Auditing Azure Resources

I’m just beginning my adventure into Azure.  So my journey begins with figuring out what is in place already at my company as far as Azure goes.  So my first foray was to build what I call an Azure RM Audit script.

With a little help from some friends @gamerlivingWill I came up with a script to audit what I had.

To begin with I had to find out how to login to Azure I found these set of links to be the most useful for me:

How to install and configure Azure PowerShell

Azure Resource Manager

Now with that knowledge I was able to put a script together that.

  1. Found all my Subscriptions
  2. Found all the resources under each subscription
  3. Get all the resources that are (classic) otherwise known as ASM resources.
    • In the final object query the column called Resource ID for the value Microsoft.Classic and you’ll see your classic Resources(ASM).

To Connect to azure I used the following command

Login-AzureRMAccount -credential $myAzureCredentials

The $myAzureCredentials are my credentials that I encrypt and re-use in each Powershell Session.

Now that I’m logged into azure I can find what subscriptions I have access to through this cmdlet:

2016-02-15 14_24_43-Clipboard

OK I have my subscriptions and now I need to find the resources.  I found that if I’m in a subscription I can query the resouces with Get-AzureRmResource


Since this is only valid for the current subscription. I know this because get-AzureRMContext tells me my current context and if I compare the SubscriptionId to each of the found resources I’ll see they are the same value.

To find all the resources under the rest of my subscriptions I’m going to get all my subscriptions into an object. Then I’ll loop through that object one subscription at a time and query the resources.  In the end I’ll end up with an object of all my resources.

Here is the rest of the script, once again I need to thank @gamerlivingWill  for helping me get to the final function:

function Get-DaAzureRMResources
gets azure ARM resources and outputs to an object.
Connect to Azure and retrieve quota information from associated subscriptions.
#$azureObject = @()
write-verbose 'Verifying user is logged into Azure.'
If ((Get-AzureRMContext) -eq $null)
write-verbose 'User is not logged into Azure. Begin login process.'
} #If

write-verbose (‘User is logged into Azure as ‘ + (Get-AzureRmContext).Account + ‘. Continuing…’)
} #Else
$subs = Get-AzureRmSubscription
ForEach ($SubName in $subs)
#Import-Module AzureRM.profile
write-verbose (“Subscription $($SubName.SubscriptionName) specified. Retrieving information on the specified subscription.”)
$azureRMSubcription = Set-AzureRmContext -SubscriptionName ($SubName.SubscriptionName)
$Subscription = Get-AzureRmResource
ForEach ($Sub in $Subscription)
‘SubscriptionName’ = $SubName.SubscriptionName
‘Name’ = $Sub.Name
‘ResourceName’ = $Sub.ResourceName
‘ResourceType’ = $Sub.ResourceType
#’Tags’ = $Sub.Tags
‘Location’ = $Sub.Location
‘ResourceId’ = $Sub.ResourceId
‘SubscriptionId’ = $Sub.SubscriptionId
} #PSCustomObject
} #ForEach
} #Try
Catch [System.Exception]
write-verbose (‘Error Output was’ + ($Error[0] | Select-Object *))
} #Catch
} #ForEach
write-verbose ‘Processing of Azure ARM Audit complete.’
} #END
} #Function

Until then Keep Scripting


One thought on “Auditing Azure Resources

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s