Next step to York

By Rob Litjens

When connecting to my Azure tenant, I found out that I have no uhh… active subscription created. But in another tenant I have one. So with AZ login I switched to another tenant. If you want to know how to validate some subscription stuff and related items, you can go to the CodingWithAZ.blog page:

https://codingwithtaz.blog/2021/08/20/create-management-groups-and-subscriptions-with-bicep/

That page was helpful for me. I needed to have my details like billing account etc. After the AZ Login I got the next output, which I need:

C:\Users\RobLitjens\OneDrive\Training> connect-AzAccount    
  "isDefault": true,
  "managedByTenants": [],
  "name": "Pay-As-You-Go",
  "state": "Enabled",
  "tenantId": "Not for your eyes",
  "user": {
    "name": "maroli-ict@something.com",
    "type": "user"    
  }  
}]

After this I need to make sure my billing account is setup correctly. For that, you can use Get-AzBillingAccount. This will return your information. The Name and DisplayName properties are of interest.

Mine did not return anything. Thats not ok but has probably its cause in the subscription being empty. Lets see if I have an active role

Get-AZRoleAssignment tells me that there is no role assigned:

PS C:\Users\RobLitjens\OneDrive\Training> **Get-AzRoleAssignment**
Get-AzRoleAssignment : Waarde kan niet null zijn.
Parameternaam: input
At line:1 char:1
+ Get-AzRoleAssignment
+ ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Get-AzRoleAssignment], ArgumentNullException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.GetAzureRoleAssignmentCommand

Ok. Lets check something else… Get-AzBillingAccount -ExpandInvoiceSection -=> This gives me the Name (Which is of a GUID type) and the DisplayName. The latter shows me my company name.

This reminds me on something. Because I have a MAPS account for my home automation and the work I do for some other guys, I should have a Subscription. Let me guess… get-AzSubscription and Enter…. Yes.. there it is…

Sounds Reasonable. Ok. I have validated enough settings on my Azure subscription. I think it is time to start doing some Bicep.

Because we have VSCode installed, including Bicep support, we also have linter capabilities and more nice features. What does the code for the Resource Group look like?

targetScope = ‘subscription’ param rggroupName string = ‘Defender-RG-York’ param location string = ‘WestEurope’

resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-01-01' = {
  name: rggroupName
  location: location
}

This is really basic. First of all, A Resourcegroup must be created connected to the Subscription. Therfore the first line is straight forward. Second and third line are just variable declarations. If you then create the resource Resourcegroup, you only need to pass the rggroupname to the name and the location to the location settings.

When you run this from VSCode, you can left click on the filename in the Explorer: VSCode run Bicep When you do this, you will be asked several things:

  1. A name for the deployment: VSCode Deployment name
  2. the location where you want to deploy: VSCode user ParameterFile
  3. If you have a parameter file you can select one, otherwise this list will only show none VSCode UseParameterFile
  4. The first parameter: VSCode Param ResourceGroupName
  5. And the second parameter: VSCode Param File Location

When these are answered only one question will be asked: Do yo want to save/Overwrite the parameter file..

After this, you will see the Resourcegroup Defender-RG-York in your subscription.

The next thing will be to setup all the requirements for the Log Analytics Workspace. This one will be posted shortly also…