Either from the Resources table or from the PolicyResources table, get a list will all the metadata for exemptions. Something like:
| where type == "microsoft.policyinsights/policyexemptions"20 votes
Please add support for Azure Firewall Policy
Resource Type : Microsoft.Network/firewallPolicies/ruleCollectionGroups
In classic Azure Firewall, I could query Firewall rulesets. So I could download all the rules to CSV file on Azure Portal. And also I could make a nice view to using workbooks.
But the new version of the Firewall (aka Policy Mode) I couldn't query Firewall rulesets. So I should have use PowerShell.1 vote
Resource Graph 'resourceChanges' API call is broken - 'Create' changes not returned by multiple sdk's.
Resource Changes method call does not return any 'Create' changes. Under the documentation for resource changes an example of a resourceChanges API call for a new storage account is given. Here it displays what the JSON response will look like, showing multiple changes including a 'Create' change type. I have been unable to replicate this functionality from my end.
Only 'Delete' and 'Update' changes are returned in the call, meaning this functionality is incomplete and not as advertised. Confirmed by one of Azure's Python SDK devs that this is a service issue and that the API call is broken.1 vote
Return the real/correct power state for "Microsoft.ContainerService/managedClusters" and "Microsoft.Kusto/clusters" resources from Azure Resource Graph. In fact, these properties already exists but return wrong value (we need to wait few hours to see the right power state of these services from ARG after poweron/poweroff).1 vote
Please add possibility to query KeyVault secrets and Keys expiration date.0 votes
While running non-compliant reports using the policyresources table appears you cant return the friendly azure policy name in ARG. This would be very helpful for our teams when reviewing our dashboards or exporting a CSV.2 votes
We have a plan to pass in Policy Definitions and Assignments metadata into ARG.
I think Azure Resource Graph should publish its changes to the Event Grid!
When a Policy evaluation change happens in the Azure Resource Graph it would be great to easily be enabled to react to said change. That's typically done in Azure by using Azure Event Grid events.1 vote
Include management groups in the results returned when querying the ResourceContainers table. At the moment this table only returns subscriptions and resource groups.1 vote
It would be helpful to be able to query the "Operating System" field that is available for Virtual Machines in Azure Ressource Monitor. Most of the time, that is the only field that tells us what Linux distribution+version is being used, because the other fields aren't populated.1 vote
Can you please further elaborate? the disk property should have the information you’re looking for. If you see empty values, please create a support ticket so that we can investigate the issue.
It would be great to access Azure Resource Graph through our normal tooling of Kusto.Explorer to enable our normal workflows, and storage of queries through our normal Git repositories.6 votes
It now supports to query power state of VM, but unable to get the same info from VMSS.
The instances view info can be gathered from API or CLI, but not in ResourceGraph.
Please add this support, thanks.2 votes
Querying VMSS VM power state is currently planned, and querying VMSS VM instance view is in our backlog.
The resource type ' Microsoft.DBforPostgreSQL/servers/securityAlertPolicies ' is not available in Azure Resource Graph.
Also needs better documentation on what attributes can be queried and what not cannot be queried. The documentation lacks clarity on Azure Resource Graph API.1 vote
Thanks for providing feedback. We will review this type and get back to you as we get more votes on it.
Regarding the documentation, we have publicly documented which types are supported in ARG here:
You can also go to Resource Graph Explorer, and open the tables on the schema browser on the left side to see which properties are available for querying
Add the ability to create a graphic Topology, Dataflow & Data lineage diagrams. This should use icons familiar to non technical Business Users. (like in Visio)1 vote
Can you elaborate on your scenario and how you want to consume this with Azure Resource Graph?
Fetching disk usage details through azure resource graph will be useful in calculating the percentage of disk used among the total size. This will help in reducing the number of disks or change the type and subsequently plan effective cost management in storage.1 vote
In order to access network info about appservice plans/webapp/functions access to Microsoft.Web/sites/networkConfig throught Resource Graph would be useful6 votes
Support arrays / sets comparison.
support the Kusto's operators:
setintersect or hasany3 votes
Ability to query FrontDoor Web Application Firewall Policies custom rules, This will be handy to list out what custom rules that are being added from the security governance side.3 votes
Please add support for type:
Having multiple subscriptions that need CIS hardening we would like to have the option to have a summary of the CIS blueprints that are assigned to subscriptions. Just like the one in the security center (regularory compliance) but for the blueprint(s) that can be created and can be assigned individually.1 vote
While leftsemi/anti and rightsemi/anti are part of KQL for the join operator, they aren't supported by Resource Graph. Only innerunique, inner, and leftouter are supported.
- Don't see your idea?