$tenantId ="<tenant id>"#use the goabl admin account to login Connect-AzureRmAccount -Tenant $tenantId$certificateObject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2$certificateObject.Import("E:\Cert\examplecert.pfx","Password0123!", [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)Write-Host "the thumbrint of cert"$certificateObject.Thumbprint$keyValue = [System.Convert]::ToBase64String($certificateObject.GetRawCertData())$sp =New-AzureRmADServicePrincipal -DisplayName "jimtestsample" -CertValue $keyValue -EndDate $endDate$context=Get-AzureRmContext$token=$context.TokenCache.ReadItems() |Where-Object { ($_.TenantId -eq $tenantId) -and ($_.Resource -eq "https://graph.windows.net/")  }$accesstoken=$token.AccessToken$url = "https://graph.windows.net/$tenantId/servicePrincipals/"+$sp.Id+"/keyCredentials?api-version=1.6"$keyCreds = Invoke-RestMethod -Uri $url  -Method Get -Headers @{"Authorization" = "Bearer $accesstoken"}Write-Host "--------------------------------------------"$keyCreds.value | Select-Object customKeyIdentifier

FROM > https://goodbyegangster.hatenablog.com/entry/2019/10/09/231611 自己署名証明書をPowershellで作成できるようなったらしく、最近ではそいつを使うのが一般的みたいです。その方法の備忘録。WEBサーバで利用できるSSL証明書を作成します。 Powershellバージョン Windows 10 Include Windows Server 2016 Include Windows Server 2019 Include 実行方法 管理者権限でPowershellプロンプトを起動して、以下コマンドを実行しています。

PowerShell can be used as a REST client to access Azure REST API's. To access Azure REST methods, you will need to have access to subscription with Azure AD App Registration. If you haven't done Azure AD App registration. You can follow this article here. Make sure you capture client secret key after app is registered. Once you have tenant id, client id, client secret, and subscription id you can proceed forward with below instructions. To make life easier, I have checked in my PowerShell code to Github. Feel free to download them and modify it to your needs. In this tutorial, I will go over how to get resource groups from Azure REST API. One of the basic CRUD operation, I will perform. Create a file called Get-AzureResourceGroup.ps1. Let's create required variables. Make sure to fill in required variables from your Azure subscription. Variables # Variables $TenantId = "" # Enter Tenant Id. $ClientId = "" # Enter Client Id. $ClientSecret = "" # Enter Client Secret. $Resource = "https://management.core.windows.net/" $SubscriptionId = "" # Enter Subscription Id. Once you have updated above required values. Let's make a first REST call to get access token. We will use below URL to make a REST call to get access token. POST https://login.microsoftonline.com/{tenantId}/oauth2/token Request Access Token Add following code to your PowerShell script after variables. $RequestAccessTokenUri = "https://login.microsoftonline.com/$TenantId/oauth2/token" $body = "grant_type=client_credentials&client_id=$ClientId&client_secret=$ClientSecret&resource=$Resource" $Token = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -Body $body -ContentType 'application/x-www-form-urlencoded' Write-Host "Print Token" -ForegroundColor Green Write-Output $Token After you have retrieved the access token, we will use that to authorize…

1.Open the interactive shell and make sure that it's set to PowerShell. Click on cloud shell icon appears next to global search as depicted in image below: 2.Run the following command to install IIS on the virtual machine: Azure PowerShellCopy *****************************************************  $publicSettings = @{ "fileUris" = (,"https://raw.githubusercontent.com/Azure/azure-docs-powershell-

