Introduction
Keeping your Azure IP ranges up-to-date is crucial for maintaining the security and efficiency of your cloud environment. This blog post will guide you through the process of dynamically updating your Azure IP ranges using the official Azure documentation, PowerShell scripts, and DevOps practices.
Table of Contents
- Understanding Azure IP Ranges
- Official Azure Documentation
- Using PowerShell to Retrieve and Update IP Ranges
- Automating Updates with Azure DevOps
- Conclusion
1. Understanding Azure IP Ranges
Azure IP ranges are used to define the network boundaries for your services in Azure. These ranges are periodically updated by Microsoft, and it's essential to ensure that your network configurations are aligned with these changes to avoid any disruptions.
2. Official Azure Documentation
Microsoft provides comprehensive documentation on Azure IP ranges, which includes a list of all the IP addresses used by Azure services. You can find this documentation here.
3. Using Power BI to Visualize the IP Address Changes
I wrote a small Power BI Dashboard to visualize the changes. The thinking behind it was that Network engineers could search and view the Updated IPs. Even though this did not automate their firewall processes it was a quick way to lookup an IP. You can find a copy of the below Power BI in my GitHub Repo -->RallTheory/AzureAndOffice365IPAddresses at main · WernerRall147/RallTheory (github.com)
4. Using PowerShell to Retrieve and Update IP Ranges
PowerShell is a powerful scripting tool that can help you automate the retrieval and updating of Azure IP ranges. Below is a sample script that demonstrates how to fetch the latest IP ranges and update your network configurations.
# Import necessary modulesImport-Module Az# Define the URL for the Azure IP ranges JSON file$ipRangesUrl = "https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519"# Download the JSON fileInvoke-WebRequest -Uri $ipRangesUrl -OutFile "AzureIPRanges.json"# Parse the JSON file$ipRanges = Get-Content -Path "AzureIPRanges.json" | ConvertFrom-Json# Example: Update network security group rules with new IP ranges$nsgName = "YourNetworkSecurityGroup"$resourceGroupName = "YourResourceGroup"foreach ($range in $ipRanges.values) { New-AzNetworkSecurityRuleConfig -Name "AllowAzureIPs" ` -Description "Allow Azure IP Ranges" ` -Access Allow ` -Protocol * ` -Direction Inbound ` -Priority 100 ` -SourceAddressPrefix $range ` -SourcePortRange * ` -DestinationAddressPrefix * ` -DestinationPortRange 80 ` | Add-AzNetworkSecurityGroupSecurityRuleConfig -NetworkSecurityGroupName $nsgName -ResourceGroupName $resourceGroupName}# Apply the updated NSG configurationSet-AzNetworkSecurityGroup -NetworkSecurityGroupName $nsgName -ResourceGroupName $resourceGroupName5. Automating Updates with Azure DevOps
To fully automate the process, you can use Azure DevOps to run your PowerShell script on a schedule. Here’s a step-by-step guide to setting up a pipeline in Azure DevOps:
- Create a New Pipeline: Go to your Azure DevOps project, and under Pipelines, click on "New Pipeline".
- Select the Repository: Choose the repository where your PowerShell script is stored.
- Configure the Pipeline: Use the YAML editor to define your pipeline. Below is an example YAML configuration.
trigger:- mainschedules:- cron: "0 0 * * *" # Runs every day at midnight displayName: Daily midnight build branches: include: - mainpool: vmImage: 'ubuntu-latest'steps:- task: UseDotNet@2 inputs: packageType: 'sdk' version: '5.x' installationPath: $(Agent.ToolsDirectory)/dotnet- task: PowerShell@2 inputs: targetType: 'filePath' filePath: '$(Build.SourcesDirectory)/UpdateAzureIPRanges.ps1' arguments: '-ResourceGroupName YourResourceGroup -NsgName YourNetworkSecurityGroup' pwsh: true
- Save and Run: Save your pipeline and run it to ensure everything is configured correctly.
6. Conclusion
By following these steps, you can ensure that your Azure IP ranges are always up-to-date, enhancing the security and reliability of your cloud environment. Automating this process using PowerShell and Azure DevOps not only saves time but also minimizes the risk of human error.
This article would not have been possible without the help from my colleague Alan Serzysko, Customer Support Engineer for Microsoft.
Disclaimer
The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts or Power BI Dashboards are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts orPower BI Dashboards be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages. This blog post was written with the help of generative AI.
