Document Details
Diagnose Vm Network Traffic Filtering Problem Powershell
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Detected Bias Types
powershell_heavy
windows_first
missing_linux_example
windows_tools
Summary
The documentation is heavily focused on Azure PowerShell, providing only PowerShell-based examples and instructions. There are no examples or guidance for using Azure CLI, Bash, or other cross-platform tools, even though the scenario (diagnosing VM network issues) is relevant for both Windows and Linux users. The prerequisites and step-by-step instructions assume the use of PowerShell, which is more familiar to Windows users, and there is no mention of Linux-native workflows or tools.
Recommendations
- Add equivalent Azure CLI (az) command examples alongside PowerShell commands for each step.
- Explicitly mention that Azure Cloud Shell supports both Bash and PowerShell, and provide instructions for both.
- Include a section or callout for Linux users, highlighting any differences or additional considerations.
- Where possible, use cross-platform terminology and avoid assuming PowerShell as the default shell.
- Link to documentation for both Azure PowerShell and Azure CLI installation and usage.
Create Pull Request
Scan History
| Date | Scan | Status | Result |
|---|---|---|---|
| 2026-01-14 00:00 | #250 | in_progress |
Biased
|
| 2026-01-13 00:00 | #246 | completed |
Biased
|
| 2026-01-11 00:00 | #240 | completed |
Biased
|
| 2026-01-10 00:00 | #237 | completed |
Biased
|
| 2026-01-09 00:34 | #234 | completed |
Biased
|
| 2026-01-08 00:53 | #231 | completed |
Biased
|
| 2026-01-06 18:15 | #225 | cancelled |
 Clean
|
| 2025-08-17 00:01 | #83 | cancelled |
Clean
|
| 2025-07-13 21:37 | #48 | completed |
Biased
|
| 2025-07-12 23:44 | #41 | cancelled |
Biased
|
| 2025-07-09 13:09 | #3 | cancelled |
Clean
|
| 2025-07-08 04:23 | #2 | cancelled |
Biased
|
Flagged Code Snippets
1. Create a default network security group using [New-AzNetworkSecurityGroup](/powershell/module/az.network/new-aznetworksecuritygroup).
1. Create a subnet configuration for the virtual machine subnet and the Bastion host subnet using [New-AzVirtualNetworkSubnetConfig](/powershell/module/az.network/new-azvirtualnetworksubnetconfig).
1. Create a virtual network using [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork).
1. Create a virtual machine using [New-AzVM](/powershell/module/az.compute/new-azvm). When prompted, enter a username and password.
## Test network communication using IP flow verify
In this section, you use the IP flow verify capability of Network Watcher to test network communication to and from the virtual machine.
1. Use [Test-AzNetworkWatcherIPFlow](/powershell/module/az.network/test-aznetworkwatcheripflow) to test outbound communication from **myVM** to **13.107.21.200** using IP flow verify (`13.107.21.200` is one of the public IP addresses used by `www.bing.com`):
The result of the fourth test indicates that access is denied from **10.10.10.10** because of the default security rule **DenyAllInBound**. By default, all access to an Azure virtual machine from outside the virtual network is denied.
## View details of a security rule
To determine why the rules in the previous section allow or deny communication, review the effective security rules for the network interface of **myVM** virtual machine using [Get-AzEffectiveNetworkSecurityGroup](/powershell/module/az.network/get-azeffectivenetworksecuritygroup) cmdlet:
You can see in the output that address prefix **13.104.0.0/13** is among the address prefixes of **AllowInternetOutBound** rule. This prefix encompasses the IP address **13.107.21.200**, which you utilized to test outbound communication to `www.bing.com`. Similarly, you can check the other rules to see the source and destination IP address prefixes under each rule. ## Clean up resources When no longer needed, use [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) to delete the resource group and all of the resources it contains: