Audit Azure Firewall Rules with Powershell

Last modified date

Comments: 0

If your organisation has multiple Azure administrators that have the ability to add subscriptions, network security groups (NSG) or firewall rules and ACLs, then it would be very prudent to audit these rules periodically. Imagine if an admin had opened 3389/tcp for a VM to everyone on the internet – that’s not going to end well, especially if the VM has weak login passwords.  The Azure web app is not terrible by any means but rules auditing is not its strongest point. The easiest solution is to use Powershell from the comfort of your own workstation.

This script will return a list of Azure subscriptions, network security groups and of course, the firewall rules too. To make life easier, I’ve included some hashing functions at the end of the script as a sort of checksum so you can compare the hashes from two different times you might have run the script – this means that if the hashes are different then that means that something has changed in the network and you can investigate further.

Please note that you will need to install the Azure Powershell Module – this can be done easily via nuget: Install-Module -Name AzureRM

Hope this helps 🙂

 

 

james

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment