Last Updated on August 7, 2025 by Arnav Sharma
The PowerShell script, designed for Microsoft’s Azure platform, focuses on extracting and organizing Azure’s datacenter IP ranges, a crucial component for understanding the vast infrastructure of Azure’s public cloud. Originating from the official Microsoft Download Center, the script fetches a JSON file, a format known for its versatility and widespread use in data interchange. This file contains a plethora of IP ranges, often categorized under “Azure IP Ranges and Service Tags.”
Each service tag, a distinctive feature in Azure, represents a group of IP address prefixes associated with specific Azure services. As Azure continues to evolve, these IP ranges are updated weekly, reflecting the dynamic nature of the platform. Furthermore, the data can be related to the Azure Portal, Microsoft’s official web-based interface for managing Azure resources, and the Azure CLI, a command-line tool for interacting with Azure services.
The script’s output, a CSV file, serves as a comprehensive guide to the IP ranges used by Azure, making it indispensable for network security, firewall configurations, and anyone keen on understanding the intricacies of Microsoft’s Azure datacenters. With the rise of regional IP ranges and specific services like SQL having their own ranges, this script ensures that users stay updated with the ever-evolving landscape of Azure’s network infrastructure.
Here is the script to extract Microsoft Azure Datacenter IP Ranges
# Define the URL for Azure IP Ranges and Service Tags JSON file
$url = "https://www.microsoft.com/en-us/download/confirmation.aspx?id=56519"
# Use Invoke-WebRequest to fetch the download link from the confirmation page
$downloadLink = ((Invoke-WebRequest -Uri $url).Links | Where-Object { $_.href -like "*.json" }).href
# Define paths for the downloaded JSON and the resulting CSV
$jsonPath = "C:tempAzureIPRanges.json" #update the location accordingly
$csvPath = "C:tempAzureIPRanges.csv" #update the location accordingly
# Download the JSON file to a local folder
Invoke-WebRequest -Uri $downloadLink -OutFile $jsonPath
Write-Host "JSON file downloaded to $jsonPath"
# Load the JSON data from the local file
$jsonData = Get-Content -Path $jsonPath | ConvertFrom-Json
# Extract IP ranges and save to CSV
$csvData = @()
foreach ($value in $jsonData.values) {
if ($value.properties.addressPrefixes) {
foreach ($addressPrefix in $value.properties.addressPrefixes) {
$csvData += [PSCustomObject]@{
"Name" = $value.name
"Region" = $value.properties.region
"Platform" = $value.properties.platform
"SystemService" = $value.properties.systemService
"AddressPrefix" = $addressPrefix
}
}
}
}
# Save data to CSV
$csvData | Export-Csv -Path $csvPath -NoTypeInformation
Write-Host "Azure IP Ranges saved to $csvPath"
Thanks for sharing this script, Arnav! This is incredibly helpful for anyone managing network security or firewall rules across Azure environments. Having the IP ranges exported to CSV makes it much easier to integrate with monitoring tools or apply automated rules in enterprise setups.
I also appreciate the explanation around service tags โ itโs easy to overlook how often these IP ranges change, and automating their retrieval is a smart way to stay current without manual updates every week. This kind of practical script is exactly what I look for when managing hybrid and multi-region deployments.
Looking forward to seeing more Azure-focused automation tips from you!