OSI model = Open Systems Interconnection model Physical Layer The lowest layer of the OSI Model is concerned with electrically or optically transmitting raw unstructured data bits across the network from the physical layer of the sending device to the physical layer of the receiving device. It can include specifications such as voltages, pin layout, cabling, and radio frequencies. At the physical layer, one might find “physical” resources such as network hubs, cabling, repeaters, network adapters or modems. Data Link Layer At the data link layer, directly connected nodes are used to perform node-to-node data transfer where data is packaged into frames. The data link layer also corrects errors that may have occurred at the physical layer. The data link layer encompasses two sub-layers of its own. The first, media access control (MAC), provides flow control and multiplexing for device transmissions over a network. The second, the logical link control (LLC), provides flow and error control over the physical medium as well as identifies line protocols. Network Layer The network layer is responsible for receiving frames from the data link layer, and delivering them to their intended destinations among based on the addresses contained inside the frame. The network layer finds the destination by using logical addresses, such as IP (internet protocol). At this layer, routers are a crucial component used to quite literally route information where it needs to go between networks. Transport Layer The transport layer manages the delivery and error checking of data packets. It regulates the size, sequencing, and ultimately the transfer of data between systems…

1) { } 大括号，表示定义一个对象，大部分情况下要有成对的属性和值，或是函数。 如：var LangShen = {"Name":"Langshen","AGE":"28"}; 上面声明了一个名为“LangShen”的对象，多个属性或函数用,（逗号）隔开，因为是对象的属性， 所以访问时，应该用.（点）来层层访问：LangShen.Name、LangShen.AGE，当然我们也可以用数组的方式来访问，如：LangShen["Name"]、LangShen["AGE"]，结果是一样的。 该写法，在JSON数据结构中经常用，除此之外，我们平时写函数组的时候，也经常用到，如： var LangShen = {       Name = function(){                  return "LangShen";                   },      Age = function(){                 return "28";                 } } 调用方式差不多，因为是函数组，所以要加上()，如：alert( LangShen.Name() ); 2) [ ]中括号，表示一个数组，也可以理解为一个数组对象。 如：var LangShen = [ "Name","LangShen","AGE","28" ]; 每个值或函数，都是独立的，多个值之间只用,（逗号）隔开，因为是数组对象，所以它等于： var LangShen = Array( "Name","LangShen","AGE","28" ); 访问时，也是和数组一样，alert( LangShen[0] ); 3) { } 和[ ] 一起使用，我们前面说到，{ } 是一个对象，[ ] 是一个数组，我们可以组成一个对象数组，如： var LangShen = { "Name":"Langshen",                           "MyWife":[ "LuLu","26" ],                           "MySon":[{"Name":"Son1"},{"Name":"Son2"},{"Name":"Son3"}] } 从上面的结构来看，是一个对象里面的第一项是个属性，第二项是一个数组，第三个是包含有多个对象的数组。调用起来，也是一层一层访问，对象的属性用.（点）叠加，数组用 [下标] 来访问。 如：alert( LangShen.MySon[1].Name ) ;

# PS C:\> . .\CreateAzAutomationRunAsAccount.ps1 -ResourceGroup '<ResourceGroupName>' -Location '<AzureRegion>' -AutomationAccountName '<AutomationAccountName>' -ApplicationDisplayName '<AzureADApplicationName>' -SubscriptionId '<VSSubscriptionID>' -SelfSignedCertPlainPasswd '<SomeStrongPassword>' -SelfSignedCertNoOfMonthsUntilExpired 12 # To run the script you must pass parameters # -ResourceGroup, name of the Resource Group to create # -Location, Azure region to create Resource Group in, to get a list of available regions use Get-AzLocation # -AutomationAccountName, name of Automation Account to create # -ApplicationDisplayName, name of Azure AD application to create # -SubscriptionId, the Subscription ID of your Visual Studio subscription # -SelfSignedCertPlainPasswd, a strong password for the self-signed certificate # -SelfSignedCertNoOfMonthsUntilExpired, the number of months the self-signed certificate is valid, this is optional and if not passed this will default to 12 months. #Requires -RunAsAdministrator Param (     [Parameter(Mandatory = $true)]     [string] $ResourceGroup,     [Parameter(Mandatory = $true)]     [string] $Location,     [Parameter(Mandatory = $true)]     [string] $AutomationAccountName,     [Parameter(Mandatory = $true)]     [string] $ApplicationDisplayName,     [Parameter(Mandatory = $true)]     [string] $SubscriptionId,     [Parameter(Mandatory = $true)]     [string] $SelfSignedCertPlainPasswd,     [Parameter(Mandatory = $false)]     [int] $SelfSignedCertNoOfMonthsUntilExpired = 12 ) # Helper functions function CreateAutomationCertificateAsset {     [CmdletBinding()]     param (         [Parameter()]         [string] $ResourceGroup,         [Parameter()]         [string] $AutomationAccountName,         [Parameter()]         [string] $CertifcateAssetName,         [Parameter()]         [string] $CertPath,         [Parameter()]         [string] $CertPlainPasswd,         [Parameter()]         [bool] $Exportable     )     [securestring] $CertPassword = ConvertTo-SecureString $CertPlainPasswd -AsPlainText -Force     Remove-AzAutomationCertificate -ResourceGroupName $ResourceGroup `         -AutomationAccountName $AutomationAccountName `         -Name $CertifcateAssetName `         -ErrorAction SilentlyContinue     New-AzAutomationCertificate -ResourceGroupName $ResourceGroup `         -AutomationAccountName $AutomationAccountName `         -Path $CertPath `         -Name $CertifcateAssetName `         -Password $CertPassword `        …

For the difference between Keys, Secrets, and Certificates, please refer to Azure Key Vault documentation, under Object Types: https://docs.microsoft.com/en-us/azure/key-vault/general/about-keys-secrets-certificates#object-types Think of Secrets as passwords and connection strings. Keys are cryptographic keys that can be generated using various algorithms. And Certificates are keys (or key pairs) with optional policies such as auto rotation. There is an advantage in authenticating using a certificate instead of a secret. The advantage is a certificate has a private and a public key part. The recipient of your API call can authenticate who you are using only the public portion of your certificate, while you safely safeguard the private part in your key vault. Secrets are shared between calling and called parties and are transmitted over the wire, and therefore there are more opportunities for them to leak.

Introduction   Azure Automation provides a cloud-based automation and configuration service that provides consistent management across your Azure and non-Azure environments. Azure Automation helps to automate frequent, time-consuming, and error-prone cloud management tasks. It consists of process automation, update management, and configuration features.    Azure Automation helps you to save time, reduce cost & errors and increase efficiency. Refer to this link to learn more about pricing details.   Refer to my previous article to learn how to perform the following activities: Create an Automation Account Create Credential Asset – To store the credentials which will be used by PowerShell for authentication. Import PowerShell Module – Import Microsoft Teams PowerShell Cmdlets module in order to access Teams Cmdlets. Create PowerShell runbook – Script to create a new team Test and publish the runbook In this article, you will see how to provision a team using PowerShell runbook which will be called by webhook from Power Automate when users submit the request in the SharePoint list.   A webhook allows an external service to start a particular runbook in Azure Automation through a single HTTP request. Refer to this link to learn more about the automation webhook.   Design Flow  

from: https://www.sqlchick.com/entries/2016/9/18/overview-of-azure-automation Azure Automation is a cloud service in Microsoft Azure which let you schedule execution of PowerShell cmdlets and PowerShell workflows. Azure Automation uses the concept of runbooks to execute a set of repeatable, repetitive tasks via PowerShell. Consistency in execution, reduction of errors, and of course saving time, are all key objectives - which makes DBAs and system admins happy, eh? Examples of How You Could Use Azure Automation Shut down a virtual machine in a development environment on a schedule to avoid charges when it's not being used Pause Azure SQL Data Warehouse on a schedule to avoid compute charges during the time it's not serving queries or processing data loads Check size of an Azure resource to determine if it's close to reaching its threshold for scaling up Scale Azure resources up or down on a predefined schedule Deployment of resources from Dev to Test en