we talk about information assurance. For this, you need to know the regulatory requirements as well as the goals of the business because it involves the management of information throughout the lifecycle. Lastly, we’ll talk about outcome assurance. This part is concerned with providing the necessary guidance to enable an organization to obtain favorable outcomes.

Preparing your business

Cloud services are constantly evolving and that means businesses need to adequately prepare. These continuous changes can have positive or negative effects depending on your governance policies. It’s important to have policies that best suit your IT team to ensure maximum productivity. Although leveraging the power of the cloud has numerous benefits, your IT team still needs to maintain a framework that guarantees data security. All of this requires the company to set up informed governance policies that are regularly updated as and when necessary.

Service offering

When it comes to IT governance for M365, all the services you get with M365 including Office 365 and Enterprise Mobility + Security are considered. Businesses will need to assess aspects such as user lifecycles and legal data requirements for the governance framework. It’s important to note that employee recruitment or retirement can upset your governance processes because user and data lifecycle concepts are designed and applied in an expanded form. Given that there will be other employees that need greater access and security, you need to establish protocols for these groups. This will help to maintain corporate data security while granting secure access to those that need it.

Great communication platforms with Microsoft 365

Most people will agree that good communication is an absolute necessity for any business to operate properly. Again, this is something Microsoft 365 fully understands. You can have the best business strategies but without good communication channels, your business will struggle. To facilitate great communication, M365 clients can get in touch via Skype, voice calls, and video calls. Yammer and other business platforms are also available when it comes to organizing projects. As well as giving users fantastic options for communication, these platforms are highly secure. So management can rest easy knowing that they can easily relay information and organize projects without worrying about security.

Improve service delivery with Microsoft 365

Online platforms have changed the way that clients can interact with businesses. In addition, these platforms also enable businesses to market themselves better to potential clients. With the amount of information available online, decision-making is a lot easier. For instance, through the use of Outlook’s CRM capabilities, you can track your clients and establish business relationships. You also have Microsoft 365 Business that you can use to create mailing lists and manage your marketing emails. Clients get increased convenience because of Bookings which allows them to make appointments anytime, anywhere. Because of the popularity of social media and its significant reach, Microsoft 365 Business also helps you to manage these platforms. It does this by updating the information on your social media platforms and making communication with clients easier.

Microsoft information governance

Information governance has a massive role to play in how effectively an organization operates. With information being a very valuable asset, you cannot afford to compromise your data management. You need to start by understanding the type of information that is governed, something that is done with retention labels which drive the automated lifecycle management of all data. After this, you can configure the labels in a few different ways. You can publish the labels, use MIG/ADG to auto-apply labels, or apply pre-applied labels in bulk. Information governance gives you a system for comprehensive data management on a secure platform.

Effective device management

In these times when plenty of people are working from home, managing employees’ devices is essential to overall organizational governance. Not only is this important to maintain productivity levels, but it’s also necessary for data security. By joining Azure AD and enrolling in Microsoft Endpoint Manager (MEM), users will encrypt their devices and obtain certificates enabling them to access VPNs, Wi-Fi, etc. Furthermore, this will keep employees’ devices up to date, secure, and compliant with all your policies. MEM is a great tool for any business looking to organize their workforce when working remotely without compromising data security.

Simplifying management

Good management is often what makes the difference between successful businesses and struggling ones. Likewise, good technology can have a similar effect on your business. Which is why it’s not a bad idea to check out Microsoft 365. It’s a package deal that has some of Microsoft’s best products, not least of which is the hugely popular Office 365. The tools you get in this package will not only help but improve your organizational governance. Easier communication, advanced security, and 24/7 support help to make your business run efficiently. So if you want to simplify management for your organization, M365 is a great place to start.

What You Can Learn From Microsoft Endpoint Manager Analytics

Posted on January 5, 2021 by Thomas.Marcussen

The importance of data analysis has been steadily growing in the last couple of decades. And as technology has continued to evolve, the tools that we have available to us have significantly improved. These tools help businesses get a clearer view of their operations. One of the more recent offerings is Microsoft Endpoint Manager Analytics (MEMA). With this product, Microsoft is aiming to help organizations measure and improve their productivity. These days, businesses are placing significant emphasis on the degree of productivity of their employees. Therefore it’s important to have a way to actually see this and that’s what we’ll be going over below.

What is Microsoft Endpoint Manager Analytics?

