Micha Wets

Micha Wets

Cloud.Architect Blog

Check your Azure CSP Customer list for scheduled maintenance

Micha Wets

2 minutes read

Introduction

With the publicly disclosed vulnerabilities referred to as “speculative execution side-channel attacks”, also known as Meltdown and Spectre, Microsoft has scheduled a quick maintenance window for all VMs running on Azure which are affected by this. As a CSP, you have a large list of customers, each with one or more subscription(s), each subscription with one or more VMs. To quickly check which VMs are scheduled for maintenance, doing this manually would take hours. Therefore, ASPEX is using a PowerShell script to check the maintenance status so we can quickly inform our customers with an exact list of VMs scheduled to be updated with the timeframe of the maintenance.

Powershell script

Prerequisites

To be able to run this script, you need to have 2 PowerShell Modules installed: AzureRM & AzureAD. These can be installed using the following cmdlets:

Install-Module AzureRM
Install-Module AzureAD

If you don’t have the Install-Module cmdlet, you need to update your Powershell version, or install the PowerShellGet Module: Get PowerShellGet Module

The Script

The script will ask you to log in twice. You have to login with your CSP admin account. This is required to be able to read out your CSP customer list, and to read out each Client Tenant and its subscriptions.

The result of the script will look like this: CSP Check Maintenance result

Login-AzureRmAccount
Connect-AZureAD

$allTenants = Get-AzureADContract

foreach ($Tenant in $allTenants)
{
    Write-Host ("Checking Tenant '{0}'" -f $Tenant.DefaultDomainName) -ForegroundColor Green
    $allTenantSubscriptions = Get-AzureRmSubscription -TenantId $Tenant.CustomerContextId

    foreach ($subscription in $allTenantSubscriptions)
    {
        Write-Host ("\`tChecking Subscription '{0}'" -f $subscription.Name) -ForegroundColor Yellow
        Select-AzureRmSubscription -TenantId $Tenant.CustomerContextId -SubscriptionId $subscription.Id | Out-Null

        $allResourceGroups = Get-AzureRmResourceGroup

        foreach ($rg in $allResourceGroups)
        {
            $allVms = Get-AzureRmVM -ResourceGroupName $rg.ResourceGroupName

            foreach ($vm in $allVms)
            {
                $vmDetails = Get-AzureRmVM -ResourceGroupName $rg.ResourceGroupName -Name $vm.Name -Status

                if (($vmDetails.MaintenanceRedeployStatus -ne $null) -and ($vmDetails.MaintenanceRedeployStatus.MaintenanceWindowStartTime -ne $null))
                {
                    Write-Host ("\`t\`tVM= '{0}', Maintenance= '{1}-{2}'" -f $vmDetails.Name, $vmDetails.MaintenanceRedeployStatus.MaintenanceWindowStartTime, $vmDetails.MaintenanceRedeployStatus.MaintenanceWindowEndTime)
                }
            }
        }
    }
}

Recent posts

See more

Categories

About

I started as a junior System Engineer in 2005, but over the years, I acquired more knowledge & skills as a DevOps engineer and have in depth knowledge of private, hybrid and public clouds.
I founded my company to use this experience & knowledge to assist companies with their current & new projects.
In December 2018, I became Microsoft MVP on Windows Virtual Desktop