Endpoint Notification / Audit
I would like a powershell script that will go out and discovery any/all configured endpoints (anytime a VM in IaaS is using an Azure public IP). Produce a list of all endpoints, with IPs and ports.
This is to prevent the use of public endpoints on VMs running in Azure when we have a VPN into a private vNET. The code below almost does what I'm looking for but not able to get back every port.
foreach ($item in Get-AzureService)
{
Get-AzureVM -ServiceName $item.Label -Name $item.Label| where {$_.PowerState -eq "Started"}
@{
#Name = "RDP";
Expression = { ($_ | Get-AzureEndpoint RDP).Vip }
} |
Format-List

We will see whether there is a way to do this with the Current Windows Azure PowerShell and if not, what it would take to provide such functionality.
2 comments
-
Robert Wilson commented
Guang - we got this working I posted the working script under virtualrw.
-
VirtualRW commented
function Find-AllEndPoints
{
[CmdletBinding()]
Param
(
# Param to get the subscription to use
[Parameter(Mandatory=$true,
HelpMessage = "Enter Subscription Name or leave empty to use default subscription")]
[AllowEmptyString()]
[string]$SubscriptionaName
)Begin
{
# Will change default subscription to what user entered
if ($subscriptionaname)
{
# This will capture the user current default subscription name
$currentdefaulsub = Get-AzureSubscription -Default
$currentsubname = $currentdefaulsub.SubscriptionName# This will set the default subscription to what the user inputed - if not left blank
Set-AzureSubscription -DefaultSubscription $subscriptionaname
}
}Process
{
#Gets all the Services in the subscription
$allservices = Get-AzureServiceforeach ($allservices in $allservices)
{
Write $allservices.servicename
Get-AzureVM -ServiceName $allservices.servicename | ft -Property IpAddress, Powerstate -AutoSize
get-azurevm -ServiceName $allservices.servicename | Get-AzureEndpoint | ft -Property localport, name, port, protocol -AutoSize
}
}
End
{
}
}