Use Powershell List All Azure Storage Accounts & Network Rules

Question

I have about 50 Azure storage accounts in a client tenant. I need to go through and update the storage accounts so the network access is restricted to specific virtual networks. A few storage account have network restrictions in place but most do not.

Rather than manually selecting all storage accounts one at a time in the Azure Portal I need a way to select all storage accounts and then list the network rules in place (if any) for each storage account. The storage accounts are also in different resource groups. I ran a basic command to get a list of all storage accounts but now i'm looking to display the network rules applied to each storage accounts:

Get-AzureRMStorageAccount | Export-CSV C:\....

Get-AzureRmStorageAccountNetworkRuleSet  -ResourceGroupName "allRG's" -AccountName "allStorageAccounts"

I'm not sure how to issue the Get-AzureRmStorageAccountNetworkRuleSet command and have it select each storage account and its respective resource-group. Any help would be appreciated, thanks!

Answer 1

You can use the below powershell script to get all the storage account present in your subscription and then the Network rule set property.

Connect-AzAccount
$Result=@()
$Storageaccounts = Get-AzStorageAccount
$Storageaccounts | ForEach-Object {
$storageaccount = $_
Get-AzStorageAccountNetworkRuleSet -ResourceGroupName $storageaccount.ResourceGroupName -AccountName $storageaccount.StorageAccountName | ForEach-Object {
$Result += New-Object PSObject -property @{ 
Account = $storageaccount.StorageAccountName
ResourceGroup = $storageaccount.ResourceGroupName
Bypass = $_.Bypass
Action = $_.DefaultAction
IPrules = $_.IpRules
Vnetrules = $_.VirtualNetworkRules
ResourceRules = $_.ResourceAccessRules
}
}
}
$Result | Select Account,ResourceGroup,Bypass,Action,IPrules,Vnetrules,ResourceRules

Output: