PowerShell Commands to Disable Public Access and Enable Private Access for Managed Disk

Question

What are the PowerShell commands to "disable public access and enable private access" for a managed disk instead of doing it manually?

@Ashok Gandhi Kotnana would really appreciate support on this. Thanks!

Answer 1

Hi @Nana Poku,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
Hope you are doing well.

Sorry for the delay response.

Note: Please follow the same steps I shared in earlier Question since you already have an Automation Account, create a Runbook, then enable the managed identity, assign a role, and grant Contributor access to the Automation Account or the managed identity.

Script Explain below: -

This script creates a disk access resource, retrieves a disk object, associates it with the disk access resource, updates its network access policy to allow private access only, and disables public network access, then verifies the changes.

This script configures a managed disk in Azure to use private access by linking it to a Disk Access resource, enabling private network access, and disabling public access.

Script Below: -

# Connect to Azure with system-assigned managed identity
$AzureContext = (Connect-AzAccount -Identity).context

# Set and store context
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext


$diskAccess = Get-AzDiskAccess -ResourceGroupName $resourceGroupName -Name $diskAccessName

# Get the disk object

$disk = Get-AzDisk -ResourceGroupName $resourceGroupName -DiskName $diskName

if ($disk) {

    # Set Disk Access and NetworkAccessPolicy

    $disk.DiskAccessId = $diskAccess.Id

    $disk.NetworkAccessPolicy = "AllowPrivate"

    $disk.PublicNetworkAccess = "Disabled"

    # Update the disk

    Update-AzDisk -ResourceGroupName $resourceGroupName -DiskName $diskName -Disk $disk

} else {

    Write-Error "Failed to retrieve disk object. Please verify resource group and disk name."

}

Get-AzDisk -ResourceGroupName $resourceGroupName -DiskName $diskName | Select-Object Name, NetworkAccessPolicy, DiskAccessId

# Variables

$resourceGroupName = "ashok-1"

$diskName = "vm-ashok_OsDisk_1_7644d1e256d248049e26cf28fadea789"

$diskAccessName = "myDiskAccess"

# Get or create the Disk Access resource

$diskAccess = Get-AzDiskAccess -ResourceGroupName $resourceGroupName -Name $diskAccessName -ErrorAction SilentlyContinue

if (-not $diskAccess) {

  $diskAccess = New-AzDiskAccess -ResourceGroupName $resourceGroupName -Name $diskAccessName

}

# Get the disk object

$disk = Get-AzDisk -ResourceGroupName $resourceGroupName -DiskName $diskName

# Check if the disk object is retrieved successfully

if ($disk) {

  # Modify the properties of the disk object

  $disk.DiskAccessId = $diskAccess.Id

  $disk.NetworkAccessPolicy = "AllowPrivate"

  $disk.PublicNetworkAccess = "Disabled"

  # Update the disk with the modified properties

  Update-AzDisk -ResourceGroupName $resourceGroupName -DiskName $diskName -Disk $disk

  Write-Output "Disk updated successfully with private access."

} else {

  Write-Error "Failed to retrieve disk object. Please verify resource group and disk name."

}

Please find the below Artifact

Feel free to reach out if you have any further questions or need additional information—I’m happy to assist!

Please provide your valuable comments

Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.