Search
  • AmistadGroup

Azure Automation: Azure Virtual Machine Audit

Until this point, we all learned how to deploy an Azure Virtual Machine by using Azure Portal, using Azure Blueprints, using Azure templates, and any other deployment method you think of but what about generating a report with all these machines and details about them a report you can present to anyone inside and outside your organization doing an audit. With this in mind, I started to look at how to daily generate this kind of report using PowerShell and Azure Automation. I created a new PowerShell runbook script in my Azure Automation account and started to develop this script.

if I need all virtual machines in my entire Azure tenant then I need first to go in each subscription that I have and for that, I used this piece of code


$subscriptions = Get-AzSubscription
foreach($subscription in $subscriptions) {
 if (($subscription.state -eq 'Enabled') -and ($subscription.Name -notlike 'Free Trial*') -and ($subscription.Name -notlike 'Access to Azure Active Directory*') -and ($subscription.Name -notlike 'Visual Studio*')) {
  $subscriptionid = $subscription.Id   
  $subscriptionname = $subscription.Name
  Get-AzSubscription -SubscriptionId $subscriptionid
  Select-AzSubscription -SubscriptionId $subscriptionid
}
}

For each subscription, I need to retrieve all the virtual machines


$virtualmachines= Get-AzVM -Status
foreach ($vm in $virtualmachines) {
 $vm.Name   
}

From this point forward you just need to create your CSV output file as you want and with the details, you need about this virtual machine. In my case, I needed the following details

Column 1: Virtual Machine Name - can be retrieved from above using this value $vm.Name

Column 2: Custom TAG value


$TAG =$null
foreach($tagvalue in $vm.tags.keys) {
 if($tagvalue -eq "Custom TAG value") {   
  $TAG=$TAG+$vm.tags.$tagvalue
 } 
} 

Column 3: Virtual Machine ID - can be retrieved from above using this value $vm.VmId

Column 4: Virtual Machine Location - can be retrieved from above using this value $vm.Location

Column 5: Virtual Machine Provisioning State - can be retrieved from above using this value $vm.ProvisioningState

Column 6: Virtual Machine Availability Zone


$AzureAvailabilityZone= (@() -join ' ')
$AzureAvailabilityZone = $AzureAvailabilityZone + $vm.Zones + ' '

Column 7: Virtual Machine Power state


$VirtualMachineStatus = Get-AzVM -Name $vm.Name -ResourceGroupName $vm.ResourceGroupName -Status
$VirtualMachinePowerState = (get-culture).TextInfo.ToTitleCase(($VirtualMachineStatus.statuses)[1].code.split("/")[1])

Column 8: Virtual Machine License Type - can be retrieved from above using this value $vm.LicenseType

Column 9: Virtual Machine Azure Size Name - can be retrieved from bellow

Column 10: Virtual Machine CPU cores - can be retrieved from bellow

Column 11: Virtual Machine RAM Memory - can be retrieved from bellow


$VirtualMachineSize = (Get-AzVM -Name $vm.Name -ResourceGroupName $vm.ResourceGroupName).HardwareProfile.VmSize
$VirtualMachineCPUCore = (Get-AzVMSize -location 'NorthEurope' | Where-Object { $_.name -eq $VirtualMachineSize}).NumberOfCores
$VirtualMachineSizeName = (Get-AzVMSize -location 'NorthEurope' | Where-Object { $_.name -eq $VirtualMachineSize}).Name
$VirtualMachineRAMMemory = (Get-AzVMSize -location 'NorthEurope' | Where-Object { $_.name -eq $VirtualMachineSize}).MemoryInMB

Column 12: Virtual Machine Operating System type - can be retrieved from above using this value $vm.StorageProfile.OsDisk.OsType

Column 13 and 14: Virtual Machine disks encryption status


$VirtualMachineDiskEncryotStatus= Get-AzVmDiskEncryptionStatus -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name 
$VirtualMachineDiskEncryotStatus.OsVolumeEncrypted 
$VirtualMachineDiskEncryotStatus.DataVolumesEncrypted 

Column 15 and 16: Virtual Machine Private IP value and allocation method

Column 17 and 18: Virtual Machine Public IP value and allocation method


$VirtualMachineNetworkInterfaces = (((Get-AzVM -Name $vm.Name -ResourceGroupName $vm.ResourceGroupName).NetworkProfile).NetworkInterfaces).Id
foreach ($VirtualMachineNetworkInterface in $VirtualMachineNetworkInterfaces) { 
$VirtualMachineNetworkName = $VirtualMachineNetworkInterface.substring($VirtualMachineNetworkInterface.LastIndexOf("/")+1)
$VirtualMachineIPAll = Get-AzNetworkInterface -Name $VirtualMachineNetworkName -ResourceGroupName $vm.ResourceGroupName | Get-AzNetworkInterfaceIpConfig | select-object  PrivateIpAddress,PrivateIpAllocationMethod
if ($Null -eq &VirtualMachineIPAll) { 
$VirtualMachineIPPrivateValue = "NotAssigned"
$VirtualMachineIPPrivateAllocation = "NotAssigned"
}
else {
$VirtualMachineIPPrivateValue = $VirtualMachineIPPrivateValue + $VirtualMachineIPAll.PrivateIpAddress + "  "
$VirtualMachineIPPrivateAllocation = $VirtualMachineIPPrivateAllocation + $VirtualMachineIPAll.PrivateIpAllocationMethod + "  "   
}
} 
$VirtualMachineIPPublicAddress = Get-AzPublicIpAddress -ResourceGroupName $vm.ResourceGroupName -Name $vm.Name -ErrorAction SilentlyContinue
if (($VirtualMachineIPPublicAddress).count -gt '1') {
$VirtualMachineIPsPublicAddress = $VirtualMachineIPsPublicAddress + $VirtualMachineIPPublicAddress.IpAddress + "  "
$VirtualMachineIPsPublicAddressAllocation = $VirtualMachineIPsPublicAddressAllocation + $VirtualMachineIPPublicAddress.PublicIpAllocationMethod + "  "
}
if (($VirtualMachineIPPublicAddress).count -eq '1') {
$VirtualMachineIPsPublicAddress = $VirtualMachineIPsPublicAddress + $VirtualMachineIPPublicAddress.IpAddress
$VirtualMachineIPsPublicAddressAllocation = $VirtualMachineIPsPublicAddressAllocation + $VirtualMachineIPPublicAddress.PublicIpAllocationMethod  
}
if ($Null -eq $VirtualMachineIPPublicAddress) {
$VirtualMachineIPsPublicAddress = "NotAssigned"
$VirtualMachineIPsPublicAddressAllocation = "NotAssigned"  
}

Column 19: Virtual Machine Resource Group Name - can be retrieved from above using this value $vm.ResourceGroupName

Colum 20: Virtual Machine Subscription Name - can be retrieved from above using this value $subscriptionname

Colum 21: Virtual Machine Subscription ID - can be retrieved from above using this value $subscriptionid 

Colum 22: Virtual Machine Tenant ID - can be retrieved from above using this value $servicePrincipalConnection.TenantId


With all these columns you can put together a CSV file that contains all the details of an Azure Virtual Machine needed for internal or external audits.


Thank you!

AmistadGroup IT Team

(https://www.amistadgroup.ro/)


8 views0 comments