You may or may not have seen how slow the Azure Portal can be (in the past). Especially when you are working in large environments with hundreds and thousands of resources it could take a while to get a view of, for example, you servers in Azure. This is where Azure Resource Graph comes into action.
But there is a lot more that Resource Graph can do for you…
What is Azure Resource Graph?!
Azure Resource Graph is a service built in to Azure, that is providing the option to do large scale queries across resources in different subscriptions (and for Managed Service Providers even in different tenants – #Lighthouse). So it is actually built with the idea of large scale deplyoments.
It is part of the Governance Toolset of Microsoft, as it can be used to:
filter, group and search for defined resources
explore resource in governance needs
assess impact of policies you are developing
follow up changes that are made to resources (preview)
The Azure Resource Graph can be used directly in the portal or via PowerShell, CLI, or REST.
In the Azure Portal you can find the Resource Graph Explorer. That is a good starting point for our first trials and errors … because you can just use without any preparation of environments, etc.
But how does this actually work …
How does Resource Graph work?!
You may now ask: “What is so special about this?” Searching for resources was always possible via PowerShell and the Azure Resource Manager …
Yes … BUT
One of the main issues we had with the Azure Resource Manager was, that it by default just provided basic information about a resource, like ID, Name, Type. If you wanted to go deeper you had to query the resource provider.
If you think about an easy setup:
10 VMs
10 Managed Disks
1 VNET
1 Azure Firewall
1 Log Analytics Workspace
and you now try to get the following information:
show me every VM where the disk is larger than 100 GB and the VM-Size is D2
search for the system that uses the IP Adress 10.10.10.4
…
Normally you would query different resource providers, or try to get a lot of detail… in a large environment this takes a while, as all resources are asked for detail … now with Azure Resource Graph it is a simple query and it is super fast:
What actually happens with Resource Graph is, that Microsoft pulls an Index of all details of your resources. This index is kept for 14 days, so you can even query for changes that happened over time.
Every time you change a resource in Azure, the Resource Graph is triggered to update its database with the new configuration. Besides this there is a regular “full scan” which is checking on the current status and makes sure that no change was missed.
What is a query and what is KQL?!
A query in Azure Resource Graph is actually the information request that you have to put in in a specific way. If you ever used Log Analytics you may have seen the notation already. Everything is based on the Kusto Query Language (KQL)
When doing a query like:
resources
| where type == "microsoft.network/networkinterfaces"
| where properties.ipConfigurations[0].properties.privateIPAddress == "X"
you are actually following a trail into a table.
There are four tables currently available:
Resources
Resource Containers
AlertsManagementResources
SecurityResources
In those tables all details of the resources are kept … and this is what you can query for:
All queries are done with the RBAC rights of the user executing them. So take care that you at least have a read right to query for the information. If you do not have read permissions you will not get an answer from Resource Graph.
Where to start?!
If you want to start your first own queries … there are some prepared queries from Microsoft:
Also this week there were many news around Microsoft Azure! Here as always the overview for you: General availability: Azure Active Directory authentication for Application Insights Generally available: Azure Backup multi-user authorization for recovery services vaults Generally available: 2022-05-31 Azure IoT Central REST API release Generally available: Resize rows in Azure IoT Central device raw…
Also this week there were many news around Microsoft Azure! Here as always the overview for you: Azure SQL—Public preview updates for late June 2022 Azure SQL—Generally available updates for late June 2022 General availability: Azure Key Vault secrets provider on Azure Arc enabled Kubernetes Azure Orbital Ground Station as Service extends life and reduces…
Also this week there were many news around Microsoft Azure! Here as always the overview for you: Public preview: Azure Virtual Network Manager in nine new regions Public preview: ExpressRoute Direct and Circuit in different subscriptions Public preview: Windows Admin Center in the Azure portal General availability: Azure WAF policy and DDoS management in Azure…
Also this week there were many news around Microsoft Azure! Here as always the overview for you: Public preview: Expanded feature regional availability for standard network features General availability: Feature general availability and feature expansion of regional availability Achieve seamless observability with Dynatrace for Azure Learn what’s new in Azure Firewall Find the clarity and…
Also this week there were many news around Microsoft Azure! Here as always the overview for you: Public preview: Azure Percept DK May (2205) software update Public preview: Manage Azure Web Application Firewall policies in Azure Firewall Manager Find out why your SQL Server data belongs on Azure Power hybrid and multicloud environments with Azure…
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here:
Cookie Policy
Leave a comment