Endpoint Analytics is essentially a new feature that Microsoft has added to Microsoft Productivity Score. What it does is to provide you with information on how the organization is operating as well as the experiences that your users are receiving. Moreover, it can pinpoint policies or hardware issues that are slowing down devices and then make any necessary changes without causing needless disruptions. Therefore, Endpoint Analytics can provide insights that are normally unavailable to IT because of a lack of visibility into the end-user experience. And it can offer this service at a better cost as compared to the costly support channel that you would otherwise use.

Getting started with Microsoft Endpoint Manager

Once you’ve met all the requirements, the actual process of enrolling a device is pretty straightforward. For Intune-managed devices, you need to go to the Onboard in the Endpoint Analytics portal. When you’re enrolling devices that are managed by Configuration Manager, there are a few steps to follow. Firstly, you have to go and enable Endpoint Analytics data collection in Configuration Manager. Next, you’ll need to enable data upload from Configuration Manager. And the last step involves onboarding in the Endpoint Analytics portal. You will see the connector status light up in Microsoft Endpoint Manager once you have successfully enabled.

Startup performance

This is an area that can be of great concern when it comes to causing delays to your employees. By measuring time to productivity, you can easily see where users are losing time. Endpoint Analytics will help your organization by identifying lengthy boot and sign-in times and then resolving them. In addition, you’ll get a couple of recommended actions that you can take to improve startup times. Having this data at hand enables you to evaluate your startup performance. You can then use this data and compare it to other organizations thus getting a better view of how you’re doing as a business.

Software optimization with Microsoft Endpoint Manager

A lot of the time, increasing productivity only requires you to optimize your current software. MEMA plays a key role by providing you with information for improving user experience by optimizing your operating system as well as the versions of Microsoft software that you are already using. You’ll get to benefit from insights for various deployment and management services. Among these are Windows Autopilot, Microsoft Intune, Configuration Manager, Windows 10, and Azure Active Directory. Although you may already be using these platforms, analytics gives you data that helps you to get the most out of them.

Swift problem resolution

In the past, one of the major causes of delays has been users having to wait for IT to resolve problems. However, Endpoint Analytics provides proactive remediation scripting. Simply put, this great feature will resolve common support issues on any of your endpoints. Not only that, but it will fix these problems before users even know there’s an issue. There are built-in scripts that you can use for common issues. But, there is also the possibility of authoring your own scripts based on what issues your users frequently encounter.

Licensing requirements for Microsoft Endpoint Manager

A valid Microsoft Endpoint Manager license is necessary to enroll devices in Endpoint Analytics. In addition, for proactive remediations, one of the following licenses for managed devices will be required:

Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5)
Windows Virtual Desktop Access E3 or E5

Requirements for Intune devices

Devices under co-management or enrolled in Intune running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Enterprise, or Windows 10 Education. Windows 10 Home isn’t supported. Only devices with Windows 10 Enterprise, Education, or Pro version 1903 or later will get startup performance insights. It’s also important to note that workplace joined or Azure AD registered devices won’t be supported. Lastly, you need to ensure that the Connected User Experiences and Telemetry service are running.

Configuration Manager requirements

For devices that are under the management of Configuration Manager, you’re going to need a minimum of Configuration Manager version 2002 with KB4560496 – Update rollup for Microsoft Endpoint Configuration Manager version 2002 or later. Also, the Configuration Manager clients need to be upgraded to version 2002 or later. And then you should ensure that the Microsoft Endpoint Manager tenant is attached. Another thing to remember is that enrolled devices that meet the Intune requirements will send required functional data directly to Microsoft public cloud.

Enhance your productivity

Common issues that trouble most organizations should not have to persist indefinitely. Time is a priceless commodity and your business needs to strive to fully enhance productivity. Hence the importance of software such as Microsoft Endpoint Manager Analytics. Its ability to furnish you with a comprehensive overview of how your organization is operating has the potential to make it key to your business strategies. Evaluating the problem areas affecting your users and resolving them without disruption will immediately improve workflow. Although Endpoint Analytics is still very much a new product, it’s certainly one that looks like most businesses could need.

Benefits of Using an Azure Hybrid Model

Posted on December 3, 2020 by Thomas.Marcussen

Businesses nowadays are inundated with offers of all different kinds of services. There are so many companies to choose from that it can at times be overwhelming. However, Microsoft Azure is a service that has proven itself beyond any doubt. Its reliability, high-level security, and efficiency make it a favorite for many enterprises. Also, its ability to support the hybrid cloud model makes it an even more attractive option. It combines this with other Microsoft server and system center tools thereby giving you enterprise-level offerings. So it is with that in mind that we need to explore the benefits that using an Azure Hybrid Model will provide you.

Promotes remote work

One of the challenges of remote work is data access. Businesses need their employees to have access to data wherever they may be. With the modern workspace continuing to evolve, companies can have people working for them from all across the globe. Azure allows you a secure platform to operate efficiently. It enables you to have people in different locations working together easily. By using the hybrid model, you can keep your sensitive data on the on-premises servers while availing other key applications on the cloud. Consequently, this provides a secure platform for your remote workers. Data access is no longer a problem and you retain overall control over sensitive data.

Access a fast and secure network

Microsoft Azure can lay claim to having one of the largest global networks. Its data centers are located across the globe for greater operational efficiency. And so the advantage of using their hybrid model is that you get access to this network. Using Azure ExpressRoute you can get connections of up to 100 Gbps! Furthermore, Azure Virtual WAN enables you to connect to thousands of users and endpoints. All these features combine to give you a fantastic network that optimizes your work environment. But speed and efficiency alone won’t suffice. You also get DDoS Protection and Azure Firewall to ensure that your connections are as secure as possible.

Flexibility

Using the Azure Hybrid Model can offer your business operational flexibility. Having multiple platforms on which to operate gives you the option to employ various strategies as well as cut down on costs. Most businesses will have realized that the demands placed on their IT resources will fluctuate. And so having options available is a great thing when resources are stretched. You get to leverage your on-premises resources for your daily operations. Then when additional resources are called for, the public platform is available. Simply put, you don’t need to view the hybrid cloud model as part of the migration process to pure cloud deployment.

Cost-savings

Even with plenty of features to get you excited, a big determining factor remains cost. However, the great thing about the hybrid cloud model is that it is very much cost-effective. Especially for companies that are looking to scale according to demand as well as come up with long-term strategies. Businesses will see huge savings when demand increases. This is because they are not going to require significant capital expenditure to expand their existing infrastructure. With the Azure Hybrid Model, all you will need to do is pay for the resources you need to use. And if demand goes down, then so too will your costs.

Products and services

Microsoft Azure offers you several products and services to help you build your ideal hybrid solution. If you are looking to extend Azure management to any infrastructure then Azure Arc is what you need. With this service, you can run Azure data services anywhere in your hybrid environment. And then there is Azure Stack. This product will help you to build, deploy, and run consistent hybrid apps. Not only that, but you can run these apps across on-premises, cloud, and the edge.

Then we move on to developer tools and DevOps. For building, testing, and deploying your apps, you get to use the most comprehensive developer toolkit. Also, if you want to improve collaboration and ship faster, you can extend DevOps to any environment or cloud. All of this, however, counts for very little if the security is inadequate. Microsoft Azure leaves nothing to chance in that regard. With unified security management and AI-enabled threat protection across the board, you can be certain that your network is safe. Convenience is also important and for that, there is a seamless, single sign-on experience across cloud, mobile, and on-premises apps.

Reduced risk

Companies can suffer from catastrophic events that are beyond their control. From outages to regional natural disasters, these events can potentially cripple a business. But, with Microsoft Azure, you get to have peace of mind knowing that your data is safe. As previously mentioned above, Azure has one of the largest global networks. Therefore, regional disasters will affect but not completely shut down your operations. This assures you that even in the event of unforeseen disasters, the security of your data will remain secure. In other words, your business continuity strategy could essentially be your Azure subscription.

Poweshell under the security context of another user (RunAs)

Posted on February 16, 2015 by Thomas.Marcussen

Recently i needed to run some powershell scripts under multiple security context’s – the main reason for this was my client’s strict delegation model.

We ended up with multiple service account with rights only to the needed systems (Its not such a bad thing!)

The result was this powershell script to change security context

$SPAccountName = “<username>”;
$AccountPassword = “<password>”;
$AccountPasswordAsSecureString = $AccountPassword | ConvertTo-SecureString -Force -AsPlainText
$credential = New-Object System.Management.Automation.PsCredential(“$env:userdomain\$SPAccountName”,$AccountPasswordAsSecureString)
$SvcAccSession = New-PSSession -Credential $credential;
Invoke-Command -Session $SvcAccSession -Script { Import-Module ActiveDirectory }
Invoke-Command -Session $SvcAccSession -Script { Get-AdGroupMember “Some-group”}

In the above example we just get the member of some application group – but really, you can do whatever you like.

If you need it to query a specific server you can use -Computername <servername> right after New-PSSession.

