Tag Archives: powershell

Azure ARM Policy to Block Public IPs

Azure ARM policies are a great way to put limits around your Azure subscription or resource groups, and one of the cool things you can do is prevent specific types of resource creation. Public IP addresses are created by default when you create a new IaaS virtual machine. This may be OK in some instances, but what if you want to prevent these from being created across the board? The following policy will prevent virtual machine creation if a public IP address is assigned, and will also prevent public IP address object creation if you are trying to add a public IP to a VM. The only scenario it won’t prevent is the attachment of an existing public IP to a virtual machine.

  "if": {
    "anyOf": [
        "source": "action",
        "like": "Microsoft.Network/publicIPAddresses/*"
  "then": {
    "effect": "deny"

Here’s some Powershell you can use to create this policy. Note that the policy definition is inline here, you could also put this in a .json file and reference it by path when creating the policy definition. This script will create the policy and assign it to a resource group you specify. Replace everything in with parameters specific to your environment.

# Subscription selection
$sub = "<subscription name>"
Get-AzureRmSubscription -SubscriptionName $sub | Set-AzureRmContext

# Get the resource group
$rgname = "<resource group name>"
$rg = Get-AzureRmResourceGroup -Name $rgname

# Create the policy definition
$definition = '{"if":{"anyOf":[{"source":"action","like":"Microsoft.Network/publicIPAddresses/*"}]},"then":{"effect":"deny"}}'
$policydef = New-AzureRmPolicyDefinition -Name NoPubIPPolicyDefinition -Description 'No public IP addresses allowed' -Policy $definition

# Assign the policy
New-AzureRmPolicyAssignment -Name NoPublicIPPolicyAssignment -PolicyDefinition $policydef -Scope $rg.ResourceId

Southwest Airlines Powershell Checkin Script

If you’ve ever flown Southwest Airlines you know that getting checked in as soon as you can is key to not getting stuck at the end of boarding group C and ending up in a middle seat in the back of the plane.¬†This¬†awesome Powershell script (courtesey of Bill Grauer) allows you to set a scheduled task to automatically check in your flight for you, so you don’t have to mess with calendar reminders or forgetting it entirely.

The script takes 3 parameters: First, Last, and Conf. Schedule it to run 1 minute before your checkin time and it will loop through for a few minutes or until you’re checked in. I also updated the log location to be my Dropbox folder, allowing me to validate that the check-in was successful from my mobile device (or anywhere else with Dropbox access).