I had a situation recently where I needed to test to determine if a specific cmdlet for the Azure Sentinel PowerShell module would run in a specific Azure region. Cloud Shell instances require storage to function. When you initiate a Cloud Shell instance and accept the defaults it generates a random set of storage account resources in your default Cloud Shell region.
But, I wanted to change this for testing. In the event you need to do something similar, here’s how to accomplish this…
First dismount the existing Cloud Drive by running…
Dismount-CloudDrive
After the exiting Cloud Drive is dismounted, the next time you initiate a Cloud Shell instance, you’ll be prompted to create a new one after selecting PowerShell as the option. Choose to “Show advanced settings” instead of just letting Cloud Shell do it’s thing.
Finally, setup your own values. Just make sure that each value (Resource Group, region, Storage account, File share) is created in a different region.
You can always go back and use the defaults again. Just dismount the existing Cloud Drive again and start the process over.
The interesting thing that this exposed is that by manually assigning the storage account resources, you’ll have a better, defined set of values to monitor for Cloud Shell usage. A number of Azure Sentinel customers monitor Cloud Shell usage through KQL queries and Analytics Rules. It’s an important thing to monitor for them.
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
You must log in to post a comment.