Azure

Extract Azure Datacenter IP ranges to CSV

Q: What is the purpose of extracting Azure datacenter IP ranges to CSV?

Extracting Azure datacenter IP ranges to CSV helps with network security, firewall configurations, and understanding Microsoft's Azure infrastructure. The CSV format makes it easy to organize, filter, and reference IP ranges for various Azure services and regions across your organization.

Q: Where does the PowerShell script get the Azure IP ranges data from?

The script fetches the data from Microsoft's official Download Center by downloading a JSON file containing Azure IP Ranges and Service Tags. This JSON file is the authoritative source for all current Azure datacenter IP ranges and is updated weekly to reflect changes in Azure's infrastructure.

Q: How often are Azure IP ranges updated?

Azure IP ranges are updated weekly, reflecting the dynamic and constantly evolving nature of Microsoft's Azure platform. This means you should regularly run the script or re-download the data to ensure you have the most current IP ranges for your security and firewall policies.

Q: What information is included in the CSV output file?

The CSV output file contains five key columns: Name (service tag name), Region (geographical location), Platform (Azure platform type), SystemService (specific Azure service), and AddressPrefix (the actual IP address range). This comprehensive data allows you to filter and organize IP ranges by service, region, or platform as needed.

Q: Do I need to modify the script paths before running it?

Yes, you should update the file paths in the script to match your preferred locations. The script currently uses 'C:temp' for both the JSON and CSV file paths, but you should modify these paths to directories where you want to store the downloaded and processed files.

ARNAV SHARMA

2023.10.14 · 2 MIN READ

Azure General

Extract Azure Datacenter IP ranges to CSV

Last Updated on August 7, 2025 by Arnav Sharma

The PowerShell script, designed for Microsoft’s Azure platform, focuses on extracting and organizing Azure’s datacenter IP ranges, a crucial component for understanding the vast infrastructure of Azure’s public cloud. Originating from the official Microsoft Download Center, the script fetches a JSON file, a format known for its versatility and widespread use in data interchange. This file contains a plethora of IP ranges, often categorized under “Azure IP Ranges and Service Tags.”

Each service tag, a distinctive feature in Azure, represents a group of IP address prefixes associated with specific Azure services. As Azure continues to evolve, these IP ranges are updated weekly, reflecting the dynamic nature of the platform. Furthermore, the data can be related to the Azure Portal, Microsoft’s official web-based interface for managing Azure resources, and the Azure CLI, a command-line tool for interacting with Azure services.

The script’s output, a CSV file, serves as a comprehensive guide to the IP ranges used by Azure, making it indispensable for network security, firewall configurations, and anyone keen on understanding the intricacies of Microsoft’s Azure datacenters. With the rise of regional IP ranges and specific services like SQL having their own ranges, this script ensures that users stay updated with the ever-evolving landscape of Azure’s network infrastructure.

Here is the script to extract Microsoft Azure Datacenter IP Ranges

# Define the URL for Azure IP Ranges and Service Tags JSON file
$url = "https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519"

# Use Invoke-WebRequest to fetch the download link from the confirmation page
$downloadLink = ((Invoke-WebRequest -Uri $url).Links | Where-Object { $_.href -like "*.json" }).href

# Define paths for the downloaded JSON and the resulting CSV
$jsonPath = "C:tempAzureIPRanges.json" #update the location accordingly 
$csvPath = "C:tempAzureIPRanges.csv"   #update the location accordingly 

# Download the JSON file to a local folder
Invoke-WebRequest -Uri $downloadLink -OutFile $jsonPath
Write-Host "JSON file downloaded to $jsonPath"

# Load the JSON data from the local file
$jsonData = Get-Content -Path $jsonPath | ConvertFrom-Json

# Extract IP ranges and save to CSV
$csvData = @()
foreach ($value in $jsonData.values) {
    if ($value.properties.addressPrefixes) {
        foreach ($addressPrefix in $value.properties.addressPrefixes) {
            $csvData += [PSCustomObject]@{
                "Name"           = $value.name
                "Region"         = $value.properties.region
                "Platform"       = $value.properties.platform
                "SystemService"  = $value.properties.systemService
                "AddressPrefix"  = $addressPrefix
            }
        }
    }
}

# Save data to CSV
$csvData | Export-Csv -Path $csvPath -NoTypeInformation
Write-Host "Azure IP Ranges saved to $csvPath"

Arnav Sharma Microsoft MVPMCT

Microsoft Certified Trainer · Cloud · Cybersecurity · AI

I help organisations secure their cloud infrastructure and stay ahead of evolving cyber threats. Microsoft MVP and Certified Trainer, author of Mastering Azure Security, and founder of arnav.au — a platform for practical Cloud, Cybersecurity, DevOps and AI content.

LinkedIn Twitter / X 📖 Mastering Azure Security Book a Session