Open in app

Sign in

Write

Sign in

Releases/FindAllSubscriptionsUnderManagementGroup.ps1

Luke Tyler Williams
3 min readMar 20, 2021

v1 release

This article is for the release of a script named ‘FindAllSubscriptionsUnderManagementGroup.ps1’.

Github link — https://github.com/luketylerwilliams/AzureDev/tree/master/Releases/FindAllSubscriptionsUnderManagementGroup

At the time of writing there is no quick way of retrieving all of the subscriptions under a given scope. Admittedly if you only have one top-level management group then you can view those easily from the portal but from my experience I have seen complex hierarchical structures which can encompass numerous management groups and in-turn subscriptions. This can be due to any number of reasons but the most likely is often due to data sovereignty and jurisdictions applicable to data from region-to-region.

Currently, there are two commands you can try to use to find the information you require; Get-AzSubscription and Get-AzManagementGroup. However, using either method only provides you with information relevant to the scope you specify. Thus, no easy way to retrieve the information fast and easily from a complex hierarchy.

Similarly, what if you want effect resources or certain resource types across multiple subscriptions? You must set your context to subscription you wish to affect one by one and perform the action. The Azure Powershell command for this is Set-AzContext. The context specified must be a Tenant Id (optional but relevant if you are working across environments) and a Subscription. But what if you want effect resources or certain resource types across multiple subscriptions?

An added benefit of this script is that it can act as baseline logic for future scripts to pull all of the subscriptions from a given management group scope. This array of subscriptions can then be iterated through in other processes or actions you need to take.

Usage

Parameters:

  • -Scope <Management-Group-Id> — The scope requires the management group id of the management group you wish to target

How to use step-by-step:

  • Run the script from your local machine, e.g. ./FindAllSubscriptionsUnderMG.ps1 -Scope “Global”. You will be prompted to login.
  • The script will then check if the scope provided is valid. If it is then it will enumerate through everything beneath that scope and provide a final output depicting the structure of management groups and subscriptions

Example Environment

Using the script for the following example architecture we can see the output.

Example Architecture (FindAllSubscriptionsUnderManagementGroup-ExampleArchitecture.png)

So, setting the scope to the Global Management Group Id we are given..

Example of script output for Example Architecture

We can see the structure of the management groups, the output is ‘Parent ||| Child’ and the long GUID is a subscription.

In this architecture we have only one subscription but can understand how it would be useful in a much larger and complex environment.

Future improvement ideas

  • Make it more clear in the output what is a subscription and what is a management group

Wrapping up

I hope you’ve enjoyed the article. If you have any questions, ideas, or suggestions, please feel free to reach out via Twitter or in the comments below!

Thanks for reading!

Azure
Powershell
Management Group
Subscriptions

--

--

Luke Tyler Williams

Written by Luke Tyler Williams

5 Followers

A collection of azure articles and ramblings // Cloud Security Consultant @ CloudSentry // Comments and thoughts are my own

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams