How we can view attached VMs on Application Security Group

Shaikh, Sufiyan 20 Reputation points
2023-08-11T09:48:52.57+00:00

Could you help to find how we can find what VMs are associated on ASG.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,332 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. msrini-MSFT 9,286 Reputation points Microsoft Employee
    2023-08-21T19:41:11.5+00:00

    Hi,

    AGS is a NIC property once you assign a VM to the ASG group. You will need to get all the NICs in a Resource Group and then loop in all the NICs and check for the below property.

    $nic= Get-AzNetworkInterface -Name <> -ResourceGroupName <>

    $nic.IpConfigurations[0].ApplicationSecurityGroupsText

    Regards,

    Karthik Srinivas

    3 people found this answer helpful.

  2. Sean 15 Reputation points
    2024-01-03T20:14:13.5766667+00:00

    I was able to run a query in resource graph explorer to query across a resource group/subscription/whatever. Tweak as needed.

    resources
    | where type == "microsoft.network/networkinterfaces" and resourceGroup == "Your RG Here"
    | mv-expand properties.ipConfigurations
    | mv-expand asgID=properties_ipConfigurations.properties.applicationSecurityGroups
    | parse asgID with * "/applicationSecurityGroups/" asg '"' *
    | parse properties.virtualMachine.id with * "/virtualMachines/" vmName
    | summarize make_list(asg) by vmName
    
    3 people found this answer helpful.

  3. Prrudram-MSFT 27,786 Reputation points
    2023-08-12T07:05:31.7666667+00:00

    Hello @Shaikh, Sufiyan

    Azure's Application Security Groups (ASGs) are used to configure network security group rules using application attributes rather than IP addresses. However, they are not directly related to managing virtual machines (VMs) or viewing attached VMs. Instead, ASGs help you define security rules based on the application or service characteristics.

    ASGs are used to group VMs with similar roles, allowing network security group rules to be defined based on the application attributes associated with those groups.

    However, if you are interested in finding out which ASGs are associated with a specific VM, you would need to examine the networking details on VM blade.

    To see which ASG is associated with a VM, you can follow these steps:

    Using Azure Portal:

    • Go to the "Virtual Machines" section in the Azure Portal.
    • Select the VM for which you want to view the NSG rules.
    • In the VM's blade, under the "Settings" section, you should see an option for "Networking" or "Networking settings."
    • Here, you will find the no. of Application Security Groups that are associated with the VM. Click on it to navigate to the ASG

    Reference: https://learn.microsoft.com/en-us/azure/virtual-network/application-security-groups

    If this does answer your question, please accept it as the answer as a token of appreciation.

    1 person found this answer helpful.
    0 comments No comments

  4. Shaikh, Sufiyan 20 Reputation points
    2023-08-14T10:48:36.62+00:00

    Thank you for this information @Prrudram-MSFT

    Through this I have to go on every VM to get the attached ASGs however I was looking some sort of powershell script where we can get across resource groups ASGs associated VMs because I need to documents this across 100+ RGs.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.