PowerShell – Get Practical

Azure Health Check – A Free Script to Audit and Visualise Cloud Hygiene

Are you running Azure subscriptions and want a quick, human-friendly overview of your governance, compute, storage, network and Key Vault hygiene?
The Azure Health Check PowerShell script gives you exactly that — scanning multiple subscriptions, flagging weak spots, and producing a clean interactive HTML report (with charts!).

Why this matters

Large and growing Azure estates can easily drift into insecure or unsupported configurations: unprotected VMs, public storage blobs, missing resource locks, orphaned disks, exposed network ports — all of which can lead to security, availability or compliance issues.

Yet manually auditing each subscription is time-consuming. That’s where automation helps. With this script, you get a multi-subscription health summary, scored, visualised and exportable — ideal for periodic reviews, customer readiness checks, or even compliance audits.

Continue reading “Azure Health Check – A Free Script to Audit and Visualise Cloud Hygiene”

Automating a Monthly Azure Update Compliance Report with Logic Apps + Azure Resource Graph

Most patching dashboards are great for interactive views—but what if your stakeholders want a scheduled email that shows the current patch compliance for only a scoped set of servers (for example, those tagged for patch governance)? That’s where a small, reliable custom report shines.

In this post I’ll walk through the exact solution I built: a Logic App that queries Azure Update Manager data via Azure Resource Graph (ARG), filters to VMs tagged Monthly_Patch : yes, formats the results into a clean HTML email, and sends it on a monthly cadence.

Why a custom report?

No native email report: Azure Update Manager provides blades and workbooks, but not a ready-to-send, nicely formatted email.
Audience-specific scoping: We only want to report on VMs with a specific business tag (Monthly_Patch : yes).
Consistent sorting & formatting: Stakeholders wanted alphabetical order, readable timestamps, color-coded rows, and centered table content.
Lightweight & fast: With ARG we can query Update Manager resources directly—no Log Analytics workspace required for this report.

Continue reading “Automating a Monthly Azure Update Compliance Report with Logic Apps + Azure Resource Graph”

Azure Resource Locks – The One Feature You’re Probably Not Using (But Should Be)

Accidental deletion or modification of critical resources in Azure is more common than most teams would like to admit. And unlike on-prem environments, where layers of approvals or access barriers might slow someone down, Azure’s agility can sometimes be its own worst enemy — especially when production workloads are one click away from disappearing.

Enter: Azure Resource Locks — your environment’s seatbelt.

What Are Azure Resource Locks?

Azure Resource Locks are a built-in feature that allow you to restrict operations on resources, resource groups, or subscriptions. These locks act as a last line of defense — even if someone has Contributor or Owner permissions, a lock will block unwanted actions like deletion or configuration changes.

Continue reading “Azure Resource Locks – The One Feature You’re Probably Not Using (But Should Be)”

Extracting the Last Sign-In Date in Azure (Entra ID) with Microsoft Graph PowerShell

As a Cloud Engineer, I’m always looking for ways to automate processes and streamline the management of our Azure environment. Recently, a customer approached me with a challenge: they needed to extract the last sign-in date for every user in their tenant. Although the Entra ID portal provides this information, the customer required it in a CSV format so that their security team could review the data, collaborate with user managers, and determine if certain accounts were still needed.

The Challenge

The customer needed a consolidated CSV report that contained each user’s:

Display Name
User Principal Name
Email Address
Last Sign-In Date
Manager Information (which includes the manager’s display name and email)

Although the Entra ID portal displays sign-in data, it has its limitations:

Data Extraction vs. Portal View

While the Entra ID portal provides sign-in data, having it in CSV format enables deeper analysis and easier sharing among teams. This approach consolidates all the required information into one single report. Currently, the portal doesn’t allow you to add a manager column in the view, meaning that extracting manager details would otherwise be an extremely manual process.

Continue reading “Extracting the Last Sign-In Date in Azure (Entra ID) with Microsoft Graph PowerShell”

Deploying Rapid7 Agent Using Azure Automation for Azure Servers Managed via Azure Arc

Deploying the Rapid7 agent across diverse environments, such as Azure and AWS servers managed through Azure Arc (Windows and Linux), can be streamlined using Azure Automation. This blog post will guide you through the step-by-step process to automate this deployment.

Step 1: Set Up an Azure Automation Account

Navigate to the Azure Portal:

Open the Azure portal and search for "Automation Accounts" in the search bar.

Create or Use an Existing Automation Account:

Click on "Add" to create a new Automation Account.
Fill in the necessary details like Name, Resource Group, and Location.
Click on "Create".

Step 2: Configure Hybrid Runbook Worker

To run scripts on servers outside Azure, you need a Hybrid Runbook Worker.

Add a Hybrid Worker Group:

In the Automation Account, go to "Hybrid Worker Groups" under the "Process Automation" section.
Click "Add a hybrid worker group" and follow the instructions.

Install the Hybrid Runbook Worker on Your Servers:

Download and install the Hybrid Runbook Worker on your Azure and AWS servers as per the instructions provided.
Register these servers to the newly created Hybrid Worker Group.

Continue reading “Deploying Rapid7 Agent Using Azure Automation for Azure Servers Managed via Azure Arc”