Created
July 7, 2025 15:41
-
-
Save jochenvw/393585604d0750ed085c7161cc72481b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Checks Advanced Threat Protection (ATP) status for all CosmosDB accounts across all accessible Azure subscriptions. | |
| .DESCRIPTION | |
| This script enumerates all Azure subscriptions you have access to, switches context to each subscription, and lists all CosmosDB accounts within each. For each CosmosDB account, it queries the ATP (Advanced Threat Protection) status and collects the results. | |
| The results are displayed in a table and exported to a CSV file. | |
| .REQUIREMENTS | |
| - Azure CLI (az) must be installed and logged in. | |
| - Sufficient permissions to list subscriptions and CosmosDB accounts, and to query ATP status. | |
| .OUTPUTS | |
| - Table summary in the console. | |
| - CSV file: cosmosdb_atp_status.csv | |
| .NOTES | |
| - The script uses 'az account set' to switch context for each subscription, as 'az cosmosdb list' only returns accounts for the active subscription. | |
| - ATP status may not be available for all accounts; errors are handled and reported. | |
| .EXAMPLE | |
| PS> .\get-cosmosdb-atp-status.ps1 | |
| # This will print a table and export a CSV with ATP status for all CosmosDB accounts you can access. | |
| #> | |
| Write-Host "Starting CosmosDB ATP status check..." -ForegroundColor Cyan | |
| # Requires: az CLI logged in, and access to all subscriptions you want to check | |
| $ErrorActionPreference = 'Stop' | |
| # Get all subscriptions | |
| $subscriptions = az account list --query "[].{id:id, name:name}" -o json | ConvertFrom-Json | |
| $results = @() | |
| foreach ($sub in $subscriptions) { | |
| $subId = $sub.id | |
| Write-Host "\nSwitching to subscription: $($sub.name) ($subId)" -ForegroundColor Yellow | |
| az account set --subscription $subId | Out-Null | |
| $cosmosAccounts = az cosmosdb list --query "[].{name:name, rg:resourceGroup}" -o json | ConvertFrom-Json | |
| if (-not $cosmosAccounts) { | |
| Write-Host "No CosmosDB accounts found in this subscription." -ForegroundColor DarkGray | |
| continue | |
| } | |
| foreach ($acct in $cosmosAccounts) { | |
| $acctName = $acct.name | |
| $rg = $acct.rg | |
| Write-Host " Checking ATP for CosmosDB: $acctName in RG: $rg..." -ForegroundColor Green | |
| $atp = $null | |
| try { | |
| $atp = az rest --method get --url "/subscriptions/$subId/resourceGroups/$rg/providers/Microsoft.DocumentDB/databaseAccounts/$acctName/providers/Microsoft.Security/advancedThreatProtectionSettings/current?api-version=2019-01-01" -o json | ConvertFrom-Json | |
| } catch { | |
| Write-Host " Failed to retrieve ATP status (may not be enabled or accessible)." -ForegroundColor Red | |
| $atp = $null | |
| } | |
| $isEnabled = if ($atp -and $atp.properties -and $null -ne $atp.properties.isEnabled) { $atp.properties.isEnabled } else { $null } | |
| Write-Host " ATP Enabled: $isEnabled" | |
| $results += [PSCustomObject]@{ | |
| Subscription = $sub.name | |
| SubscriptionId = $subId | |
| ResourceGroup = $rg | |
| CosmosDbAccount = $acctName | |
| ATP_Enabled = $isEnabled | |
| } | |
| } | |
| } | |
| # Output as table | |
| Write-Host "\nSummary Table:" -ForegroundColor Cyan | |
| $results | Format-Table -AutoSize | |
| # Output as CSV | |
| $csvPath = "cosmosdb_atp_status.csv" | |
| $results | Export-Csv -Path $csvPath -NoTypeInformation -Encoding UTF8 | |
| Write-Host "\nResults exported to $csvPath" -ForegroundColor Cyan |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment