Document Details

Premium Migrate
Home / Scan 2 / Premium Migrate
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Bias Types:
⚠️ powershell_heavy
⚠️ windows_tools
⚠️ missing_linux_example
⚠️ windows_first
Summary:
The documentation is heavily biased toward Windows and PowerShell usage. All code examples and automation scripts are provided exclusively in PowerShell, with no mention of Azure CLI, Bash, or Linux-native tooling. The instructions for module installation and validation are PowerShell-specific, and there are no Linux or cross-platform alternatives presented. Even though Azure PowerShell is technically cross-platform, the documentation assumes a Windows/PowerShell environment and does not address Linux users' needs or workflows.
Recommendations:
  • Provide equivalent Azure CLI (az) commands for all migration steps, as Azure CLI is cross-platform and widely used on Linux and macOS.
  • Include Bash script examples or at least command-line snippets for Linux users.
  • Clearly state that Azure PowerShell is available on Linux and macOS, and provide installation instructions for those platforms.
  • When referencing tooling (such as module installation), include both PowerShell and Azure CLI alternatives.
  • Where possible, add screenshots or walkthroughs using the Azure Portal, which is platform-agnostic.
  • Review the order of presentation so that cross-platform methods (Azure CLI, Portal) are mentioned before or alongside PowerShell.
GitHub Create pull request

Scan History

Date Scan ID Status Bias Status
2025-08-17 00:01 #83 in_progress ✅ Clean
2025-07-13 21:37 #48 completed ❌ Biased
2025-07-09 13:09 #3 cancelled ✅ Clean
2025-07-08 04:23 #2 cancelled ❌ Biased

