SourceAddressPrefix of existing ARM Network Security Group rules is boolean?

I am trying to read the existing rules in an ARM-mode network security group, but strangely the SourceAddressPrefix property - the one containing information regarding the whitelisted IP range - is reporting as a boolean value (as in, "True" or "False") in string form.

I have tried retrieving the group using Get-AzureRmNetworkSecurityGroup and reading the ::SecurityRules property and have also tried $nsg | Get-AzureRmNetworkSecurityRuleConfig as well as $nsg | Get-AzureRmNetworkSecurityRuleConfig -Name MyRule. In every case the SourceAddressPrefix of the returned rules is either "True" or "False".

Without that value I can't tell whether there is already a rule in place for the IP I am checking. The system lets me set multiple rules with the same details as long as the Name and Priority are different, so I'm creating duplicates now.

I assume this is some sort of security "feature"? Is there any way to retrieve the actual IP CIDR ranges as displayed in the portal?

EDIT - Due to this coming and going, I'm posting the full code

The code grabs the IP addresses assigned to all NICs in the $proxyResGrp and attempts to whitelist them in the origin resource groups for port 80 and 443.

proxyResGrp = "arr"
originResGrps = "int", "uat", "auth", "live"

elect-AzureRmSubscription -SubscriptionID $subscriptionId -ErrorAction SilentlyContinue -ErrorVariable err | Out-Null
f ( $err ) {
    Login-AzureRmAccount
    Select-AzureRmSubscription -SubscriptionID $subscriptionId -ErrorAction Stop | Out-Null



 get the source IPs for the arr
proxyIPs =  Get-AzureRmNetworkInterface -ResourceGroupName $proxyResGrp | % {
                $_.IpConfigurations | % {
                    if ( $_.PublicIpAddress.Id -like '*Microsoft.Network/publicIPAddresses*' )
                    {
                        $ipAddress = Get-AzureRmResource -ResourceId ($_.PublicIpAddress.Id)
                        $ip = Get-AzureRmPublicIpAddress -ResourceGroupName $ipAddress.ResourceGroupName -Name $ipAddress.Name
                        return @{ IPAddress = $ip.IpAddress; Name = $_.Name }
                    }
                }
            }

 get NSG for each source resourceGroup and add the inbound rules
originResGrps | % {
    $originResGrp = $_
    Get-AzureRmNetworkSecurityGroup -ResourceGroupName $originResGrp | % {
        # have to re-get the NSG for some reason
        $nsg = $_

        $nsg.SecurityRules | ? { $_.SourceAddressPrefix = $arrIP.IPAddress -and $_.DestinationPortRange -eq "80" }
        $rules = $nsg.SecurityRules

        $maxPriority = $rules | Sort Priority -Descending | select Priority -First 1 | % { $_.Priority }

        $isChanged = $false
        foreach ( $proxyIP in $proxyIPs )
        {
            # HTTP
            # $rule = $rules | ? { $_.Name -eq "HTTP-$($arrIP.Name.ToUpper())" }
            $rule = $rules | ? { $_.SourceAddressPrefix -eq $proxyIP.IPAddress -and $_.DestinationPortRange -eq "80" }
            if ( ! $rule )
            {
                $maxPriority += 100
                Write-Host "Creating a rule for HTTP-$($proxyIP.Name.ToUpper()) in nsg '$($nsg.Name)'" -ForegroundColor DarkGreen

                # have to re-get the NSG for some reason
                #Get-AzureRmNetworkSecurityGroup -ResourceGroupName $originResGrp -Name $nsg.Name |
                $nsg |
                    Add-AzureRmNetworkSecurityRuleConfig `
                            -Name "HTTP-$($proxyIP.Name.ToUpper())" `
                            -Protocol Tcp `
                            -SourceAddressPrefix $proxyIP.IPAddress `
                            -SourcePortRange "*" `
                            -DestinationAddressPrefix "*" `
                            -DestinationPortRange "80" `
                            -Access Allow `
                            -Direction Inbound `
                            -Priority $maxPriority
                #   Set-AzureRmNetworkSecurityGroup | 
                #   Out-Null
                $isChanged = $true
            }
            else
            {
                Write-Host "Rule for HTTP-$($proxyIP.Name.ToUpper()) already exists in nsg '$($nsg.Name)'" -ForegroundColor DarkYellow
            }

            # HTTPS
            # $rule = $rules | ? { $_.Name -eq "HTTPS-$($arrIP.Name.ToUpper())" }
            $rule = $rules | ? { $_.SourceAddressPrefix -eq $proxyIP.IPAddress -and $_.DestinationPortRange -eq "443" }
            if ( ! $rule )
            {
                $maxPriority += 100
                Write-Host "Creating a rule for HTTPS-$($proxyIP.Name.ToUpper()) in nsg '$($nsg.Name)'" -ForegroundColor DarkGreen

                # have to re-get the NSG for some reason
                #Get-AzureRmNetworkSecurityGroup -ResourceGroupName $originResGrp -Name $nsg.Name |
                $nsg |
                    Add-AzureRmNetworkSecurityRuleConfig `
                            -Name "HTTPS-$($proxyIP.Name.ToUpper())" `
                            -Protocol Tcp `
                            -SourceAddressPrefix $proxyIP.IPAddress `
                            -SourcePortRange "*" `
                            -DestinationAddressPrefix "*" `
                            -DestinationPortRange "443" `
                            -Access Allow `
                            -Direction Inbound `
                            -Priority $maxPriority
                #   Set-AzureRmNetworkSecurityGroup | 
                #   Out-Null
                $isChanged = $true
            }
            else
            {
                Write-Host "Rule for HTTPS-$($proxyIP.Name.ToUppeR()) already exists in nsg '$($proxyIP.Name)'" -ForegroundColor DarkYellow
            }
        }

        if ( $isChanged )
        {
            Write-Host "Updating $($nsg.Name)" -ForegroundColor Green
            $nsg | Set-AzureRmNetworkSecurityGroup
        }

    }