Azure Governance
Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.
More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.
Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups
-
Support query Virtual Machines by state
Ability to query Virtual Machine resource type by state of the VM.
27 votesWe are working with internal team to provide this capability
-
Visualize Resource Graph in PowerBI
I can today make querys and export to visualize in Power BI. It would be nice to somehow easier connect from Power BI to Resource Graph to visualize Resources.
19 votesYou can use Resource Graph Explorer in the Azure Portal to do queries and save and pin to your Azure dashboard. Would this serve your scenario.
-
Store resource changes for more than 14 days
Ability to store Azure resource changes for more than 14 days
12 votesHow many days do you want the changes to be stored? and where do you want to store them?
-
Ability to retreive subscription name given subscriptionId in Resource Graph Query
Resource graph queries are great at returning SubscriptionId. But a GUID is unfriendly. Provide a function or means for retrieving the subscription display name. For example:
where type contains 'publicIPAddresses' and properties.ipAddress != ''
| summarize count () by subscriptionName(subscriptionId)11 votesThis is now available in PowerShell and Azure CLI. Please find the example in our documentation:
https://docs.microsoft.com/en-us/azure/governance/resource-graph/samples/advanced#displaynames
We are now working to make this available through API. -
Allow Resource Graph to target all subscriptions or a management group
Currently, the Resource Graph API expect a list of subscription IDs to be passed in as part of the request body. This is very troublesome when you need to query all subscriptions in a tenant or a management group. Please add support for allowing wildcard for the subscriptions value i.e. "*", and extend the support for management groups.
6 votes -
Support history for resources
For scenarios where we need the resources to be synced into an external store, we want the history so that I don't need to scan all the resources again.
6 votesWould you be able to further explain your scenarios? Are you looking for snapshots of your resources at different times, or are you looking to track changes made to the resources?
-
Ability to query for role assignments in Azure Resource Graph
Please add support for listing all role assignments
Resource Type: Microsoft.Authorization/roleAssignments
https://docs.microsoft.com/en-us/azure/templates/microsoft.authorization/2017-09-01/roleAssignments
5 votes -
Use Search-AzGraph to find Resource Groups and MetaData
For faster and more complex queries I need to find Resource Groups using Graph. E.g. show me all Resource Groups with tag X across my tenant. Looping through 200 subscriptions is very time consuming. Also hope that it will allow more complex queries comparing resource tag values to Resource Group tag values.
5 votes -
Support querying of deleted resources via the Azure Resource Graph
It would be useful if you could query for deleted resources via the ARG. For example:
`where deleted == true`
4 votesThanks for the feedback. We’ll review this ask, and meanwhile, any additional votes will be used to better understand the priority.
-
Ability to query for custom role definitions in Azure Resource Graph
Please add support for listing all custom role definitions
Resource Type: Microsoft.Authorization/roleDefinitions
https://docs.microsoft.com/en-us/azure/templates/microsoft.authorization/2017-09-01/roledefinitions
3 votes -
Resource Changes: Track resource move
Create a change log when a resource is moved to a different resource group and maintain its history from before it moved
2 votes -
Ability to Integrate Depedency mapping in Azure Resource Graph with integration to Visio/Microsoft Graph or Security Center
Ability to integrate Azure Resource Graph Dependency and Discovery mapping results in Log Analytics (Log analytics (Service Map or Security Center) / Visio or Microsoft Graph (PaaS).
When moving resources from Resource Group to another Resource Group, most of the time it's difficult to get an overview of any backend dependencies. When performing a Move operation, a post check will be done, and if by any chance, a discrepancy is found, the Move operation will quit and display the failure in a RAW message format.
It would be great to have these backend dependencies visible by using the Resource Graph…
2 votesThis is in our future roadmap.
-
Warn when results are truncated in Search-AzGraph
Currently, when a you run a query via Search-AzGraph but don't specify the -First parameter, the results are limited to the first 100 items (see https://github.com/Azure/azure-powershell/blob/master/src/ResourceGraph/ResourceGraph/Cmdlets/SearchAzureRmGraph.cs for source code details).
Whilst the reasoning behind limiting the results is fully understood (a select everything across all subscriptions is obviously going to return a large result set!) it should at very least result in a warning when results are truncated.
As a secondary but related suggestion, I would also like to see the same warning be surfaced when the -First parameter *is* supplied but the result set is larger than the chosen…
2 votes -
Ability to query SQL Server firewall rules
Please add support for type :
Microsoft.Sql/servers/firewallRules
2 votes -
Ability to query for DNS Zones CNAME type in Azure Resource Graph
I am able to filter out resources by provider (e.g., 'Microsoft.Network') and higher-level types (e.g., 'Microsoft.Network/dnszones'). However, not all resource types are supported by Resource Graph. For example, DNS Zone record types aren't supported. I would like to get a response for a query like this one:
az graph query -q "where type =~ 'microsoft.network/dnszones/cname'"
2 votes -
Show Kusto query in Resource Graph (as per Log Analytics)
In the same way that Log Analytics displays the Kusto query when filters are applied, it would be great if Resource Graph could do this too so the queries could be saved and used via API calls, etc.
2 votesWe are currently working on saving graph queries as an ARM resource, which you can use to save and retrieve the query via API calls. Would that work?
-
Resource Graph - support for Microsoft.Sql/servers/encryptionProtector
Support for subtype Microsoft.Sql/servers/encryptionProtector will enable us to query TDE configuration such as Microsoft managed vs. customer managed and Azure KeyVault configurations
1 vote -
Resource Graph - Support for searching nested arrays
Ability to enumerate through resource responses that contain nested arrays.
Example scenario: identify all subnets that does not have an NSG assigned.
Today, the approach will be to retrieve all of the VNETs and enumerate through the list in PowerShell. This adds another level of complexity and complicates analysis through the Portal.
Example code:
$rgQuery = "where type == 'microsoft.network/virtualnetworks' | summarize subnets = make_list(properties.subnets)"
$results = Search-AzGraph -Query $rgQuery$SubnetsWithoutNSGs = [System.Collections.ArrayList]@()
foreach ($subnet in $results.subnets)
{
if ($subnet.properties.networkSecurityGroup -eq $null)
{
$captures = [regex]::Match($subnet.id, '/subscriptions/(.*)/resourceGroups/(.*)/providers/.*/virtualNetworks/(.*)/subnets/(.*)').Captures
$item = New-Object PSObject
$item | Add-Member NoteProperty SubscriptionId ($captures.Groups[1].value)
$item | Add-Member…1 vote -
View changes across all resources
Ability to see which Azure resources changed over a time period
1 vote -
Add Meter Category/Service Name in resource graph
The category type Meter category, which is available at billing modul is not available at resource graph.
It is only the resource type category available, that is not the same as meter category.
So it is not possible to make billing queries in billing modul and compare this with counts from resources in resource graph.1 vote
- Don't see your idea?