Deploying an Azure IaaS VM using PowerShell

I recently had to deploy some new VMs and wanted to use PowerShell and also join them to a domain and get the anti-malware extension used. Below is the PowerShell I used. You would need to modify the variables in the below to match your own domains.

$Region = "EastUS"
$VNetName = "savilltech-vnet-east"
$VNetRG = "savilltech-vnets_rg"
$VNetSubnetName = "savilltech-vnet-east-savhybridinfra-vms"
$VNetSubnetCIDR = "10.244.3.64/26"
$NSGName = "savNSGLockdownEastUS"
$VMRG = "savilltech-savhybridinfra_rg"

$SQLVMName = "AZUUSESQL01"
$SQLVMSize = "Standard_DS3_v2" #4vcpu 16GB memory
$SQLVMIP = "10.244.3.68"

$VMDiagName = "savhybridinfradiag"

#Domain Join Strings
$string1 = '{
    "Name": "savilltech.net",
    "User": "savilltech.net\adminname",
    "OUPath": "OU=Servers,OU=Hybrid,OU=Environments,DC=savilltech,DC=net",
    "Restart": "true",
    "Options": "3"
        }'
$string2 = '{ "Password": "rawpasswordhere" }'


#Get the network subnet
$NSG = Get-AzureRmNetworkSecurityGroup -Name $NSGName -ResourceGroupName $VNetRG
$VNet = Get-AzureRmVirtualNetwork -Name $VNetName -ResourceGroupName $VNetRG
$VNetSubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name $VNetSubnetName -VirtualNetwork $VNet    

#Local Credential
$user = "localadmin"
$password = 'localadminpasshere'
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword) 

# Antimalware extension
$SettingsString = '{ "AntimalwareEnabled": true,"RealtimeProtectionEnabled": true}';
$allVersions= (Get-AzureRmVMExtensionImage -Location $Region -PublisherName "Microsoft.Azure.Security" -Type "IaaSAntimalware").Version
$typeHandlerVer = $allVersions[($allVersions.count)-1]
$typeHandlerVerMjandMn = $typeHandlerVer.split(".")
$typeHandlerVerMjandMn = $typeHandlerVerMjandMn[0] + "." + $typeHandlerVerMjandMn[1]


#Create the resource group
New-AzureRmResourceGroup -Name $VMRG -Location $Region

#Create the diagnostics storage account
New-AzureRmStorageAccount -ResourceGroupName $VMRG -Name $VMDiagName -SkuName Standard_LRS -Location $Region

# Create VM Object
$vm = New-AzureRmVMConfig -VMName $SQLVMName -VMSize $SQLVMSize 

$nic = New-AzureRmNetworkInterface -Name ('nic-' + $SQLVMName) -ResourceGroupName $VMRG -Location $Region `
    -SubnetId $VNetSubnet.Id -PrivateIpAddress $SQLVMIP

# Add NIC to VM
$vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic.Id

# VM Storage
$vm = Set-AzureRmVMSourceImage -VM $vm -PublisherName MicrosoftWindowsServer -Offer WindowsServer `
    -Skus 2016-Datacenter -Version latest
$vm = Set-AzureRmVMOSDisk -VM $vm  -StorageAccountType PremiumLRS -DiskSizeInGB 512 `
    -CreateOption FromImage -Caching ReadWrite -Name "$SQLVMName-OS"
$vm = Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $SQLVMName `
    -Credential $cred -ProvisionVMAgent -EnableAutoUpdate

$diskConfig = New-AzureRmDiskConfig -AccountType PremiumLRS -Location $Region -CreateOption Empty `
        -DiskSizeGB 2048
$dataDisk1 = New-AzureRmDisk -DiskName "$SQLVMName-data1" -Disk $diskConfig -ResourceGroupName $VMRG
$vm = Add-AzureRmVMDataDisk -VM $vm -Name "$SQLVMName-data1" -CreateOption Attach `
    -ManagedDiskId $dataDisk1.Id -Lun 1

$vm = Set-AzureRmVMBootDiagnostics -VM $vm -Enable -ResourceGroupName $VMRG -StorageAccountName $VMDiagName

# Create Virtual Machine
New-AzureRmVM -ResourceGroupName $VMRG -Location $Region -VM $vm

Set-AzureRmVMExtension -ResourceGroupName $VMRG -VMName $SQLVMName -Name "IaaSAntimalware" `
    -Publisher "Microsoft.Azure.Security" -ExtensionType "IaaSAntimalware" `
    -TypeHandlerVersion $typeHandlerVerMjandMn -SettingString $SettingsString -Location $Region

Set-AzureRmVMExtension -ResourceGroupName $VMRG -VMName $SQLVMName -ExtensionType "JsonADDomainExtension" `
    -Name "joindomain" -Publisher "Microsoft.Compute" -TypeHandlerVersion "1.0" -Location $Region `
    -SettingString $string1 -ProtectedSettingString $string2