Findings all Azure SQL Servers with "Deny public network access" disabled

Copper Contributor



I didn't find a way to find all the Azure "SQL Server" objects that has their check box of "Deny public network access" in the Firewall section - disabled.


I also tried the "Azure Resource Graph Explorer",, but could not find any matching object to query by.


Does anyone has an idea how can I find it?


Extra info:

Azure SQL connectivity settings


Deny Public Network Access in Azure Database for MySQL using Azure portal


Lesson Learned #126:Deny Public Network Access,Allow Azure Services and Private Link in SQL Database

5 Replies
Take a look at this Azure Policy:

Configure Azure SQL Server to disable public network access:

You should be able to also use:

# Get the Public Network Access property
(Get-AzSqlServer -ServerName sql-server-name -ResourceGroupName sql-server-group).PublicNetworkAccess
Thank you very much Luke, your links looks really helpful.
Still, I need a way to inventory the current status of this check box across our tenant - is there a way to do it?

@eitan1000Try this:


$AzureSQLServers = Get-AzSqlServer

$results = @()
ForEach ($server in $AzureSQLServers)

  $SQLServer = Get-AzSqlServer -ServerName $server.ServerName -ResourceGroupName $server.ResourceGroupName

  $results += [pscustomobject]@{
    ServerName          = $SQLServer.ServerName
    ResourceGroup       = $SQLServer.ResourceGroupName
    PublicNetworkAccess = $SQLServer.PublicNetworkAccess


Hi @eitan1000 ,


If you want to search across many subscriptions, you could use Azure Resource Graph query instead of PowerShell (where you need to switch / loop between subscriptions):


| where ['type'] =~ 'Microsoft.Sql/servers'
| where properties['publicNetworkAccess'] == 'Enabled'