Azure Virtual Network Service Endpoints

Here’s another simple PowerShell script using the Azure Az cmdlets that I hope you find useful.

This time it’s a quickie PowerShell script to list all subnets in all virtual networks in all subscriptions that have one or more Azure virtual network service endpoints assigned.

Most Azure users have multiple virtual networks and many subscriptions in their tenant. For a client whose Azure infrastructure is designed this way, I wanted to make sure those Vnets had the proper service endpoints assigned to each subnet. But I found it hard to see the big picture from the Azure portal. That’s because the Azure portal works with one subscription at a time for most resource definitions. That’s what lead me to write this script, which is so simple it’s almost self-explanatory.

Here’s a sample screen shot of the output. In this example, I wanted to see all the virtual networks with the Azure Active Directory service endpoint enabled. It’s a snap to do in Excel with filtering turned on. It also helps that I’ve created all this client’s subscriptions, virtual networks and subnets via ARM templates with a strict naming convention. (Remind me one day to post the ARM template that creates these Vnets with the subnet names that include the CIDR.)

Filtering script output in Excel to show specific virtual network endpoints (click to enlarge)

And here’s the script. You should be a global admin with User Access Administrator on the target subscriptions or at least owner on all the subscriptions in the tenant. Also, you should have set a context to a subscription in that tenant (any subscription will do) before you run the script. I hope you find this helpful.

<#
.SYNOPSIS
Lists all Azure service endpoints assigned to all subnets in all Vnets in an Azure tenant
.DESCRIPTION
This script retrieves all enabled subscriptions in an Azure tenant, then for each one that has service endpoints assigned to a virutal network, it creates and object with the name(s) of those service endpoints, the name of the Vnet and the name of the subscription. These objects are stored in an array and written to the desktop in .csv format.
.INPUTS
None
.OUTPUTS
A comma-separated variable file is created in $HOME/desktop
.EXAMPLE
.\ShowAllServiceEndpointsInVnetsInAllEnabledSubscriptions.ps1
.NOTES
   Author:         Alex Neihaus
   Creation Date:  2020-01-06
   Copyright (c)   2020 Air11 Technology LLC
.LINK
   https://www.yobyot.com

.COMPONENT
Az 3.1.0 or later is required. User must have RBAC Contributor or greater on all subscriptions in the tenant.

.LICENSE
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the Software), to deal
in the Software without restriction, including without limitation the rights
to use copy, modify, merge, publish, distribute sublicense and /or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#>


$csvout = @() # Create an array to hold the .csv output
$activesubs = Get-AzSubscription | Where-Object -Property State -eq "Enabled" # Make sure to select only active subscriptions
foreach ($sub in $activesubs) {
    Select-AzSubscription -SubscriptionId $sub.Id | Out-Null
    "Retrieving subscription: $($sub.Name)"
    $vnets = Get-AzVirtualNetwork 
    foreach ($vnet in $vnets) {
        "Retrieving Vnet: $($vnet.Name)"
        foreach ($subnet in $vnet.Subnets) {
            foreach ($endpoint in $subnet.ServiceEndpoints.Service) {
                "Retrieving subnet: $($subnet.name): $($endpoint)"
                $obj = New-Object -TypeName PSObject -Property (
                    [ordered]@{
                        "SubscriptionName"        = "$($sub.Name)"
                        "VirtualNetworkName"      = "$($vnet.Name)"
                        "SubnetName"              = "$($subnet.name)"
                        "ServiceEndpointAssigned" = "$($endpoint)"
                    }
                )
                $csvout += $obj
            }
        }
    }
}
$csvout | Export-Csv -Path "$HOME/Desktop/ServiceEndpoints.csv" -NoTypeInformation
"Output written to .csv on desktop"

Posted

in

,

by

Alex Neihaus

Tags:

,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *