Finding the Last VMs in Your Azure Environment Affected by the CrowdStrike BSOD

by | 22 Jul, 2024 | Blog

After addressing the initial wave of BSOD issues caused by the recent CrowdStrike update, it’s crucial to ensure that no affected VMs are left unchecked in your Azure environment. To assist you in this task, we’ve written a PowerShell script that can help you identify any remaining VMs still impacted by this problem.

In this post, we’ll guide you through using our PowerShell script to find these affected VMs and ensure your Azure environment is fully secure and operational.

What We Are Looking For

The script identifies Azure VMs still affected by the CrowdStrike BSOD issue by examining Azure VM health events within the last 12 hours. It specifically looks for health event logs indicating that a VM was restarted due to an unplanned, non-platform-initiated event. By focusing on these criteria, the script can more accurately pinpoint VMs that experienced issues potentially related to the CrowdStrike update, filtering out restarts that were manually initiated by users. This targeted approach helps identify affected VMs for further investigation and remediation.

How to Use the PowerShell Script

To get started, follow these steps to use the provided PowerShell script:

Download the Script

First, download the PowerShell script from the provided link:

Download PowerShell Script

Prerequisites

Ensure you have the following prerequisites in place:

  • PowerShell installed on your local machine.
  • Azure PowerShell module installed. You can install it by running:
winget install -e --id Microsoft.AzureCLI
  • Sufficient permissions to access and manage your Azure VMs.

Update the Subscription ID

Open the script file in a text editor and update the SubscriptionId variable at the top of the script with your Azure subscription ID. This ensures the script runs in the correct Azure environment.

Log In to Azure

Before running the script, log in to your Azure account using the following command:

az login

Run the Script

Open PowerShell and navigate to the directory where you downloaded the script. Run the script using the following command:

./find_crowdstriken_vms.ps1

The script will scan your Azure environment and identify any VMs that maybe still affected by the CrowdStrike BSOD issue.

Next Steps

Once you have the list of affected VMs, you can take the necessary steps to fix them using the recovery process outlined in our previous blog post. Ensure you prioritise critical workloads and follow the steps to clean up and recover the VMs.

By using this PowerShell script, you can ensure that your Azure environment is fully checked and any remaining VMs affected by the CrowdStrike BSOD issue are promptly addressed. If you need further assistance or have any questions, feel free to reach out to our support team. We’re here to help you keep your Azure infrastructure running smoothly and securely.

Ready to connect with Codify to discuss your next cloud project?

I know what I want:

I don’t know what I need:

Ready to connect with Codify to discuss your next cloud project?

I know what I want:

I don't know what I need: