Checking Open Ports in Azure

Let’s be honest here, data security is really important to me.  Some people probably think that I go to extremes to ensure that my data as well as my customers data is secured.  With that, sometime ago, I wrote a blog post on utilizing a VPN server that I built on an Azure Virtual Machine to help facilitate a secure connection whenever I am away from my home network.  Using a VPN server is a great way to ensure security and peace of mind.

Turns out that the server got hacked.  And it was my fault.

See, if you leave certain ports open to the outside world like I did, you are just asking for hackers to attack you.  And that’s exactly what happened.  When I first created the virtual machine, I mistakenly left port 3389, which is used to make remote desktop protocol (RDP) connections, open and available to the world.  There wasn’t any rule in place limiting those connections to a certain IP address or ranges, so it was a free for all for hackers.   By the way, hackers will routinely scan IP addresses looking for open ports so it was only natural that eventually one would find me.

Ironically, the hackers wanted bitcoin funds to release the virtual machine back to me.   I quickly laughed at them and promptly deleted the entire machine off of Azure.  Once the VM was removed, I was able to get a new virtual machine stood up, along with the VPN software re-installed, and available for connections within about 30 minutes.  I did make sure to apply certain Network Security Group (NSG) rules to help prevent this from happening again.

Azure Advisor

This was a great learning lesson for me, however it got me thinking about network security in Azure and ways to prevent this.  One way to do this is to utilize the Azure Advisor.  The Advisor offers up security recommendations (as well as recommendations in other categories) that will help further harden your Azure foot print.  These recommendations can range from NSG rules, enabling auditing, or installing endpoint protection solutions that will actively monitor for viruses and malware.  Here’s an example of what a report looks like:

As you can see, you can walk through all recommendations and decide on whether or not to implement them.  Keep in mind that some of the recommendations might incur additional costs against the respective subscriptions so make sure to evaluate them carefully.


In conjunction with Azure Advisor, I also decided to utilize Powershell.   I thought that having a script that I could easily run on an ad-hoc basis would help me to identify any open ports that I might have.  Later I’ll automate this in some fashion, probably via Runbooks, but for now just having a script is handy enough for me.

The script is fairly basic in that it will loop through all of the subscriptions that are associated with your login, look for any NSG’s in which the source address is “*” (essentially this means any source IP address) and the Access method is set to “Allow”.   This, of course, is adjustable for your needs so feel free to play around with the values.   The script will also output the NSG’s which satisfy those requirements to a file and then subsequently open the file.

Let’s step through it!!

First, I’m going to set a path to the local file in which to export the output.   After that I need to authenticate to my Azure subscription.  If you are already connected and authenticated in the context of Powershell, the script will check for that and skip the login process accordingly.

Once we are authenticated and logged in, we can then start to loop through things.  We will loop through every subscription and then within every subscription, checking every NSG for open ports.  If the NSG has an open port, it will output the results into the file we specified in the step above.

Once the file has been populated, we can open the file with the Invoke-Item cmdlet which will open the text file into your default text editor, usually Notepad.

Here is the entire script put together:

You can also find the script in Github located here.


As a data professional, security should and is always on my mind.  Understanding the risks of using technology will help you find methods to prevent unauthorized access.  In this case, the hacker only really caused me about 30 minutes of time to rebuild my server, however they taught me a great lesson in security.  Even in your development environments, make sure to review your security rules so that this doesn’t happen to you.


© 2019, John Morehouse. All rights reserved.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.