AzureCon Challenge

Automate Resource Shutdown

Overview
In Azure, the fundamental business model of IT Hardware and Software purchasing changes. In Azure, you only pay for what you use, when you use it, and
you can change your mind at any time to use more or less. This means you have the opportunity to save a lot of money if you make sure you only provision
the resources you need and you de-provision them when not being used. The classic example of this is dev/test spin up and shut down your VMs at the
start and end of the day. In this challenge you will build an automation script in Azure to do this.

1. Login to Azure
For this challenge, you have either elected to use your own subscription or have created a new Azure
subscription using the provided Azure Pass (or Free Trial). If you want to switch to use the provided Azure
Pass the promotion code is displayed on the My Account page on the http://challenge.azurecon.com web
site. If there is no promo code displayed, you will need to use the free trial http://azure.microsoft.com/pricing/free-trial.
Azure has TWO management portals - the classic portal (http://manage.windowsazure.com) and a new
portal that is in Preview at http://portal.azure.com. You will use the Preview portal in this challenge.
1.

Open a browser and go to http://portal.azure.com

2.

Enter your Microsoft Account email address and password for the Microsoft Account you
associated with your Azure Pass or your own subscription.

3.

You will now be in your Azure subscription (see opposite) and from here you can create and
manage Azure services.

2. Provision a Quick Virtual Machine

1.

On the management portal, click + NEW -> COMPUTE -> Windows Server
2012 R2 Datacenter.

2.

A new blade will open. Make sure the Deployment Model is set to Classic.
Click the CREATE button at the bottom. The Create VM blade will open.

3.

For the Host Name, you need to create a unique name. It can be anything and
you will get a little
indicating it is unique. As a suggestion, start with your
email alias prefix and then -autovm1. So if your alias is
bsmith@contoso.com, you would use
bsmith-autovm1 there is a limit of 15 characters on the VM name.

4.

For user name, enter <your alias> and then admin so bsmithadmin in our example.

5.

For password, enter a password you can remember write it down!

6.

Click Pricing Tier and in the new blade, Click the A1 Standard VM size and
click SELECT at the bottom of the blade.

7.

Click Resource Group and type automation as the name click OK

8.

Click the CREATE button at the bottom of the Create VM blade.

Your Virtual Machine will start provisioning and you will see a tile in the portal on the
Startboard. .
9.

Repeat the above steps but this time create a new vm called <alias>autovm2. Make sure its in the SAME resource Group Automation.

3. Setup a Co-Admin Account for use in Azure Automation.

Azure Automation requires you to use an account that lives in Azure Active Directory that has permissions to do operations on your Azure subscription. This
means you need to do two things next create a user in Azure AD and then assign that user as a co-admin on your subscription.

Page | 1

You are in the Azure Preview Portal BUT you have to manage Azure AD from the current Azure Portal.
1.
2.
3.

On the Preview Portal at the top right, click your login name on the top right (A) in the
screenshot and then click on Azure Portal (B).
This opens a new browser window now you can just swap between your two Azure Portals.

The first thing you will do is create a user account in your Azure Active Directory for your subscription.
Automation ONLY works with AD accounts, not LiveID/Microsoft Accounts.
1.

In the Azure Portal, select ACTIVE DIRECTORY in the left nav bar and click on the DEFAULT DIRECTORY that you will see listed.

2.

Click the USERS tab and click Add User (bottom of the Portal).

3.

Leave Type the default (New User in Your Organization).

4.

Enter coadmin for the user name and click NEXT

5.

Leave first name and last name blank and enter coadmin as the Display Name.

6.

For ROLE, select Global Administrator. Enter foo@bar.com in the alternate email address (it is not validated).

7.

DO NOT check enable Multi-Factor Authentication

8.

Click NEXT and then click the CREATE button to generate the temporary password.

9.

Dont close this window..! Copy the user name value which will be something coadmin@<your email address>.onmicrosoft.com.

10.

You have to reset the password for this account. To do that OPEN a new In-Private Browser session. Then go to this url:
https://login.microsoftonline.com

11.

Paste in your username from the clipboard.

12.

Switch back to the Azure portal and copy the temporary password. Switch back to the login and paste the password in there and click sign-in.

13.

Paste the current temporary password in again and enter your NEW password remember this! Click Update Password and Sign In.

14.

Close the in-private browser you now have a new user with a new password..!

15.

Switch back to the Temporary Password dialog.

16.

Copy the username again to the clipboard and click OK.

17.

Hover over the left navigation bar and scroll all the way to the bottom and click the settings icon (opposite).

18.

Click the Administrators tab and click the ADD button at the bottom. Paste in your coadmin username from above,
check the Azure Pass subscription. It should look like this below (after Azure successfully validates your account in Azure
AD).

19.

Click OK.

