Document Details

Premium Migrate
Home / Scan 41 / Premium Migrate
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Bias Types:
⚠️ powershell_heavy
⚠️ windows_tools
⚠️ missing_linux_example
⚠️ windows_first
Summary:
The documentation page demonstrates a strong bias towards Windows and PowerShell. All command-line examples and automation scripts are provided exclusively using Azure PowerShell, with no mention of Azure CLI, Bash, or Linux-native tooling. The instructions assume the use of PowerShell modules and Windows-centric scripting patterns, and there are no equivalent examples or guidance for Linux or cross-platform users. The only non-PowerShell automation mentioned is Terraform, but this is referenced as an external link and not integrated into the main migration workflow.
Recommendations:
  • Provide equivalent Azure CLI (az) command examples for all migration steps, including policy transformation and firewall SKU upgrades.
  • Include Bash shell script examples or guidance for Linux/macOS users.
  • Mention cross-platform tools (such as Azure CLI and REST API) alongside PowerShell, and present them in parallel or before PowerShell examples.
  • Clarify that PowerShell Core is cross-platform if PowerShell must be used, and provide installation instructions for Linux/macOS.
  • Where automation scripts are provided, offer both PowerShell and Bash/CLI versions, or reference official cross-platform scripts.
  • Explicitly state which steps are platform-agnostic (e.g., Azure Portal, Terraform) and which require Windows/PowerShell, to help users plan accordingly.
GitHub Create pull request

Scan History

Date Scan ID Status Bias Status
2025-07-12 23:44 #41 in_progress ❌ Biased
2025-07-12 00:58 #8 cancelled ✅ Clean
2025-07-10 05:06 #7 processing ✅ Clean

