KQL query to list all Service Endpoints
In Azure, we have “Virtual Network”, which is a software-defined network. With this network, you can do many things, including creating a Service Endpoint. A Service Endpoint allows you to extend your virtual network to Azure services over a direct connection.
This is where we need to be very careful. If you create a Service Endpoint to a service, you can access that service from your virtual network while bypassing the central firewall and, of course, the public internet. Therefore, it’s crucial to be aware of the Service Endpoints in your environment and monitor them closely.
Here is a KQL query to list all Service Endpoints in your environment:
1
2
3
4
5
6
7
8
9
10
11
12
resources
| where type =~ "microsoft.network/virtualnetworks"
| project subscriptionId, vNetName = name, subnets = properties.subnets
| mv-expand subnets
| project subscriptionId, vNetName, subnetName = subnets.name, serviceEndpoints = subnets.properties.serviceEndpoints
| where array_length(serviceEndpoints) > 0
| join kind=leftouter (
resourcecontainers
| where type == "microsoft.resources/subscriptions"
| project subscriptionId, subscriptionName = name
) on subscriptionId
| project subscriptionName, subscriptionId, vNetName, subnetName, serviceEndpoints
Maybe the result will be a bit painful to read, but it’s a good starting point to get an overview of your environment.