In this post, i’ll provide an overview of what the Azure Resource Graph is, why it’s important in the context of enterprise governance and how you can work with the Azure Resource Graph via PowerShell. I’ll also provide some simple queries and a as well as a link to resources to help you get started.
What is the Azure Resource Graph?
The Azure Resource Graph is a platform designed to allow you to query Azure resources at scale. It works by querying quickly across your entire Azure enterprise. Using the Azure Resource Graph enables you to reduce the amount of effort required to retrieve information on Azure resources across multiple subscriptions. (Searches are performed across all subscriptions that are attached to an AD tenant).
Once a search query is invoked, resources are returned for which the authenticated user has access to (at a minimum you will need reader access to return any results). When comparing this to Azure PowerShell or CLI, Azure Resource queries are not scoped at a particular subscription level, meaning that you don’t have to change subscriptions and context, saving you a great deal of time and management overhead.
The language behind the Azure Resource Graph is based on Kusto, which is used for Azure Data Explorer. It’s designed to filter or modify tabular data, supporting data operators such as count, summarise also supports functions. (NOTE: It doesn’t support the full list of Kusto functions and operators). You can find more about queries here https://docs.microsoft.com/en-us/azure/kusto/query/index
Querying the Graph with PowerShell
To get started, you will need to install the Az.ResourceGraph Module. Once installed, you can start running your queries assuming you have appropriate access. I’ve provided a number of examples below which can be expanded on if required.
#1 – Finding all Storage accounts and associated tags
In the first example, the query is put together to search for any storage account and to return the name of the accounts, resource groups, storage type, location and tags.
#2 – Find count of storage account with Service Tag assigned and count per region
In the following examples, the first query search for all storage accounts and provides the count of storage accounts with the “Service” tag assigned. The second query then shows the count of storage accounts per Azure region.
#3 – Find Storage Accounts which are not service endpoint integrated
The following query will present all storage accounts that are not service endpoint protected.
#4 – Count of resource by type & total resources per location
The following examples return a count of all resources and types, as well as the count of resources per region.
#5 – All Virtual Machines
This example queries for all VMs and then returns key information per VM. (At the time of writing, I only have one test VM in my subscription)
#6 – Virtual Machines per location, SKU Size and Image Offer
The following examples provide a count of VMs per location, VMs per size and per Operating system.
#7 – Count of Virtual Machines per Region
The following query provides a count of VMs per region.
#8 – Search for Virtual Machines
The following examples show how you can search for any VMs that name matches ‘UKS’ as well as a search for a specific VM called ‘UKSDEVOPSPR01’
When building out your searches, the Azure Resource portal https://resources.azure.com can help formulate your queries, particularly as some resources have lengthy resource provider namespaces.
Conclusion
As you can see, querying the Azure Resource Graph can be rather powerful. If you want a copy of the above queries, you can find them in my GIT repo at the following link: https://github.com/seanmcdonnellblog/Azure/tree/master/AzGraph
Hopefully the above content is useful, feel free to share or comment below
Thanks,
Sean