This method also came in rather handy when running service-side powershell execution invoked by a webservice.. but more on that later

Unable to use Power Shell AD cmdlets on Remote Server

Posted on February 11, 2015 by Thomas.Marcussen

I came across this error when building a web service executing powershell cmdlets

When executing the commands directly on the server worked without problems

but when using New-PSSession to invoke the scripts I ended up with the following error:

WARNING: Error initializing default drive: ‘Unable to contact the server. This
may be because this server does not exist, it is currently down, or it does not
have the Active Directory Web Services running.’.
Unable to contact the server. This may be because this server does not exist,
it is currently down, or it does not have the Active Directory Web Services
running.
+ CategoryInfo : ResourceUnavailable: (:) [Get-ADObject], ADServe
rDownException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirector
y.Management.Commands.GetADObject
+ PSComputerName : localhost

Note that PSComputerName was not defined in my script – default is localhost.

To resolve the problem i did the following:

Added “-Computername <Server1>” to my script file (Server1 is a domain controller, that had Active Directory Web Services running (default on Domain controllers running Windows Server 2012 R2) (Check Link for running on Windows Server 2003 and Windows Server 2008)
Executed “Winrm QuickConfig” on Server1

I was searching for groups with a specific like description with the following command: get-adobject -Filter {description -like “ps1*”}

and the result with the problem solved:

PSComputerName : Server1
RunspaceId : b83f4390-36b7-4cfa-8539-279b12fce09f
DistinguishedName : CN=Application Group
1,OU=Applications,DC=ThomasMarcussen,DC=com
Name : Application Group 1
ObjectClass : group
ObjectGUID : 4c57f3b5-726b-4de7-882b-2c80b3f0fdb8

PSComputerName : Server1
RunspaceId : b83f4390-36b7-4cfa-8539-279b12fce09f
DistinguishedName : CN=Application Group
2,OU=Applications,DC=ThomasMarcussen,DC=com
Name : Application Group 2
ObjectClass : group
ObjectGUID : 70289cdd-0277-457e-bc2d-162703342f74

Change the size of a virtual machine by using a Azure PowerShell script

Posted on October 7, 2014 by Thomas.Marcussen

Finally i got around to moving my demo environment to Azure

I don’t need my environment to perform 100% while not using it, so came a cross this nice way to scale my environment on-demand.

This is possbile with a simple powershell script:

Function HowTo-SetAzureVMSize{
[CmdletBinding()]
param(
[parameter(Mandatory=$true)]
[string]$ServiceName,
[parameter(Mandatory=$false)]
[ValidateNotNullOrEmpty()]
[string]$Name=$ServiceName,
[parameter(Mandatory=$true)]
[string]$VMSize
)
PROCESS{
Get-AzureVM –ServiceName $ServiceName –Name $Name |
Set-AzureVMSize $VMSize |
Update-AzureVM
}
}
HowTo-SetAzureVMSize -ServiceName {your-cloud-service-name} -Name {your-vm} –VMSize “{your-desired-vm-size}”

Example:

Function HowTo-SetAzureVMSize{
[CmdletBinding()]
param(
[parameter(Mandatory=$true)]
[string]$ServiceName,
[parameter(Mandatory=$false)]
[ValidateNotNullOrEmpty()]
[string]$Name=$ServiceName,
[parameter(Mandatory=$true)]
[string]$VMSize
)
PROCESS{
Get-AzureVM –ServiceName $ServiceName –Name $Name |
Set-AzureVMSize $VMSize |
Update-AzureVM
}
}
HowTo-SetAzureVMSize -ServiceName ThomasMarcussen -Name TMSRV001 –VMSize “Standard_D2”

Currently not all hardware configurations are available in all locations – I tested in Western Europe.

Virtual Machine Sizes:

A0 (Shared core, 768 MB Memory)
A1 (1 core, 1.75 GB Memory)
A2 (2 cores, 3.5 GB Memory)
A3 (4 cores, 7 GB Memory)
A4 (8 cores, 14 GB Memory)
A5 (2 cores, 14 GB Memory
A6 (4 cores, 28 GB Memory)
A7 (8 cores, 56 GB Memory)

D1 (1 core, 1.75 GB Memory)
D2 (2 cores, 7 GB Memory)
D3 (4 cores, 14 GB Memory)
D4 (8 cores, 28 GB Memory)
D11 (2 cores, 14 GB Memory)
D12 (4 cores, 28 GB Memory)
D13 (8 cores, 56 GB Memory)
D13 (16 cores, 112 GB Memory)

Allowed values are:

ExtraSmall
Small
Medium
Large
ExtraLarge
A5
A6
A7
A8
A9

Basic_A0
Basic_A1
Basic_A2
Basic_A3
Basic_A4

Standard_D1
Standard_D2
Standard_D3
Standard_D4
Standard_D11
Standard_D12
Standard_D13
Standard_D14