Flagged Code Snippets

$azfw = Get-AzFirewall -Name "<firewall-name>" -ResourceGroupName "<resource-group-name>" $azfw.Deallocate() Set-AzFirewall -AzureFirewall $azfw
$azfw = Get-AzFirewall -Name "FW Name" -ResourceGroupName "RG Name" $azfw.Sku.Tier="Premium" $vnet = Get-AzVirtualNetwork -ResourceGroupName "RG Name" -Name "VNet Name" $publicip1 = Get-AzPublicIpAddress -Name "Public IP1 Name" -ResourceGroupName "RG Name" $publicip2 = Get-AzPublicIpAddress -Name "Public IP2 Name" -ResourceGroupName "RG Name" $azfw.Allocate($vnet,@($publicip1,$publicip2)) Set-AzFirewall -AzureFirewall $azfw
$azfw = Get-AzFirewall -Name "<firewall-name>" -ResourceGroupName "<resource-group-name>" $azfw.Deallocate() Set-AzFirewall -AzureFirewall $azfw
<# .SYNOPSIS Given an Azure firewall policy id the script will transform it to a Premium Azure firewall policy. The script will first pull the policy, transform/add various parameters and then upload a new premium policy. The created policy will be named <previous_policy_name>_premium if no new name provided else new policy will be named as the parameter passed. .Example Transform-Policy -PolicyId /subscriptions/XXXXX-XXXXXX-XXXXX/resourceGroups/some-resource-group/providers/Microsoft.Network/firewallPolicies/policy-name -NewPolicyName <optional param for the new policy name> #> param ( #Resource id of the azure firewall policy. [Parameter(Mandatory=$true)] [string] $PolicyId, #new filewallpolicy name, if not specified will be the previous name with the '_premium' suffix [Parameter(Mandatory=$false)] [string] $NewPolicyName = "" ) $ErrorActionPreference = "Stop" $script:PolicyId = $PolicyId $script:PolicyName = $NewPolicyName function ValidatePolicy { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [Object] $Policy ) Write-Host "Validating resource is as expected" if ($null -eq $Policy) { Write-Error "Received null policy" exit(1) } if ($Policy.GetType().Name -ne "PSAzureFirewallPolicy") { Write-Error "Resource must be of type Microsoft.Network/firewallPolicies" exit(1) } if ($Policy.Sku.Tier -eq "Premium") { Write-Host "Policy is already premium" -ForegroundColor Green exit(1) } } function GetPolicyNewName { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [Microsoft.Azure.Commands.Network.Models.PSAzureFirewallPolicy] $Policy ) if (-not [string]::IsNullOrEmpty($script:PolicyName)) { return $script:PolicyName } return $Policy.Name + "_premium" } function TransformPolicyToPremium { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [Microsoft.Azure.Commands.Network.Models.PSAzureFirewallPolicy] $Policy ) $NewPolicyParameters = @{ Name = (GetPolicyNewName -Policy $Policy) ResourceGroupName = $Policy.ResourceGroupName Location = $Policy.Location BasePolicy = $Policy.BasePolicy.Id ThreatIntelMode = $Policy.ThreatIntelMode ThreatIntelWhitelist = $Policy.ThreatIntelWhitelist PrivateRange = $Policy.PrivateRange DnsSetting = $Policy.DnsSettings SqlSetting = $Policy.SqlSetting ExplicitProxy = $Policy.ExplicitProxy DefaultProfile = $Policy.DefaultProfile Tag = $Policy.Tag SkuTier = "Premium" } Write-Host "Creating new policy" $premiumPolicy = New-AzFirewallPolicy @NewPolicyParameters Write-Host "Populating rules in new policy" foreach ($ruleCollectionGroup in $Policy.RuleCollectionGroups) { $ruleResource = Get-AzResource -ResourceId $ruleCollectionGroup.Id $ruleToTransform = Get-AzFirewallPolicyRuleCollectionGroup -AzureFirewallPolicy $Policy -Name $ruleResource.Name $ruleCollectionGroup = @{ FirewallPolicyObject = $premiumPolicy Priority = $ruleToTransform.Properties.Priority Name = $ruleToTransform.Name } if ($ruleToTransform.Properties.RuleCollection.Count) { $ruleCollectionGroup["RuleCollection"] = $ruleToTransform.Properties.RuleCollection } Set-AzFirewallPolicyRuleCollectionGroup @ruleCollectionGroup } } function ValidateAzNetworkModuleExists { Write-Host "Validating needed module exists" $networkModule = Get-InstalledModule -Name "Az.Network" -MinimumVersion 4.5 -ErrorAction SilentlyContinue if ($null -eq $networkModule) { Write-Host "Please install Az.Network module version 4.5.0 or higher, see instructions: https://github.com/Azure/azure-powershell#installation" exit(1) } $resourceModule = Get-InstalledModule -Name "Az.Resources" -MinimumVersion 4.2 -ErrorAction SilentlyContinue if ($null -eq $resourceModule) { Write-Host "Please install Az.Resources module version 4.2.0 or higher, see instructions: https://github.com/Azure/azure-powershell#installation" exit(1) } Import-Module Az.Network -MinimumVersion 4.5.0 Import-Module Az.Resources -MinimumVersion 4.2.0 } ValidateAzNetworkModuleExists $policy = Get-AzFirewallPolicy -ResourceId $script:PolicyId ValidatePolicy -Policy $policy TransformPolicyToPremium -Policy $policy
$azfw = Get-AzFirewall -Name "<firewall-name>" -ResourceGroupName "<resource-group-name>" $azfw.Sku.Tier="Premium" $vnet = Get-AzVirtualNetwork -ResourceGroupName "<resource-group-name>" -Name "<Virtual-Network-Name>" $publicip = Get-AzPublicIpAddress -Name "<Firewall-PublicIP-name>" -ResourceGroupName "<resource-group-name>" $azfw.Allocate($vnet,$publicip) Set-AzFirewall -AzureFirewall $azfw
$azfw = Get-AzFirewall -Name "<firewall-name>" -ResourceGroupName "<resource-group-name>" $azfw.Sku.Tier="Premium" $vnet = Get-AzVirtualNetwork -ResourceGroupName "<resource-group-name>" -Name "<Virtual-Network-Name>" $publicip = Get-AzPublicIpAddress -Name "<Firewall-PublicIP-name>" -ResourceGroupName "<resource-group-name>" $mgmtPip = Get-AzPublicIpAddress -ResourceGroupName "<resource-group-name>"-Name "<Management-PublicIP-name>" $azfw.Allocate($vnet,$publicip,$mgmtPip) Set-AzFirewall -AzureFirewall $azfw
$azfw = Get-AzFirewall -Name "<firewall-name>" -ResourceGroupName "<resource-group-name>" $hub = get-azvirtualhub -ResourceGroupName "<resource-group-name>" -name "<vWANhub-name>" $azfw.Sku.Tier="Premium" $azfw.Allocate($hub.id) Set-AzFirewall -AzureFirewall $azfw