Azure Governance
Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.
More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.
Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups
-
Support query Virtual Machines by state
Ability to query Virtual Machine resource type by state of the VM.
64 votes -
Visualize Resource Graph in PowerBI
I can today make querys and export to visualize in Power BI. It would be nice to somehow easier connect from Power BI to Resource Graph to visualize Resources.
27 votesYou can use Resource Graph Explorer in the Azure Portal to do queries and save and pin to your Azure dashboard. Would this serve your scenario.
-
Store resource changes for more than 14 days
Ability to store Azure resource changes for more than 14 days
19 votesHow many days do you want the changes to be stored? and where do you want to store them?
-
Ability to query for role assignments in Azure Resource Graph
Please add support for listing all role assignments
Resource Type: Microsoft.Authorization/roleAssignments
https://docs.microsoft.com/en-us/azure/templates/microsoft.authorization/2017-09-01/roleAssignments
19 votes -
Support querying of deleted resources via the Azure Resource Graph
It would be useful if you could query for deleted resources via the ARG. For example:
where deleted == true10 votesThanks for the feedback. We’ll review this ask, and meanwhile, any additional votes will be used to better understand the priority.
-
Allow Resource Graph to target all subscriptions or a management group
Currently, the Resource Graph API expect a list of subscription IDs to be passed in as part of the request body. This is very troublesome when you need to query all subscriptions in a tenant or a management group. Please add support for allowing wildcard for the subscriptions value i.e. "*", and extend the support for management groups.
10 votes -
PIM add support in the Graph API to query Azure resources roles audit logs.
We can query Azure AD roles in PIM for our conformity report but have to log-in to the portal manually for PIM roles on Azure Resource.
Works for PowerBI Admin Roles but not for "Contributor" role in Subscription X.
10 votes -
Resource Graph - support for type microsoft.web/sites/config
support type 'microsoft.web/sites/config' to get the all the data nodes under config type
9 votes -
Ability to query SQL Server firewall rules
Please add support for type :
Microsoft.Sql/servers/firewallRules
9 votes -
Support history for resources
For scenarios where we need the resources to be synced into an external store, we want the history so that I don't need to scan all the resources again.
8 votesWould you be able to further explain your scenarios? Are you looking for snapshots of your resources at different times, or are you looking to track changes made to the resources?
-
Azure Storage File share available in resource graph
Right now, the file share information of a storage account is not available in the resource graph.
ie. it would allow to list the file share of a subscription, compute the global storage size or simulate the pricing.7 votes -
Azure Resource Graph - Support query for backup status
Add the ability to query backup status from Azure Resource Graph and therefore see status for multiple vaults in a unique dashboard
7 votes -
Resource Graph type for Management Groups
Add Management Groups as a resource type for Resource Graph. This would allow for writing queries that target subscriptions that are in a specific Management Group. This is extremely helpful for enterprises that have a lot of subscriptions that are being organized with Management Groups.
4 votes -
Resource Graph - Support for searching nested arrays
Ability to enumerate through resource responses that contain nested arrays.
Example scenario: identify all subnets that does not have an NSG assigned.
Today, the approach will be to retrieve all of the VNETs and enumerate through the list in PowerShell. This adds another level of complexity and complicates analysis through the Portal.
Example code:
$rgQuery = "where type == 'microsoft.network/virtualnetworks' | summarize subnets = make_list(properties.subnets)"
$results = Search-AzGraph -Query $rgQuery$SubnetsWithoutNSGs = [System.Collections.ArrayList]@()
foreach ($subnet in $results.subnets)
{if ($subnet.properties.networkSecurityGroup -eq $null)
{
$captures = [regex]::Match($subnet.id, '/subscriptions/(.*)/resourceGroups/(.*)/providers/.*/virtualNetworks/(.*)/subnets/(.*)').Captures$item = New-Object PSObject
$item | Add-Member NoteProperty SubscriptionId ($captures.Groups[1].value)
$item | Add-Member…4 votesThis will be doable using mvexpand which we are currently working to enable for customers
-
Grafana plugin for Resource Graph
We love the Grafana plugins for Log Analytics, Appinsights, ADE. Can we see a plugin for Azure Resource Graph next?
3 votesYou can use Resource Graph Explorer in the Azure Portal to do queries and save and pin to your Azure dashboard. Would this serve your scenario.
-
Include expanded instance view information into virtual machines response
It would be very useful to include
properties.instanceViewinto base response for 'Microsoft.Compute/virtualMachines'. It's not efficient enough to get instance statuses for each machine in separate API call. Moreover I didn't find an ability to retrieve this property via GraphAPI at all.3 votes -
Ability to query for custom role definitions in Azure Resource Graph
Please add support for listing all custom role definitions
Resource Type: Microsoft.Authorization/roleDefinitions
https://docs.microsoft.com/en-us/azure/templates/microsoft.authorization/2017-09-01/roledefinitions
3 votes -
Ability to query for DNS Zones CNAME type in Azure Resource Graph
I am able to filter out resources by provider (e.g., 'Microsoft.Network') and higher-level types (e.g., 'Microsoft.Network/dnszones'). However, not all resource types are supported by Resource Graph. For example, DNS Zone record types aren't supported. I would like to get a response for a query like this one:
az graph query -q "where type =~ 'microsoft.network/dnszones/cname'"
3 votes -
Show Kusto query in Resource Graph (as per Log Analytics)
In the same way that Log Analytics displays the Kusto query when filters are applied, it would be great if Resource Graph could do this too so the queries could be saved and used via API calls, etc.
3 votesWe are currently working on saving graph queries as an ARM resource, which you can use to save and retrieve the query via API calls. Would that work?
-
Ability to query budget and forecast in Azure Resource Graph
Please add the ability to query budget and forecast in Azure Resource Graph. This will allow the creation of dynamic and filterable cost management dashboards
2 votes
- Don't see your idea?