Search code examples
powershellazure-web-app-serviceazure-powershell

Powershell Set deny SCM access restriction on App Service

I'm trying to set via powershell deny option for Source Control Manager in Azure:

enter image description here

enter image description here

i'm executing this code snippet

   $propertiesObject = @{
    http20Enabled = $true;
    ScmIpSecurityRestrictionsUseMain = $true;
    scmIpSecurityRestrictions = @{"Action" = "Deny"};
}

Set-AzResource -PropertyObject $propertiesObject -ResourceGroupName $AppServiceRG -ResourceType Microsoft.Web/sites/config -ResourceName "$AppServiceName/web" -ApiVersion 2022-03-01 -Force

but it is not working i think becouse that option is an object:

enter image description here

enter image description here

How i can set Deny? Any help is really appreciated

Solution

  • I tried in my environment and got below results:

    In azure app service, you can set the unmatched rule action - "Deny" by executing below commands:

    Azure CLI command:

        az resource update --resource-group ResourceGroup --name AppName --resource-type "Microsoft.Web/sites" \
  --set properties.siteConfig.scmIpSecurityRestrictionsDefaultAction=Deny

    Powershell command:

    $Resource = Get-AzResource -ResourceType Microsoft.Web/sites -ResourceGroupName ResourceGroup -ResourceName AppName
$Resource.Properties.siteConfig.scmIpSecurityRestrictionsDefaultAction = "Deny"
$Resource | Set-AzResource -Force

    Console:

    enter image description here

    Portal:

    The above command executed successfully and reflected in portal.

    enter image description here

    For more reference:

    Azure App Service access restrictions - Azure App Service | Microsoft Learn