| 437-991-3573 | Data Engineering Services
Resources Tools
Experts in Microsoft SQL Server on Windows, Linux, Containers | Clusters, Always On, FCI | Migrations, Cloud, Performance

Powershell - Automate Get Azure Traffic Manager EndPoints Monitor Status
by BF (Principal Consultant; Architecture; Engineering)


Use PowerShell to create an Application(Active Directory Application), a Service Principal & then assign that Service
Principal to a Role which grants permissions to read all resources in the subscription.

Once those are created, you can then authenticate, as the Service Principal, to Azure within unattended Powershell code/script.

Authenticating a service principal with Azure Resource Manager

Powershell Code:

This Powershell code will make a call to Azure REST API for Traffic Manager Endpoint Status monitor value & alert using SMPT call & log the
results to a file. One method to automate this is to create a Task Scheduler that calls a batch file that calls Powershell.exe which
executes a .ps1 file.

Note: May need to run Microsoft Web Platform Installer to install Azure Powershell Tools on the Server that runs the Automation
(Task Scheduler) Job.

#Non-Arm - Publish Settings File

$SMTPServer = ""
$SMTPPort = "25"
$Username = ""
$Password = "zyx"
$to = ""
$subject = "Alert - Traffic Manager XYZ - EndPoint disabled or offline"
$message = New-Object System.Net.Mail.MailMessage
#$message.subject = $subject
$message.from = ""
$smtp = New-Object System.Net.Mail.SmtpClient($SMTPServer, $SMTPPort);
#$smtp.EnableSSL = $true
$smtp.Credentials = New-Object System.Net.NetworkCredential($Username, $Password);

$LogFilePath = "C:\Powershell\AzureTrafficManagerEndpointStatusCheck\Log.txt"

$subscription_id = "xyz"
$resource_group_name = "RG_TM_XYZ"
$adTenant = "XYZ"
$profile_name = "XYZ"

#Login-AzureRmAccount w/ previously created Azure Application & Service Principal:
$username = ""
$pass = ConvertTo-SecureString -String "xyz" -AsPlainText -Force
#$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username, $pass
$cred = New-Object System.Management.Automation.PSCredential ("xyz", $pass)
Login-AzureRmAccount -Credential $cred -ServicePrincipal -TenantId "xyz"
#Add-AzureRmAccount -Credential $cred -TenantId $adTenant -SubscriptionId $subscription_id

#Get-AzureRmSubscription -SubscriptionName "xyz"
#Select-AzureRmSubscription -SubscriptionName "xyz"

#Define HTTP Headers, RESTAPI URL, Timeout
$LogHeaders = "Date&Time(UTC)`tEndPoint-Name`tEndPoint-Status`tMonitor-Status"

#add-content -path $LogFilePath -Value $LogHeaders -Force

$RESTAPI_URL = "$subscription_id/resourceGroups/$resource_group_name/providers/Microsoft.Network/trafficManagerProfiles/$profile_name"+"?api-version=2015-11-01";

#Set Timeout
[int] $TimeOut_Sec = 5

#Get the Bearer token for HTTP GET call to Azure:
#Load ADAL Assemblies
$adal = "${env:ProgramFiles(x86)}\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Services\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = "${env:ProgramFiles(x86)}\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Services\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll"
#Set Azure AD Tenant name
#Set well-known client ID for Azure PowerShell
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2"
#Set redirect URI for Azure PowerShell
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"
#Set Resource URI to Azure Service Management API
$resourceAppIdURI = ""
#Set Authority to Azure AD Tenant
$authority = "$adTenant"
#Create Authentication Context tied to Azure AD Tenant
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority

#$userName = ""
#$password = "xyz"
$creds = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential" -ArgumentList $userName,$pass

#Acquire token
$authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId, $creds)
#Create Authorization Header
$authHeader = $authResult.CreateAuthorizationHeader()

$RequestHeader = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$RequestHeader.Add("Authorization", "$authHeader")
$RequestHeader.Add("Content-Type", "application/json")

#Define function for logging in file
function LogDetails
{ param([string]$LogData)

Add-Content -Path $LogFilePath -Value $LogData -Force


#while ($true)
#Create a new PS object to hold the resposne JSON
$RESTResponseJSON = New-Object PSObject;


$RESTResponseJSON = (Invoke-RestMethod -Uri $RESTAPI_URL -Method Get -Headers $RequestHeader -TimeoutSec $TimeOut_Sec -Credential $cred);

foreach ($ep in $

If ($ -notcontains 'Enabled' -or $ -notcontains 'Online') {
add-content -path $LogFilePath -Value $LogHeaders -Force
LogDetails("$((get-date).ToUniversalTime())" +"`t" + $ + "`t" + $ + "`t" + $ )
#Write-Host("$((get-date).ToUniversalTime())" +"`t" + $ + "`t" + $ + "`t" + $ )
$message.subject = "Azure PRD Alert: Traffic Manager: XYZ: " + $ + " " + $

LogDetails("$((get-date).ToUniversalTime())" + "`t"+ "Error: `t" + $_.Exception.Message);

#Adding delay of 10 seconds, you can change to x it if you want to check the endpoint status in every x seconds
#Start-Sleep -Milliseconds 50000


Use Fiddler to capture the HTTP/HTTPS calls to Azure made from the Powershell code:

Image #1: Fiddler - Calls to & from Azure

Image #2: Fiddler - HTTP GET with Bearer Token & HTTP Response