Now you have a user account, which is a co-admin on the subscription. You can now create your automation account and use this new user account as a
credential for your automation script (called a Runbook in Azure Automation).

Page | 2

4. Create Your Automation Account

1.

Switch back to the Preview Portal.

2.

At the top left, click + New -> Management -> Automation

Account

3.

Enter azcon-automation as the name

4.

Select the existing resource group automation.

5.

Make a note of the Subscription Name you are using (under the
Subscription Heading) Azure Pass in the example opposite. You
will need this in the next section.

6.

Pick any Region available

7.

Click Create.

5. Create and Test a Simple Automation Script

You will now create a simple automation script called a Runbook and use the credential you just created so that the script will run in the context of this
subscription login and therefore have access to your subscription.
1.

When your automation account has been created (it will take around 60 seconds) the blade for the service will open.

2.

Click the Assets tile and then click the credentials tile.

3.

Click the Add a Credential button.

4.

For the name enter subscriptioncoadmin.

5.

In the username field, you should be able to just paste (Ctrl-V) the value from the clipboard. If not switch to the other Azure Portal and you will
see the coadmin account there.

6.

Enter the password that you set both times and click Create.

7.

Close the Credentials blade and the Assets blade.

8.

Click the Runbooks tile and click Add a Runbook and click Quick Create

9.

Call the runbook testautomation and for the runbook type, select PowerShell and click Create

10.

You will presented with a blank script editior. Copy/paste in the script below:

$subname = "Azure Pass"

$azuresub = "subscriptioncoadmin"
$AzureCred = Get-AutomationPSCredential -Name $azuresub
Add-AzureAccount -Credential $AzureCred
Get-AzureSubscription
Select-AzureSubscription -SubscriptionName $subname
Write-Output("Getting all the Virtual Machines in subscription: " + $subname)
$vmlist = Get-AzureVM
foreach ($vm in $vmlist)
{
Write-Output("Azure VM: " + $vm.Name)
}
11.

Change the $subname = Azure Pass to the actual name of your subscription you made a note of this in step 4.5 above.

12.

Press the Test Pane button on the blade header and click the START button

13.

You should see the script run and the list of Virtual Machines in this subscription displayed (remember the two (at least) that you created earlier)

14.

Close the Test blade and click PUBLISH button and select YES on the warning. Now your Runbook is published, you can RUN it at any time
manually and you can also SCHEDULE it to be run.

15.

Click the SCHEDULE button and click the Link a Schedule to your Runbook.

Page | 3

16.

Click Create a New Schedule and for the name, enter Daily.

17.

Enter a Start Time such as 17:00:00

18.

Set the Recurrance to Daily and leave the rest of the defaults.

19.

Click CREATE and then OK.

20. Now this script will run daily at the selected time you can also run it
manually at any time by selecting the Runbook and clicking the START
button on the blade header. Do this now click START.
21.

Click the Output tile this is where you see running output from the
job.

6. Improving your script to do something useful

Lets assume in your Azure subscription you have a number of virtual machines you want to keep running but that other virtual machines you can shut down
Your improved script will maintain a list of VMs to keep running, but it will shutdown any running VMs NOT in this list. Lets first create the list of VMs to
keep running. Back in your testautomation runbook, click EDIT.
1.

At the end of your script add in this line:

$vmstokeeprunning = @("XXX")
2.

Replace the XXX with the name of one of your TWO VMs. The @() means an array of values you would simply add additional VMs in here
you wanted to keep, separated by commas.

3.

At the end of the script copy/past in this script:

foreach ($vm in $vmlist)
{
if($vmstokeeprunning -notcontains $vm.Name)
{
Write-Output("...Going to shutdown : " + $vm.Name)
}
else
{
Write-Output("...Going to KEEP RUNNING : " + $vm.Name)
}
}

4.

Press the TEST button and click START.

5.

Now you just need to add in the logic to SHUTDOWN. Under the Write-Output (Going to shutdown. line, add a new line and paste in
this script::

Stop-AzureVM -Name $vm.Name -ServiceName $vm.ServiceName Force

6.

Press the TEST button and click START.

7.

Finally press PUBLISH and say YES to the warning. Now, the daily schedule you setup earlier will run and execute this published script.

8.

Click on Virtual Machines (classic) in the left nav on the Portal and refresh the browser, you will see you only have one of your VMs and one of
them will be stopped not costing you any money.
Note: the storage account for your VMs is not deleted you will need some additional logic to do this and any virtual networks your VMs are in
are also not delete. Thats a nice NEXT project to learn out how to complete this.

--- END OF LAB --Go back to the AzureCon Challenge web site (http://challenge.azurecon.com) and complete the challenge question to get your points.
REMEMBER: You only have one chance at the question, make sure you really know the answer!

Page | 4