Windows Azure PowerShell: One script to rule them all

Are you in mobility and you have lots of SQL Azure DB Servers to manage? Does your public IP address change often and you’re sick of having to manually change the SQL Azure firewall rules?

Good news, I’m going to show you a PowerShell script to automatically add a firewall rule to ALL your SQL Azure servers in ALL your subscriptions for your current public Internet IP Address.

PowerShellDownloadBefore start, just be sure that you have installed the latest Windows Azure PowerShell package, that you can download from

Setup your WA PowerShell subscriptions

The first part after downloading the Windows Azure PowerShell package is to setup the subscriptions you have access to. You will need to do this process only once, since the configuration settings will be stored in your profile, but perhaps you would like to revisit it later to add more subscriptions.

Configuring subscriptions by importing a .publishsettings file

The fastest way to setup the subscriptions is by importing a .publishsettings file containing an encoded management certificate data and subscription Ids:

1) Download your publish settings file:

PS C:> Get-AzurePublishSettingsFile

This will open a browser that, after introducing your LiveId, will automatically download your .publishsettings file. This file contains credentials to administer your subscriptions and services, so be sure to store it in a secure location or delete after use.

2) Import your .publishsettings file:

PS C:> Import-AzurePublishSettingsFile MyAzureCredentials.publishsettings

These settings will be stored inside “C:Users<UserName>AppDataRoamingWindows Azure PowerShell” folder.

Configuring subscriptions by using self-signed management certificate

Another way to setup your subscriptions would be to use your own self-signed management certificates, to avoid the automatic creation of management certificates in all your subscriptions and giving you more control on which subscriptions you are going to manage via PowerShell.

1) Create and Upload a Management Certificate for Windows Azure. Follow the instructions described in this MSDN article.

2) Run the following PowerShell script to access your subscription from PowerShell:

$subscriptionId = '<type your subscriptionId here>'

$subscriptionName = '<type a subscription name here>'

$thumbprint = '<paste your management certificate thumbprint here>'


$mgmtCert = Get-Item cert:\CurrentUserMy$thumbprint

Set-AzureSubscription -SubscriptionName $subscriptionName -SubscriptionId $subscriptionId -Certificate $mgmtCert

You can repeat this operation for each subscription you want to manage from PowerShell.

Finally, with both ways of configuring your Azure Subscriptions, you can verify which subscriptions you have setup by running “Get-AzureSubscription” Cmdlet.


One script to rule them all

Now that we have setup the subscriptions, the intention is to create a firewall rule in ALL the SQL Azure servers under ALL my subscriptions for my current public IP address, in order to manage them by using SQL Server Management Studio or whatever other tool.

Based on Alexander Zeitler’s blog post on the matter, I have added some modifications to build the following script that you can save in .ps1 file (I have called it RuleThemAll.ps1 Smile).

# Set a RuleName

$ruleName = "David Laptop"


# Get your public Internet IP Address

$externalIP = (New-Object net.webclient).downloadstring("") -replace "[^d.]"


# Loop all your subscriptions

Get-AzureSubscription | ForEach-Object { 

    Select-AzureSubscription $_.SubscriptionName


    # Loop all your SQL DB servers

    Get-AzureSqlDatabaseServer | ForEach-Object {

        $rule = Get-AzureSqlDatabaseServerFirewallRule -ServerName $_.ServerName -RuleName $ruleName

        if (!$rule) {

            New-AzureSqlDatabaseServerFirewallRule $_.ServerName -RuleName $ruleName -StartIpAddress $externalIP -EndIpAddress $externalIP 


        else {

            Set-AzureSqlDatabaseServerFirewallRule $_.ServerName -RuleName $ruleName -StartIpAddress $externalIP -EndIpAddress $externalIP 




After a while, you will have the rule enabled in all your servers in all your subscriptions.


Hope this helps,

David Rodriguez


David Rodriguez, is a happy Spanish guy living and working in Tenerife (Canary Islands, Spain) where he was born. He is one of the lucky ones who has the opportunity to work with cutting edge technologies at Intelequia as CTO. He has more than 20 years development background mostly based on Microsoft technologies, designing and architecting highly scalable systems like reservation systems for airlines companies. He has been working with Microsoft Azure since it was on CTP, migrating on-premise systems to the cloud, co-founding the .NET User Group TenerifeDev as well as the CSV company Intelequia Software Solutions. He is also the author of different DNN-Azure open source projects available on GitHub such as caching providers, analytics and Azure Active Directory.

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *