Microsoft Azure As Built Report is a PowerShell module which works in conjunction with AsBuiltReport.Core.
AsBuiltReport is an open-sourced community project which utilises PowerShell to produce as-built documentation in multiple document formats for multiple vendors and technologies.
Please refer to the AsBuiltReport website for more detailed information about this project.
The Microsoft Azure As Built Report currently supports reporting for the following Azure resources;
Below are the instructions on how to install, configure and generate a Microsoft Azure As Built report.
This report is compatible with the following PowerShell versions;
Windows PowerShell 5.1 | PowerShell 7 |
---|---|
:white_check_mark: | :white_check_mark: |
PowerShell 5.1 or PowerShell 7, and the following PowerShell modules are required for generating a Microsoft Azure As Built Report.
The Microsoft Azure as built report requires an Azure AD account. This report will not work with personal Azure accounts.
The least privileged roles required to generate a Microsoft Azure As Built Report are;
Open a PowerShell terminal window and install each of the required modules.
:warning: Microsoft Az 9.4.0 or higher is required. Please ensure older Az modules have been uninstalled.
install-module Az -MinimumVersion 9.4.0
install-module AsBuiltReport.Microsoft.Azure
If you are unable to use the PowerShell Gallery, you can still install the module manually. Ensure you repeat the following steps for the system requirements also.
AsBuiltReport.Microsoft.Azure
to a path that is set in $env:PSModulePath
.$path = (Get-Module -Name AsBuiltReport.Microsoft.Azure -ListAvailable).ModuleBase; Unblock-File -Path $path\*.psd1; Unblock-File -Path $path\Src\Public\*.ps1; Unblock-File -Path $path\Src\Private\*.ps1
Note: You are not limited to installing the module to those example paths, you can add a new entry to the environment variable PSModulePath if you want to use another path.
The Microsoft Azure As Built Report utilises a JSON file to allow configuration of report information, options, detail and healthchecks.
A Microsoft Azure report configuration file can be generated by executing the following command;
New-AsBuiltReportConfig -Report Microsoft.Azure -FolderPath <User specified folder> -Filename <Optional>
Executing this command will copy the default Microsoft Azure report JSON configuration to a user specified folder.
All report settings can then be configured via the JSON file.
The following provides information of how to configure each schema within the report's JSON file.
The Report schema provides configuration of the Microsoft Azure report information.
Sub-Schema | Setting | Default | Description |
---|---|---|---|
Name | User defined | Microsoft Azure As Built Report | The name of the As Built Report |
Version | User defined | 1.0 | The report version |
Status | User defined | Released | The report release status |
ShowCoverPageImage | true / false | true | Toggle to enable/disable the display of the cover page image |
ShowTableOfContents | true / false | true | Toggle to enable/disable table of contents |
ShowHeaderFooter | true / false | true | Toggle to enable/disable document headers & footers |
ShowTableCaptions | true / false | true | Toggle to enable/disable table captions/numbering |
The Options schema allows certain options within the report to be toggled on or off.
Sub-Schema | Setting | Default | Description |
---|---|---|---|
ShowSectionInfo | true / false | true | Toggle to enable/disable information relating to Azure resources within each section. |
The Filter schema allows report content to be filtered to specific Azure subscriptions within a tenant.
Sub-Schema | Setting | Default | Description |
---|---|---|---|
Subscription | User defined | * | Filters report content to specific Azure subscription IDs within a tenant. Specifying an asterisk (*) will generate a report for all Azure subscriptions within a tenant. |
"Filter": {
"Subscription": ["*"]
},
"Filter": {
"Subscription": ["555fff88-777d-1234-987a-23bc67890z5","666dfg67-654h-1234-984f-08kb67834y8"]
},
The InfoLevel schema allows configuration of each section of the report at a granular level. The following sections can be set.
There are 4 levels (0-3) of detail granularity for each section as follows;
Setting | InfoLevel | Description |
---|---|---|
0 | Disabled | Does not collect or display any information |
1 | Enabled / Summary | Provides summarised information for a collection of objects |
2 | Detailed | Provides detailed information for individual objects |
3 | Comprehensive | Provides comprehensive information for individual objects, such as advanced configuration settings |
The table below outlines the default and maximum InfoLevel settings for each section.
Sub-Schema | Default Setting | Maximum Setting |
---|---|---|
AvailabilitySet | 1 | 1 |
Bastion | 1 | 2 |
ExpressRoute | 1 | 2 |
Firewall | 1 | 3 |
IpGroup | 1 | 2 |
KeyVault | 1 | 1 |
LoadBalancer | 1 | 2 |
PolicyAssignment | 1 | 1 |
RecoveryServicesVault | 1 | 2 |
RouteTable | 1 | 2 |
SiteRecovery | 1 | 1 |
StorageAccount | 1 | 2 |
VirtualNetwork | 1 | 2 |
VirtualMachine | 1 | 2 |
The Healthcheck schema is used to toggle health checks on or off.
The ExpressRoute schema is used to configure health checks for Azure ExpressRoute.
Sub-Schema | Setting | Default | Description | Highlight |
---|---|---|---|---|
CircuitStatus | true / false | true | Highlights ExpressRoute circuits which are not enabled | ExpressRoute circuit is not enabled |
The SiteRecovery schema is used to configure health checks for Azure Site Recovery.
Sub-Schema | Setting | Default | Description | Highlight |
---|---|---|---|---|
ReplicationHealth | true / false | true | Highlights replicated items which are in a critical state | Replication health is in a critical state |
FailoverHealth | true / false | true | Highlights the failover health status of replicated items | A successful test failover has not been performed on the replicated item |
The StorageAccount schema is used to configure health checks for Azure Storage Account.
Sub-Schema | Setting | Default | Description | Highlight |
---|---|---|---|---|
ProvisioningState | true / false | true | Provisioning is in a critical state | |
EnableHttpsTrafficOnly | true / false | true | ||
PublicNetworkAccess | true / false | true | ||
MinimumTlsVersion | true / false | true |
The VirtualMachine schema is used to configure health checks for Azure Virtual Machines.
Sub-Schema | Setting | Default | Description | Highlight |
---|---|---|---|---|
Status | true / false | true | Highlights VMs which are not in a running state | VM is in a deallocated state |
DiskEncryption | true / false | true | Highlights VMs which do not have disk encryption enabled | Disk encryption is not enabled |
BootDiagnostics | true / false | true | Highlights VMs which do not have boot diagnostics enabled with a custom storage account | Boot diagnostics is disabled Boot diagnostics is enabled with a managed storage account |
BackupEnabled | true / false | true | Highlights VMs which do not have Azure Backup enabled | Backup is disabled |
# Generate a Microsoft Azure As Built Report for Tenant ID '555fff88-777d-1234-987a-23bc67890z5' using multifactor authentication. Export report to HTML & DOCX formats. Use default report style. Append timestamp to report filename. Save reports to 'C:\Users\Tim\Documents'
PS C:\> New-AsBuiltReport -Report Microsoft.Azure -Target '555fff88-777d-1234-987a-23bc67890z5' -MFA -Format Html,Word -OutputFolderPath 'C:\Users\Tim\Documents' -Timestamp
# Generate a Microsoft Azure As Built Report for Tenant ID '555fff88-777d-1234-987a-23bc67890z5' using specified credentials and report configuration file. Export report to Text, HTML & DOCX formats. Use default report style. Save reports to 'C:\Users\Tim\Documents'. Display verbose messages to the console.
PS C:\> New-AsBuiltReport -Report Microsoft.Azure -Target '555fff88-777d-1234-987a-23bc67890z5' -Username 'tim@acme.com' -Password 'MyP@ssw0rd!' -Format Text,Html,Word -OutputFolderPath 'C:\Users\Tim\Documents' -ReportConfigFilePath 'C:\Users\Tim\AsBuiltReport\AsBuiltReport.Microsoft.Azure.json' -Verbose
# Generate a Microsoft Azure As Built Report for Tenant ID '555fff88-777d-1234-987a-23bc67890z5' using stored credentials. Export report to HTML & Text formats. Use default report style. Highlight environment issues within the report. Save reports to 'C:\Users\Tim\Documents'.
PS C:\> $Creds = Get-Credential
PS C:\> New-AsBuiltReport -Report Microsoft.Azure -Target '555fff88-777d-1234-987a-23bc67890z5' -Credential $Creds -Format Html,Text -OutputFolderPath 'C:\Users\Tim\Documents' -EnableHealthCheck
# Generate a Microsoft Azure As Built Report for Tenant ID '555fff88-777d-1234-987a-23bc67890z5' using specified credentials. Report exports to WORD format by default. Apply custom style to the report. Reports are saved to the user profile folder by default.
PS C:\> New-AsBuiltReport -Report Microsoft.Azure -Target '555fff88-777d-1234-987a-23bc67890z5' -Username 'joe@acme.com' -Password 'MyP@ssw0rd!' -StyleFilePath 'C:\Scripts\Styles\MyCustomStyle.ps1'
# Generate a Microsoft Azure As Built Report for Tenant ID '555fff88-777d-1234-987a-23bc67890z5' using multifactor authentication. Export report to HTML & DOCX formats. Use default report style. Reports are saved to the user profile folder by default. Attach and send reports via e-mail.
PS C:\> New-AsBuiltReport -Report Microsoft.Azure -Target '555fff88-777d-1234-987a-23bc67890z5' -MFA -Format Html,Word -OutputFolderPath 'C:\Users\Tim\Documents' -SendEmail