Script to Export All Azure SQL Whitelisted Public IPs Within Your Subscription

Recently, I worked on an interesting customer case where they had a requirement to export all the IP addresses that are whitelisted on the Azure SQL Servers within their subscription.

Below is the script that helped customer to export all server-level (public) firewall rules (whitelisted IP ranges) for every Azure SQL logical server in a subscription into a single CSV file.

Set-AzContext -SubscriptionId "sub_ID"
 
# Ensure context exists
$context = Get-AzContext
if (-not $context) {
    throw "No Azure context found. Please run Connect-AzAccount."
}
 
$subId = $context.Subscription.Id
 
# Get servers safely
$servers = Get-AzSqlServer
if (-not $servers) {
    Write-Output "No SQL Servers found in this subscription."
    return
}
 
$results = New-Object System.Collections.Generic.List[object]
 
foreach ($server in $servers) {
 
    # Skip invalid entries (prevents prompt issue)
    if (-not $server.ServerName -or -not $server.ResourceGroupName) {
        Write-Warning "Skipping invalid server object"
        continue
    }
 
    try {
        Write-Output "Processing: $($server.ServerName)"
 
        $firewallRules = Get-AzSqlServerFirewallRule `
            -ResourceGroupName $server.ResourceGroupName `
            -ServerName $server.ServerName `
            -ErrorAction Stop
 
        foreach ($rule in $firewallRules) {
            $results.Add([PSCustomObject]@{
                SubscriptionId   = $subId
                ResourceGroup    = $server.ResourceGroupName
                SqlServerName    = $server.ServerName
                FirewallRuleName = $rule.FirewallRuleName
                StartIP          = $rule.StartIpAddress
                EndIP            = $rule.EndIpAddress
            })
        }
    }
    catch {
        Write-Warning "Failed for server $($server.ServerName): $($_.Exception.Message)"
 
        $results.Add([PSCustomObject]@{
            SubscriptionId   = $subId
            ResourceGroup    = $server.ResourceGroupName
            SqlServerName    = $server.ServerName
            FirewallRuleName = "ERROR_READING_RULES"
            StartIP          = ""
            EndIP            = ""
        })
    }
}
 
# Export
$path = "./AzureSqlServer_PublicFirewallIPs.csv"
$results | Export-Csv -Path $path -NoTypeInformation
 
Write-Output "Export completed: $path"

Once the script executed successfully, follow the steps below to download the CSV file.

1. Clicked on Download
   

    

2. Provide the path as ./AzureSqlServer_PublicFirewallIPs.csv and initiated download
   

    

Overview of what this PowerShell script will exactly do.

• It first sets the target subscription and captures the subscription ID.
• It retrieves all Azure SQL logical servers in that subscription.
• For each server, it fetches the server‑level firewall rules (whitelisted IP addresses and ranges).
• Each firewall rule is recorded with details such as subscription ID, resource group, server name, rule name, start IP, and end IP.
• If any server fails during retrieval (for example, due to permission issues), the script logs a warning and continues processing the remaining servers.
• Finally, all collected data is exported to a CSV file (AzureSqlServer_PublicFirewallIPs.csv) in the Cloud Shell directory.

This allows you to centrally audit and review all whitelisted IPs across Azure SQL Servers in a subscription without stopping execution due to individual server errors.