Azure: Use SAS token as a parameter

I recently bumped into an issue trying to pass a Shared Access Signature (SAS) token to my ARM template to be able to connect sub-templates securely. Even though SAS token looked perfectly fine in Powershell New-AzureRMDeployment cmdlet failed with the following error: Error: Code=InvalidTemplate; Message=Deployment template validation failed: ‘The provided value for the template parameter ‘_artifactsLocationSasToken’. I tried both securestring and string- no luck. A colleague of mine Jules Ouellette helped me with a solution – the token is generated as an object and must be converted to a string before passing as a Parameter: _artifactsLocationSastoken = $artifactslocationsastoken.toString()  After that conversion the token was successfully accepted as a parameter. 

One of my Customers asked me to move some VMs from expensive Premium storage account to a cheaper Standard tier.

The infrastructure was built using Resource Mode and luckily we do not need to convert VHDs to OS disks (as it is required for Classic VMs).

1. I shutdown/deprovision VM (you do not need to delete it)

2. Copy VHD OS disk and data disk to the new storage account

3. Recreate VM at the new place using the following script:

select-azurermsubscription -SubscriptionName “My Subscription”


# to check subnet index use:   Get-AzureRmVirtualNetwork -Name msps –ResourceGroupName $rgName | Select Subnets

$vnet=Get-AzureRmvirtualNetwork -Name $vnetName -ResourceGroupName $rgName

$vm=New-AzureRmVMConfig -VMName $name -VMSize Standard_D4
$vm | Set-AzureRmVMOSDisk -VhdUri https://*******.vhd –Name $name -CreateOption attach -Windows -Caching ReadWrite

$vm | Add-AzureRMVMDataDisk -Name “XXXX-data” -VhdUri https://*****-data01.vhd -LUN 0 -Caching ReadWrite -CreateOption Attach -DiskSizeinGB 1023

$nicName= $name + “_nic”
$pipName= $name + “_pip”
$domName= $name
$pip=New-AzureRmPublicIpAddress -Name $pipName –ResourceGroupName $rgName-DomainNameLabel $domName -Location $locName -AllocationMethod Dynamic
$nic=New-AzureRmNetworkInterface -Name $nicName –ResourceGroupName $rgName-Location $locName -SubnetId $vnet.Subnets[$subnetIndex].Id -PublicIpAddressId $pip.Id -PrivateIpAddress $privIP
$vm=Add-AzureRmVMNetworkInterface -VM $vm  -Id $nic.Id

New-AzureRMVM -ResourceGroupName Sharepoint -Location “East US” -VM $vm –Verbose

The machine is recreated and started

Azure Automation: Send Email from Azure Automation Script via GMAIL

I am working with Azure Automation scripts. One of them stops all my Lab VMs after working hours to save some money. Script is based on one from Automation Gallery, but I wanted to add a notification feature.

There are several posts about using O365 for this, but I do not think it is a good idea since 0365 is not free.

I tried (AKA Hotmail) first, trying to stick with Microsoft platform, but did not get any success (authentication kept failed for me). So, the second choice was From some posts I understood Azure does not have root certificates from GMAIL CA and SSL connection does not work. To workaround the issue I downloaded Google root certificate and created a Certificate Asset in Automation console


Interesting enough I do not need to use it in my script apparently simply existence of it is enough….

Here is the script to check if all machines are in stop(Deallocated) state and send email otherwise. The script uses a PS Credential Asset: ‘Azure Credentials’ and my MSDN Platform subscription.

I created a test account at Gmail: and add an Automation Asset (PS Credentials) including Gmail user name and password – “Gmailcreds” that allows do not put user name/password in the script.

workflow test-mail
   $Cred = Get-AutomationPSCredential -Name ‘Azure Credentials’
   $Gmailcreds = Get-AutomationPSCredential -Name ‘Gmailcerds’
   Add-AzureAccount -Credential $Cred
   Select-AzureSubscription -SubscriptionName “MSDN Platforms”   
   $vms = Get-AzureVM
   ForEach ($vm in $vms ) {
      if ($vm.Status -ne “StoppedDeallocated”) {$ss=$ss+$” – “+$vm.Status + “`r`n”}
   if ($ss -ne “”) {
      $mail_body= ‘Attention! One or more VMs are in a state other than “Stopped (Deallocated)”‘ `
      Send-MailMessage -SmtpServer -Port 587 -Credential $Gmailcreds `
         -UseSsl -From ‘’ -To ‘’ `
         -Subject ‘Alarm: Azure Automation – Running VM!’ -body $mail_body

This script can be added to schedule to run every night.