Powershell to dissociate nsg from subnet.

Question

Powershell to dissociate nsg from subnet.

FATOBA, KIMBERLY 70

Hi All:

I am running the Remove-AzNetworkSecurityGroup pwsh command to delete an NSG, this NSG is currently associated with a subnet but there is no direct access over portal to dissociate from the subnet via Azure portal, so the deletion is stuck.

Can anyone kindly provide a quick pwsh one-liner to dissociate NSG from subnet ?

Many Thanks

GitaraniSharma-MSFT 50,176 Reputation points Microsoft Employee Moderator

2023-05-26T10:58:45.1966667+00:00

Hello @FATOBA, KIMBERLY ,

We noticed your feedback that the previous answer provided by @TP was not helpful. Thank you for taking time to share your feedback.

I have added a detailed answer below with the PowerShell commands. Please take a look and let us if you need further assistance on this issue.

Microsoft is committed to provide a great experience to everyone on Q&A community forum and we would like to help convert your experience to a satisfactory one on our forums. Please reply to this message and let us know what more we could do, and we will be happy to help you further.

If the below answer helps you, we would appreciate if you could re-take the survey and let us know your experience.

We look forward to hearing from you.

Regards, Gita

Answer accepted by question author

1 additional answer

Your answer

GitaraniSharma-MSFT 50,176 Reputation points Microsoft Employee Moderator

2023-05-26T10:58:45.1966667+00:00

Hello @FATOBA, KIMBERLY ,

We noticed your feedback that the previous answer provided by @TP was not helpful. Thank you for taking time to share your feedback.

I have added a detailed answer below with the PowerShell commands. Please take a look and let us if you need further assistance on this issue.

Microsoft is committed to provide a great experience to everyone on Q&A community forum and we would like to help convert your experience to a satisfactory one on our forums. Please reply to this message and let us know what more we could do, and we will be happy to help you further.

If the below answer helps you, we would appreciate if you could re-take the survey and let us know your experience.

We look forward to hearing from you.

Regards, Gita

Answer 1

Hello @FATOBA, KIMBERLY ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I understand that you are running the "Remove-AzNetworkSecurityGroup" PowerShell command to delete an NSG, but this NSG is currently associated with a subnet, and you don't have direct access to Azure portal to dissociate it from the subnet, so the deletion is stuck. You need the PowerShell command to dissociate NSG from subnet.

You can find the PowerShell commands for dissociating a network security group from a subnet in the below doc:

https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-powershell#associate-or-dissociate-a-network-security-group-to-or-from-a-subnet

Instead of declaring the NSG, you can add $null to the Set-AzVirtualNetworkSubnetConfig command to disassociate the NSG as below:

## Place the virtual network configuration into a variable ##

$vnet = Get-AzVirtualNetwork -Name vnetname -ResourceGroupName rgname

## Update the subnet configuration to disassociate the NSG using $null ##

Set-AzVirtualNetworkSubnetConfig -Name subnetname -VirtualNetwork $vnet -AddressPrefix 10.0.0.0/24 -NetworkSecurityGroup $null

## Update the virtual network ##

Set-AzVirtualNetwork -VirtualNetwork $vnet

I tried it in my lab and it works as you can see from the below screenshot:

enter image description here

Then you can delete the NSG using the below command:

Remove-AzNetworkSecurityGroup -Name "nsgname" -ResourceGroupName "rgname"

Kindly let us know if the above helps or you need further assistance on this issue.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

FATOBA, KIMBERLY 70 Reputation points

2023-05-26T11:08:49.6533333+00:00

Ha! understood.. so just set to null. amazing I will try this.

Many Thanks

Answer 2

TP 145.2K Volunteer Moderator

Hi,

If you navigate to the NSG in the Azure portal, open Subnets blade, you can click on the context menu (three dots) to the right of the subnet and choose Disassociate.

Please click Accept Answer if the above was helpful.

Thanks.

-TP

FATOBA, KIMBERLY 70 Reputation points

2023-05-26T09:20:48.1033333+00:00

@TP Thanks for your response, i am however looking for a response outside navigating through the az portal, which is why i specifically requested for pwsh 1 liner.

Thanks
TP 145.2K Reputation points Volunteer Moderator

2023-05-26T11:07:00.8+00:00
@FATOBA, KIMBERLY I interpreted what you wrote as you thought there was no capability in the portal to Dissociate. Sorry about that. Below are the PS commands to Dissociate:

$vnet = Get-AzVirtualNetwork -Name <vnetName> Get-AzVirtualNetworkSubnetConfig -Name <subnetName> -VirtualNetwork $vnet|Set-AzVirtualNetworkSubnetConfig -Name <subnetName> -VirtualNetwork $vnet -AddressPrefix <addressPrefix> -NetworkSecurityGroup $null $vnet|Set-AzVirtualNetwork

Please let me know if I can be of further assistance.

Thanks.
TP 145.2K Reputation points Volunteer Moderator

2023-05-26T11:20:47.09+00:00

@FATOBA, KIMBERLY Glad you got what you needed from Gita. I was testing code in the lab and re-working the simple version I posted above when she replied.
FATOBA, KIMBERLY 70 Reputation points

2023-05-26T11:56:16.35+00:00

Thanks TP, no further requirements

Share via

Powershell to dissociate nsg from subnet.

1 additional answer

Your answer