Azure Datacenter IP ranges from PowerShell to XML

Azure recently released an update to inform that the Weekly publication of Azure datacenter IP ranges (also known as XML files) for Azure PublicChina, and Germany will be deprecated by June 30, 2020. Below is the update that was sent out:-

Instead, you can now download the updated weekly publications (also known as JSON files) or programmatically retrieve this information using the Service Tag Discovery API to integrate with an on-premises firewall. 

You can download and integrate with an on-premises firewall the list of service tags with prefix details on the following weekly publications for Azure PublicUS governmentChina, and Germany clouds.
You can also programmatically retrieve this information using the Service Tag Discovery API (Public Preview) – RESTAzure PowerShell, and Azure CLI.

Interesting, but you still may need the requirement to have these datacentre IP ranges in XML format, well I have worked on some PowerShell to export the datacentre & IP ranges in the same XML format as previous.

Time to PowerShell

To get the regions and current IP address ranges I will be using the module: Get-AzNetworkServiceTag

Lets dive in to get the required info

Get-AzNetworkServiceTag -Location eastus2

Notice Values show some regions? Time to drill into that

$NetworkServiceTag = Get-AzNetworkServiceTag -Location eastus2

Huge output, showing all resources & each resource includes its own region

Now have the resources, although no region or IP addressing? Lets check out properties


Now we have Regions & IP addressing, now to work out the data we want to ingest into PowerShell and extract via XML.

Each Service output has a blank region – this is all the IP address prefixes for each resource. This wasn’t needed for this scenario though!

Scrolling down the output further, you will notice a list Regions that have no System Service – this is the region data we need

$NetworkServiceTag.Values.Properties | Where-Object { $_.SystemService -eq "" } | Where-Object { $_.Region -ne "" }

Lets arrange the data on how we want it displayed in PowerShell

$data = $NetworkServiceTag.Values.Properties | Where-Object { $_.SystemService -eq "" } | Where-Object { $_.Region -ne "" }

    foreach ($region in $data) {

Time to convert this now into XML, thanks to my work colleague for assisting with the script for the XML conversion.

$tmp_path = "$env:TEMP\tmp.xml"

$NetworkServiceTag = Get-AzNetworkServiceTag -Location eastus2

$data = $NetworkServiceTag.Values.Properties | Where-Object { $_.SystemService -eq "" } | Where-Object { $_.Region -ne "" }

$doc = New-Object -Type System.Xml.XmlDocument
$root = $doc.CreateElement('AzurePublicIpAddresses')

$data | %{
    $region_name = $_.Region
    $subnets = $_.AddressPrefixes
    $region_elem = $doc.CreateElement('Region')
    $root.AppendChild($region_elem) | Out-Null
    $region_elem.SetAttribute('Name', $region_name)
    $subnets | %{
        $subnet_elem = $doc.CreateElement('IpRange')
        $region_elem.AppendChild($subnet_elem) | Out-Null

Get-Content $tmp_path

Snippet of .XML output below

1 comment

  1. Hi Thomas,
    I have a requirement to give a static IP for the partners of my company to whitelist on their firewalls for all the logic Apps that we use to connect to them. Is there a way to do it.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s