After addressing the initial wave of BSOD issues caused by the recent CrowdStrike update, it’s crucial to ensure that no affected VMs are left unchecked in your Azure environment. To assist you in this task, we’ve written a PowerShell script that can help you identify any remaining VMs still impacted by this problem.
In this post, we’ll guide you through using our PowerShell script to find these affected VMs and ensure your Azure environment is fully secure and operational.
What We Are Looking For
The script identifies Azure VMs still affected by the CrowdStrike BSOD issue by examining Azure VM health events within the last 12 hours. It specifically looks for health event logs indicating that a VM was restarted due to an unplanned, non-platform-initiated event. By focusing on these criteria, the script can more accurately pinpoint VMs that experienced issues potentially related to the CrowdStrike update, filtering out restarts that were manually initiated by users. This targeted approach helps identify affected VMs for further investigation and remediation.
How to Use the PowerShell Script
To get started, follow these steps to use the provided PowerShell script:
Download the Script
First, download the PowerShell script from the provided link:
Prerequisites
Ensure you have the following prerequisites in place:
- PowerShell installed on your local machine.
- Azure PowerShell module installed. You can install it by running:
winget install -e --id Microsoft.AzureCLI
- Sufficient permissions to access and manage your Azure VMs.
Update the Subscription ID
Open the script file in a text editor and update the SubscriptionId variable at the top of the script with your Azure subscription ID. This ensures the script runs in the correct Azure environment.
Log In to Azure
Before running the script, log in to your Azure account using the following command:
az login
Run the Script
Open PowerShell and navigate to the directory where you downloaded the script. Run the script using the following command:
./find_crowdstriken_vms.ps1
The script will scan your Azure environment and identify any VMs that maybe still affected by the CrowdStrike BSOD issue.
Next Steps
Once you have the list of affected VMs, you can take the necessary steps to fix them using the recovery process outlined in our previous blog post. Ensure you prioritise critical workloads and follow the steps to clean up and recover the VMs.
By using this PowerShell script, you can ensure that your Azure environment is fully checked and any remaining VMs affected by the CrowdStrike BSOD issue are promptly addressed. If you need further assistance or have any questions, feel free to reach out to our support team. We’re here to help you keep your Azure infrastructure running smoothly and securely.