Flagged Code Snippets

<# .SYNOPSIS Given an Azure firewall policy id the script will transform it to a Premium Azure firewall policy. The script will first pull the policy, transform/add various parameters and then upload a new premium policy. The created policy will be named <previous_policy_name>_premium if no new name provided else new policy will be named as the parameter passed. .Example Transform-Policy -PolicyId /subscriptions/XXXXX-XXXXXX-XXXXX/resourceGroups/some-resource-group/providers/Microsoft.Network/firewallPolicies/policy-name -NewPolicyName <optional param for the new policy name> #> param ( #Resource id of the azure firewall policy. [Parameter(Mandatory=$true)] [string] $PolicyId, #new filewallpolicy name, if not specified will be the previous name with the '_premium' suffix [Parameter(Mandatory=$false)] [string] $NewPolicyName = "" ) $ErrorActionPreference = "Stop" $script:PolicyId = $PolicyId $script:PolicyName = $NewPolicyName function ValidatePolicy { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [Object] $Policy ) Write-Host "Validating resource is as expected" if ($null -eq $Policy) { Write-Error "Received null policy" exit(1) } if ($Policy.GetType().Name -ne "PSAzureFirewallPolicy") { Write-Error "Resource must be of type Microsoft.Network/firewallPolicies" exit(1) } if ($Policy.Sku.Tier -eq "Premium") { Write-Host "Policy is already premium" -ForegroundColor Green exit(1) } } function GetPolicyNewName { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [Microsoft.Azure.Commands.Network.Models.PSAzureFirewallPolicy] $Policy ) if (-not [string]::IsNullOrEmpty($script:PolicyName)) { return $script:PolicyName } return $Policy.Name + "_premium" } function TransformPolicyToPremium { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [Microsoft.Azure.Commands.Network.Models.PSAzureFirewallPolicy] $Policy ) $NewPolicyParameters = @{ Name = (GetPolicyNewName -Policy $Policy) ResourceGroupName = $Policy.ResourceGroupName Location = $Policy.Location BasePolicy = $Policy.BasePolicy.Id ThreatIntelMode = $Policy.ThreatIntelMode ThreatIntelWhitelist = $Policy.ThreatIntelWhitelist PrivateRange = $Policy.PrivateRange DnsSetting = $Policy.DnsSettings SqlSetting = $Policy.SqlSetting ExplicitProxy = $Policy.ExplicitProxy DefaultProfile = $Policy.DefaultProfile Tag = $Policy.Tag SkuTier = "Premium" } Write-Host "Creating new policy" $premiumPolicy = New-AzFirewallPolicy @NewPolicyParameters Write-Host "Populating rules in new policy" foreach ($ruleCollectionGroup in $Policy.RuleCollectionGroups) { $ruleResource = Get-AzResource -ResourceId $ruleCollectionGroup.Id $ruleToTransform = Get-AzFirewallPolicyRuleCollectionGroup -AzureFirewallPolicy $Policy -Name $ruleResource.Name $ruleCollectionGroup = @{ FirewallPolicyObject = $premiumPolicy Priority = $ruleToTransform.Properties.Priority Name = $ruleToTransform.Name } if ($ruleToTransform.Properties.RuleCollection.Count) { $ruleCollectionGroup["RuleCollection"] = $ruleToTransform.Properties.RuleCollection } Set-AzFirewallPolicyRuleCollectionGroup @ruleCollectionGroup } } function ValidateAzNetworkModuleExists { Write-Host "Validating needed module exists" $networkModule = Get-InstalledModule -Name "Az.Network" -MinimumVersion 4.5 -ErrorAction SilentlyContinue if ($null -eq $networkModule) { Write-Host "Please install Az.Network module version 4.5.0 or higher, see instructions: https://github.com/Azure/azure-powershell#installation" exit(1) } $resourceModule = Get-InstalledModule -Name "Az.Resources" -MinimumVersion 4.2 -ErrorAction SilentlyContinue if ($null -eq $resourceModule) { Write-Host "Please install Az.Resources module version 4.2.0 or higher, see instructions: https://github.com/Azure/azure-powershell#installation" exit(1) } Import-Module Az.Network -MinimumVersion 4.5.0 Import-Module Az.Resources -MinimumVersion 4.2.0 } ValidateAzNetworkModuleExists $policy = Get-AzFirewallPolicy -ResourceId $script:PolicyId ValidatePolicy -Policy $policy TransformPolicyToPremium -Policy $policy
$azfw = Get-AzFirewall -Name "<firewall-name>" -ResourceGroupName "<resource-group-name>" $azfw.Deallocate() Set-AzFirewall -AzureFirewall $azfw
$azfw = Get-AzFirewall -Name "FW Name" -ResourceGroupName "RG Name" $azfw.Sku.Tier="Premium" $vnet = Get-AzVirtualNetwork -ResourceGroupName "RG Name" -Name "VNet Name" $publicip1 = Get-AzPublicIpAddress -Name "Public IP1 Name" -ResourceGroupName "RG Name" $publicip2 = Get-AzPublicIpAddress -Name "Public IP2 Name" -ResourceGroupName "RG Name" $azfw.Allocate($vnet,@($publicip1,$publicip2)) Set-AzFirewall -AzureFirewall $azfw
$azfw = Get-AzFirewall -Name "<firewall-name>" -ResourceGroupName "<resource-group-name>" $azfw.Sku.Tier="Premium" $vnet = Get-AzVirtualNetwork -ResourceGroupName "<resource-group-name>" -Name "<Virtual-Network-Name>" $publicip = Get-AzPublicIpAddress -Name "<Firewall-PublicIP-name>" -ResourceGroupName "<resource-group-name>" $mgmtPip = Get-AzPublicIpAddress -ResourceGroupName "<resource-group-name>"-Name "<Management-PublicIP-name>" $azfw.Allocate($vnet,$publicip,$mgmtPip) Set-AzFirewall -AzureFirewall $azfw
$azfw = Get-AzFirewall -Name "<firewall-name>" -ResourceGroupName "<resource-group-name>" $azfw.Sku.Tier="Premium" $vnet = Get-AzVirtualNetwork -ResourceGroupName "<resource-group-name>" -Name "<Virtual-Network-Name>" $publicip = Get-AzPublicIpAddress -Name "<Firewall-PublicIP-name>" -ResourceGroupName "<resource-group-name>" $azfw.Allocate($vnet,$publicip) Set-AzFirewall -AzureFirewall $azfw
$azfw = Get-AzFirewall -Name "<firewall-name>" -ResourceGroupName "<resource-group-name>" $azfw.Deallocate() Set-AzFirewall -AzureFirewall $azfw
$azfw = Get-AzFirewall -Name "<firewall-name>" -ResourceGroupName "<resource-group-name>" $hub = get-azvirtualhub -ResourceGroupName "<resource-group-name>" -name "<vWANhub-name>" $azfw.Sku.Tier="Premium" $azfw.Allocate($hub.id) Set-AzFirewall -AzureFirewall $azfw