If you use PowerShell on-premises, chances are good you use PSRemoting (or PowerShell Remoting). It allows you to manage systems using remoting tools like Enter-PSSession and Invoke-Command . When you move to Azure, you have similar tooling available when you enable Azure PSRemoting for your VMs.

Enabling Azure PSRemoting

With the Enable-AzureVMPSRemoting cmdlet, Azure PowerShell configures the pieces necessary for running commands and code against target VMs in Azure, much like you do on-premises. To do this, it performs the following:

Based on the Operating System, it ensures WinRM (Windows) or SSH (Linux) is setup.

It ensures Network Security Group rules are in place to allow communication to the target, again based on communications type.

For Linux VMs, it installs PowerShell core on the target system.

To enable your VMs for PSRemoting in Azure, you would run a command similar to these for windows and Linux VMs:

PS Azure: \> Enable-AzVMPSRemoting -Name 'vm-win-01' -ResourceGroupName 'azure-cloudshell-demo' -Protocol https -OsType Windows PS Azure: \> Enable-AzVMPSRemoting -Name 'vm-lin-01' -ResourceGroupName 'azure-cloudshell-demo' -Protocol ssh -OsType Linux

Now you are ready to get to work!

Working with Remote Systems

Once you've established remoting, you can get to work running commands against your targets. Depending on how you need to do the work, you have a few options.

Invoke-AzVMCommand

This cmdlet is a wrapper around Invoke-Command that allows you to run commands and script blocks against a remote system. Sometimes called 'Fan Out Remoting,' it allows you to perform 1: Many remoting, allowing you can perform the task, say get the Windows services running on a remote system, on 1 or more systems. This tooling is best used in a situation where you don't need to be providing continuous input such as when you are running commands in the shell.

Here is how you would use Invoke-AzVMCommand to find the services starting with 'win' on a remote system:

PS Azure: \> Invoke-AzVMCommand - Name 'vm-win-01' - ResourceGroupName 'azure-cloudshell-demo' - ScriptBlock { get-service win* } - Credential ( get-credential)

It works the same for Linux VMs:

PS Azure: \> Invoke-AzVMCommand -Name 'vm-lin-01' -ResourceGroupName 'azure-cloudshell-demo' -ScriptBlock {uname -a} -UserName michael -KeyFilePath /home/ michael /.ssh/ id_rsa

Enter-AzVM

With Enter-AzVm , the cmdlet Enter-PSSession is built into a function, so it works properly against target VMs, both Windows and Linux, in Azure. The Enter-AzVM cmdlet starts an interactive session with a single Azure VM. During the session, the commands that you type are run on the Azure VM, just as if you were typing directly on the Azure VM’s PowerShell console. This is perfect for those real-time ad-hoc scenarios.

Here's a typical scenario with Enter-AzVm to a Windows VM:

PS Azure: \> Enter-AzVM - name 'vm-win-01' - ResourceGroupName 'azure-cloudshell-demo' - Credential ( get-credential) PowerShell credential request Enter your credentials. User: ************** Password for user demo-admin: ********************* [ vmwin01. westus2. cloudapp. azure. com] : PS C:\ Users\ demo-admin\ Documents> $ hostname [ vmwin01. westus2. cloudapp. azure. com] : PS C:\ Users\ demo-admin\ Documents> get-service Win* Status Name DisplayName ------ ---- ----------- Running WinDefend Windows Defender Antivirus Service Running WindowsAzureGue. .. Windows Azure Guest Agent Running WindowsAzureNet. .. Windows Azure Network Agent Running WindowsAzureTel. .. Windows Azure Telemetry Service Running WinHttpAutoProx. .. WinHTTP Web Proxy Auto-Discovery Se. .. Running Winmgmt Windows Management Instrumentation Running WinRM Windows Remote Management ( WS-Manag. .. [ vmwin01. westus2. cloudapp. azure. com] : PS C:\ Users\ demo-admin\ Documents> exit Azure: / PS Azure: \>

One important note is that this method relies on your VMs having Public IP addresses and ports open to your VMs; it does not work for private IPs. This means SSH and WinRM are open ports. To resolve that, simply close them down when you when your done with Disable-AzVMPSRemoting .

PS Azure:\> Disable-AzVMPSRemoting - Name vm-win- 02 -ResourceGroupName azure-cloudshell-demo

When executed, the cmdlet will

Remove the ports from the Network Security Group

For Windows VMs, Remove PowerShell Remoting from Windows VMs and reset UAC

For Linux VMS, Restore to original SSH Daemon Config & restart sshd service to pick the config

And that is all you need for connecting with Azure VMs using Powershell in Azure Cloud Shell.

Want to leave more about working with PowerShell in Azure Cloud Shell? Quickstart for PowerShell in Azure Cloud Shell

Don't have Azure and want to try this out? Grab a free subscription

Resources:

Troubleshooting Remote Management of Azure VMs