With Simple modification you can do anything you want.
# Define functions: Function InstallWinRMCertificateForVM ($servicename, $svrname) { Write-Host "Installing WinRM Certificate for remote access: $servicename $svrname" $WinRMCert = (Get-AzureVM -ServiceName $servicename -Name $svrname | select -ExpandProperty vm).DefaultWinRMCertificateThumbprint $AzureX509cert = Get-AzureCertificate -ServiceName $servicename -Thumbprint $WinRMCert -ThumbprintAlgorithm sha1 $certTempFile = [IO.Path]::GetTempFileName() $AzureX509cert.Data | Out-File $certTempFile # Target The Cert That Needs To Be Imported $CertToImport = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $certTempFile $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "Root", "LocalMachine" $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite) $store.Add($CertToImport) $store.Close() Remove-Item $certTempFile } $adminUsername = '<username>' $adminPassword = '<password>' $vmname = "HQServer1" $cloudsvcName = "HQServer1" # Install the WinRM Certificate first to access the VM via Remote PS InstallWinRMCertificateForVM $cloudsvcName $vmname # Return back the correct URI for Remote PowerShell $uri = Get-AzureWinRMUri -ServiceName $cloudsvcName -Name $vmname $SecurePassword = $adminPassword | ConvertTo-SecureString -AsPlainText -Force $credential = new-object -typename System.Management.Automation.PSCredential -argumentlist $adminUsername,$SecurePassword # Test Remote Script Invoke-Command -ConnectionUri $uri.ToString() -Credential $credential -ScriptBlock { Get-ChildItem c:\ } # Install IIS Invoke-Command -ConnectionUri $uri.ToString() -Credential $credential -ScriptBlock { Install-WindowsFeature -Name Web-Server -IncludeManagementTools -Source C:\Windows\WinSxS } # Disable Windows Firewall: Invoke-Command -ConnectionUri $uri.ToString() -Credential $credential -ScriptBlock { Set-NetFirewallProfile -All -Enabled False }