Configuring an Azure Function App that uses a system managed identity to execute Az.Compute module cmdlets that will retrieve all Azure VMs with their Status then use a Logic App run the app and email the report

In this post, I would like to demonstrate the following using an Azure Function App and Logic App.

Function App:

Use the Az.Compute module to execute Get-AzVM to get the list of virtual machines and store it in an array

1. Loop through the virtual machines and retrieve the name, resource group, location, vmsize, and os type
2. Retrieve the VM status
3. Store all fields in an array
4. Create an HTML header, body
5. Convert data into HTML format
6. Return a HTML formatted email for delivery
7. The Function App will use a System Assigned Managed Identity for authentication and authorization

Logic App:

1. Set up a recurring Logic App that runs everyday
2. Executes the Function App to retrieve the HTML formatted email report
3. Send an email with the HTML formatted email report

Step #1 – Create a Function App that will retrieve the list of Virtual Machines, generate and return an HTML email report

Begin by creating a Function App that will retrieve Cylance Device List and return it in HTML format. This Function App collects the data that will in turn be call by a Logic App to generate an email and send the report off to an email address.

Proceed to create a Function App with the following parameters:

Publish: Code

Runtime stack: PowerShell Core

Version: 7.2

Operating System: Windows

Configure the rest of the parameters as required by the environment.

With the Function App created, proceed to create the function trigger:

Select HTTP trigger as the template and provide a meaningful name:

With the trigger created, navigate to Code + Test and paste the following code into run.ps1:

https://github.com/terenceluk/Azure/blob/main/Function%20App/Get-AzureVMs.ps1

The following are changes you’ll need to apply to the code:

The client name:

Save the Function App and navigate back out to the Function App > App files, switch to the requirements.psd1, then add the following line to load the Az.Compute module, which will allow Get-AzVM to be executed:

'Az.Compute' = '5.*'

Save the file and navigate to the Identity blade then turn on the System assigned identity:

Once the system assigned managed identity is created, you should see the Function App created in the Enterprise applications:

Click on Azure role assignments while still in the Identity blade of the Function App:

Configure Reader permissions on the subscription containing the VMs:

With the Reader role granted, navigate back to the Function App and execute the Test/Run feature with HTTP method POST and without any body submitted:

You should see a HTTP response code 200 OK with the contents of your report displayed:

Step #2 – Create a Logic App that is scheduled to run every day to call the Azure Function App to retrieve the device list report and then send an email report out

With the Azure Function App created and tested, proceed to create the Logic App that will be scheduled to run every day to call the Azure Function App to retrieve the device list report and then send an email report out.

Navigate to the Logic app designer blade and begin to configure the steps for the Logic App. The following are the steps we’ll be configuring:

The first is the Recurrence step that will schedule this logic app to run at 9:00a.m. EST every day:

Create an additional step by clicking on the + button, select Add an action then type in Function, select the Function that was created:

We won’t need to pass a parameter so leave it unconfigured:

Proceed to create two additional steps:

1. Initialize variable
2. Set variable

These two steps will place the retrieved HTML report into the body of the email:

Initialize variable

Name: EmailBody
Type: String
Value: <leave blank>

Set variable

Name: EmailBody
Value: Select the Body

Configure the last step as Send an email (V2) that will email this report to the email address required:

Save the logic app and proceed to use the Run Trigger feature to execute the Logic App and confirm that the report is generated and sent:

One of the steps I did not include in this post is to secure the Function App to require authentication so allow the Logic App can execute it. Please see one of my previous posts for the steps:

Securing Azure Function App to require authentication and granting access to a Logic Apps’ Managed Identity
http://terenceluk.blogspot.com/2022/09/securing-azure-function-app-to-require.html

I hope this helps anyone who may be looking for instructions on how to configure automated reports with virtual machine details.

Setting up BitTitan to migrate mailboxes from O365 to another O365 tenant fails source authentication with the error: "Your migration failed while checking source credentials. The request failed. The remote server returned an error: (401) Unauthorized."

It has been a while since I’ve been involved with Office 365 mail migrations but I was recently contacted by a colleague who was setting up BitTitan’s MigrationWiz for a migration and could not figure out why he was not able to authenticate so I hopped on to help. The search results from Google directed me to various documentation provided by BitTitan but none of them lead me to the right solution. I don’t usually use YouTube for troubleshooting as most of us probably feel it takes too long to watch a video as compared to reading a blog post like this but the following video is where I eventually found the answer:

How to solve BitTitan MigrationWiz Error 401 Unauthorized in 2022
https://www.youtube.com/watch?v=iI35AJrGYiw

This blog post serves to help anyone who might encounter the same problem quickly find the answer.

Problem

You attempt to use the Verify Credentials feature in MigrationWiz after setting up the source and destination tenants but receive the status: Failed (Verification)

Navigating into one of the accounts display the following error message:

Your migration failed while checking source credentials. The request failed. The remote server returned an error: (401) Unauthorized.

Solution

The reason why the environment I was troubleshooting in has this failure is because Microsoft had started disabling basic authentication for Office 365 that affects the EWS service that MigrationWiz relies on (3 minute mark in the video). This can be confusing because if you navigate to Settings > Org Settings > Modern Authentication, you’ll see that it states basic authentication is enabled for various services (including Exchange Web Services). The problem here is that this only applies to the modern Outlook client, which MigrationWiz isn’t.

To remediate this, click on the Help & support button at the bottom right corner of the administration console:

Then type in the following string to search:

diag: enable basic auth in exo

Proceed to click on the Run Tests button:

Assuming basic authentication is disabled, we should be provided with a drop down menu box to select a service to enable:

Select Exchange Web Services (EWS) to enable the MigrationWiz dependent service, then click on Update Settings:

The following message will be displayed:

Run diagnostics
Basic authentication has been re-enabled for the selected protocol.

The Basic authentication blocked applications setting has been updated. You should be able to use Basic authentication with the selected protocol within the next hour.

Proceed to try and verify the credentials in an hour or so and the process should complete successfully.

Hope this helps as it took me a bit of time to figure this out.