Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support query Virtual Machines by state

    Ability to query Virtual Machine resource type by state of the VM.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  2. Visualize Resource Graph in PowerBI

    I can today make querys and export to visualize in Power BI. It would be nice to somehow easier connect from Power BI to Resource Graph to visualize Resources.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  3. Store resource changes for more than 14 days

    Ability to store Azure resource changes for more than 14 days

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ability to retreive subscription name given subscriptionId in Resource Graph Query

    Resource graph queries are great at returning SubscriptionId. But a GUID is unfriendly. Provide a function or means for retrieving the subscription display name. For example:

    where type contains 'publicIPAddresses' and properties.ipAddress != ''
    | summarize count () by subscriptionName(subscriptionId)

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow Resource Graph to target all subscriptions or a management group

    Currently, the Resource Graph API expect a list of subscription IDs to be passed in as part of the request body. This is very troublesome when you need to query all subscriptions in a tenant or a management group. Please add support for allowing wildcard for the subscriptions value i.e. "*", and extend the support for management groups.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support history for resources

    For scenarios where we need the resources to be synced into an external store, we want the history so that I don't need to scan all the resources again.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  7. Ability to query for role assignments in Azure Resource Graph

    Please add support for listing all role assignments

    Resource Type: Microsoft.Authorization/roleAssignments

    https://docs.microsoft.com/en-us/azure/templates/microsoft.authorization/2017-09-01/roleAssignments

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  8. Use Search-AzGraph to find Resource Groups and MetaData

    For faster and more complex queries I need to find Resource Groups using Graph. E.g. show me all Resource Groups with tag X across my tenant. Looping through 200 subscriptions is very time consuming. Also hope that it will allow more complex queries comparing resource tag values to Resource Group tag values.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support querying of deleted resources via the Azure Resource Graph

    It would be useful if you could query for deleted resources via the ARG. For example:

    `where deleted == true`

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to query for custom role definitions in Azure Resource Graph

    Please add support for listing all custom role definitions

    Resource Type: Microsoft.Authorization/roleDefinitions

    https://docs.microsoft.com/en-us/azure/templates/microsoft.authorization/2017-09-01/roledefinitions

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  11. Resource Changes: Track resource move

    Create a change log when a resource is moved to a different resource group and maintain its history from before it moved

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability to Integrate Depedency mapping in Azure Resource Graph with integration to Visio/Microsoft Graph or Security Center

    Ability to integrate Azure Resource Graph Dependency and Discovery mapping results in Log Analytics (Log analytics (Service Map or Security Center) / Visio or Microsoft Graph (PaaS).

    When moving resources from Resource Group to another Resource Group, most of the time it's difficult to get an overview of any backend dependencies. When performing a Move operation, a post check will be done, and if by any chance, a discrepancy is found, the Move operation will quit and display the failure in a RAW message format.

    It would be great to have these backend dependencies visible by using the Resource Graph…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  13. Warn when results are truncated in Search-AzGraph

    Currently, when a you run a query via Search-AzGraph but don't specify the -First parameter, the results are limited to the first 100 items (see https://github.com/Azure/azure-powershell/blob/master/src/ResourceGraph/ResourceGraph/Cmdlets/SearchAzureRmGraph.cs for source code details).

    Whilst the reasoning behind limiting the results is fully understood (a select everything across all subscriptions is obviously going to return a large result set!) it should at very least result in a warning when results are truncated.

    As a secondary but related suggestion, I would also like to see the same warning be surfaced when the -First parameter *is* supplied but the result set is larger than the chosen…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  14. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  15. Ability to query for DNS Zones CNAME type in Azure Resource Graph

    I am able to filter out resources by provider (e.g., 'Microsoft.Network') and higher-level types (e.g., 'Microsoft.Network/dnszones'). However, not all resource types are supported by Resource Graph. For example, DNS Zone record types aren't supported. I would like to get a response for a query like this one:

    az graph query -q "where type =~ 'microsoft.network/dnszones/cname'"

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  16. Show Kusto query in Resource Graph (as per Log Analytics)

    In the same way that Log Analytics displays the Kusto query when filters are applied, it would be great if Resource Graph could do this too so the queries could be saved and used via API calls, etc.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  17. Resource Graph - support for Microsoft.Sql/servers/encryptionProtector

    Support for subtype Microsoft.Sql/servers/encryptionProtector will enable us to query TDE configuration such as Microsoft managed vs. customer managed and Azure KeyVault configurations

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  18. Resource Graph - Support for searching nested arrays

    Ability to enumerate through resource responses that contain nested arrays.

    Example scenario: identify all subnets that does not have an NSG assigned.

    Today, the approach will be to retrieve all of the VNETs and enumerate through the list in PowerShell. This adds another level of complexity and complicates analysis through the Portal.

    Example code:

    $rgQuery = "where type == 'microsoft.network/virtualnetworks' | summarize subnets = make_list(properties.subnets)"
    $results = Search-AzGraph -Query $rgQuery

    $SubnetsWithoutNSGs = [System.Collections.ArrayList]@()

    foreach ($subnet in $results.subnets)
    {
    if ($subnet.properties.networkSecurityGroup -eq $null)
    {
    $captures = [regex]::Match($subnet.id, '/subscriptions/(.*)/resourceGroups/(.*)/providers/.*/virtualNetworks/(.*)/subnets/(.*)').Captures

    $item = New-Object PSObject
    $item | Add-Member NoteProperty SubscriptionId ($captures.Groups[1].value)
    $item | Add-Member…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  19. View changes across all resources

    Ability to see which Azure resources changed over a time period

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add Meter Category/Service Name in resource graph

    The category type Meter category, which is available at billing modul is not available at resource graph.
    It is only the resource type category available, that is not the same as meter category.
    So it is not possible to make billing queries in billing modul and compare this with counts from resources in resource graph.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base