Azure Automation
Learn On Demand
Learn On Demand Pro Series

Time
6 hours 40 minutes
Difficulty
Beginner

This Azure Automation IT Pro Challenge helps learners understand how to use the Azure Portal to access the Azure Cloud Shell, Azure Key Vault, Azure Automation, and Log Analytics. Learners will also understand both PowerShell and Bash commands.

Start your free 7-day trial and become one of the 3 million Cybersecurity and IT professionals advancing their career goals

Sign up with
Or

Already have an account? Sign In »

Overview

In this Azure Automation IT Pro Challenge, learners will understand how to use the Azure Portal and Azure Cloud Shell to create and deploy a virtual machine, automate disk encryption using Azure Key Vault, configure a Log Analytics workspace and add solutions to that workspace, and then enable update management for the virtual machine. By taking this lab, learners will also become familiar with PowerShell and Bash commands. The skills acquired in this lab are useful for network and system administrators.

Overview

For this virtual lab, you have to deploy and manage Azure virtual machines. To begin, you will use Bash in the Azure Cloud Shell to deploy a virtual machine, and then you will use PowerShell to configure a virtual machine. You will need to use the Azure Cloud Shell to create and save a script and use PowerShell again to automate disk encryption that uses the Azure Key Vault. The last task is to configure Log Analytics and use it to enable update management for the Azure virtual machine.

Azure Cloud Shell provides a way to manage Azure resources through a browser, and it allows you to choose which shell (Bash or PowerShell) works for your configuration (Linux vs. Windows). Bash is the command shell/scripting language for Linux, and PowerShell is the Windows equivalent of Bash.

You can use the Azure Key Vault to store and encrypt keys, passwords, and certificates. Azure Log Analytics is a service used for collecting and analyzing data that is generated by the resources in your environment.

Configure Azure Cloud Shell

To begin the lab, you will log in to the Azure portal, launch Cloud Shell, and then PowerShell to create a new file share. In preparation for the next task, you will switch from PowerShell to Bash.

Deploy a virtual machine by using Bash

Using Bash, you will create a virtual machine via the az create command. As part of creating the virtual machine, you will also define the Resource Group, image name, and admin user/password. You will learn how to use the powerState value to confirm that the virtual machine you created is running.

Possible powerState values are: VM starting, VM running, VM stopping/stopped, and VM deallocating/deallocated.

Configure network security group rules by using PowerShell

To begin, you will switch back to Bash from PowerShell and execute a series of commands to get the Network Security Group (NSG) and current port configuration. From the port configuration, you can see the DestinationPortRange, which is configured to allow all traffic from any IP address. As part of the configuration process, you need to change it to deny all inbound network traffic and verify that the network security rules were applied correctly.

Create a script by using the Azure Cloud Shell script editor

In this step, you will use the Azure Cloud Shell script editor to create, save as a .ps1 file, and execute the script. To accomplish this, you will use the PowerShell script editor in Azure Cloud Shell.

Automate disk encryption for an Azure virtual machine by using Azure Key Vault

Now you will use the Azure portal to add/create and deploy a new key vault.

Configure disk encryption by using Azure Cloud Shell

Now you’re going to use Azure Cloud Shell to create a key for a key vault. You will run a PowerShell command to enable the key vault for disk encryption in the advanced access policy settings (AzureRMKeyVaultAccessPolicy).

Then you will run a command to set the configuration variables (key name, resource id, resource group, etc.) for the virtual machine disk encryption extension. To finish, you need to configure the disk encryption for the virtual machine. This last operation can take a few minutes. You will learn how to monitor the progress using Azure portal Disk Settings and the Azure Cloud Shell.

Configure update management requirements

In this step, you are going to configure the components needed to update management requirements. You will first need to use the Azure portal to create a Log Analytics workspace. Then you will create an Azure Automation account and add solutions to the Log Analytics workspace.

Create an Azure Automation account

Azure Automation is a configuration service that lets you manage all of your Azure and non-Azure environments. Azure Automation includes (but is not limited to): process automation, configuration management, and update management.

You can access the Add Automation Account functionality through the Azure Portal.

Add solutions to the Log Analytics workspace

In the Azure portal, select the workspace that you created in a previous task. In the Workspace summary, you will add/create new solutions for the workspace. From the workspace, you will use Workspace Data Sources to connect to the virtual machine you created at the beginning of the lab.

Configure update management for an Azure virtual machine

To configure update management, you will select Virtual Machines from the Azure Portal menu and select the virtual machine that you created at the beginning of the lab. You can access update management from the Services menu on the virtual machine command bar. For this lab, you will be creating custom workspace settings and enabling several update management features for the virtual machine.

Summary Conclusion

By taking this virtual lab, you will learn how to do the following:

  • Enable and configure Azure Cloud Shell and create/edit a script
  • Use Bash to deploy an Azure virtual machine.
  • Use PowerShell to configure an Azure virtual machine and automate Azure Key Vault disk encryption.
  • Configure Log Analytics for a virtual machine and use it to enable update management for a virtual machine.