Background image

How to query resources at scale with Azure Resource Graph

Azure MVP Aleksandar Nikolic's tips for getting started with Azure Resource Graph explorer Azure MVP Aleksandar Nikolic's tips for getting started with Azure Resource Graph explorer

Azure Resource Graph offers amazing speed and efficiency, but it can be a difficult tool to navigate. Microsoft Azure MVP Aleksandar Nikolic (@alexandair) gave us tips and examples to better understand how to use Azure Resource Graph explorer.

In order to govern your Azure environments effectively, you need to have visibility over your resources and be able to quickly and efficiently make changes if you need to. Azure Resource Graph is a powerful tool that allows you to search and visualize your resources with speed because it doesn’t rely on making calls to each resource provider of Azure Resource Manager (ARM).

Microsoft Azure MVP Aleksandar Nikolic demonstrated how to use Azure Resource Graph during Deploy, ShareGate’s expert-led event on Azure governance. We’ve rounded up some of his best advice for getting started with Azure Resource Graph in this blog.

Some of the biggest advantages of Azure Resource Graph is that it allows you to query at scale, which again adds to how fast and efficient it is. Additionally, it enables you to work across multiple Azure subscriptions at one time. And you can track changes that are made to resource properties, like if a VM is scaled up or down.

Azure Resource Graph’s query language is complex, so getting started with it may feel intimidating. But once you understand how it works and all you can do with Azure Resource Graph, you’ll see that it’s worth learning how to use this dynamic tool.

ShareGate Apricot logo

Ensure external users have access to the right things in Teams.

How does Azure Resource Graph work? 

You may not have realized it before, but you already use Azure Resource Graph. The Azure portal’s search bar uses Azure Resource Graph, and Azure Policy’s change history also uses it behind the scenes.

But to really get the most out of this dynamic tool, you should be running specific queries that help you manage your Azure resources.

Writing an Azure Resource Graph query 

In Azure Resource Graph, a query is the information request that you write using a specific query language, which is based on a Kusto Query Language (KQL). If you’ve used other Azure services like Application Insights and Azure Sentinel, you should already be familiar with KQL.

The query language is quite complex and powerful, which can be daunting. But once you know how to use it, you’ll discover that it offers an enormous amount of potential to get granular data nearly instantaneously.

“[With Azure Resource Graph] your imagination is the limit—there are so many things exposed to you and you can use them so quickly”

Aleksandar Nikolic (@alexandair)

There are two types of queries: private and shared. If you save a query as private in the Azure portal, then it will only be available to you when you work in the portal. Your colleagues working in the same tenant and subscription won’t have access to that query.

Unlike private queries, a shared query is an Azure Resource Manager resource. This means that it gets saved to a resource group, where anyone with the appropriate access permissions will be able to see and use it.

Important reminder: In your strings, if you use “==” with your code, you have to have the capitalization of your query exactly right. If instead you use “=~” then you don’t have to be precise about capitalization.

Where does Azure Resource Graph get its data? 

Azure Resource Graph has a gigantic database of information on all the resources in your environment. It’s triggered to update any time that you make a change to one of your resources, and it also scans your entire environment daily to check for modifications. This means that you’ll always get fresh results in your queries.

It also means that you’ll get those results quickly—usually within a second or two, even when you’re querying data across dozens or hundreds of subscriptions—because it already has all of the details it needs at hand. It doesn’t have to repeatedly go through ARM resource providers to get the information.

You query data that is contained in pre-populated tables. At the time of writing, there are seven tables:

  • Advisor resources 
  • Alerts management resources 
  • Health resources 
  • Maintenance resources 
  • Resource containers 
  • Resources 
  • Security resources

Of these tables, “Resources” is the biggest one, and it’s also the default if you don’t specify which table your query should run under.  

Once you’ve selected a table and written a query, you can run it to start getting answers to questions about your environment. 

How and where to run Azure Resource Graph queries

So what does querying through Azure Resource Graph look like in practice? That can depend on what platform you prefer working in. You can run Azure Resource Graph queries through the Azure portal, Azure Powershell, Azure CLI, and REST API.

Using Resource Graph Explorer through the Azure portal 

When you open up your Azure portal, you can easily use the search bar to find the Resource Graph Explorer. In the Explorer, you’ll immediately see the tables mentioned above, a space to write new queries, and example queries.

Whether you want to write a new query, open an old one, or run a query, you can easily do that in this interface.

When you run a query, you’ll get your results in a table. If you want to visualize your results, you can add one more line to the query asking for it to summarize your results and then choose what type of chart you want it to create for you: a map, bar chart, or donut chart.

This option is nice if you want to see the impact of your query more easily, and you can actually pin these charts to a new or existing dashboard for later review, as well.

Running queries through Azure PowerShell

ShareGate Apricot logo

Ensure external users have access to the right things in Teams.

Apricot security illustration

Another way to interact with Azure Resource Graph is to use Azure PowerShell. Azure PowerShell offers a method of managing Azure resources directly from the PowerShell command line.

The PowerShell gallery is a public site moderated by Microsoft that hosts PowerShell modules, scripts, configurations, etc. From the gallery, you can install a module called Az.ResourceGraph, which will allow you to query Azure resources from PowerShell.

Running queries using Azure CLI

If you prefer to work with Azure CLI, the set of commands used to create and manage Azure resources, you can do that, too. You can add an Azure Resource Graph extension by importing the following command in your Azure CLI environment of choice:

# Add the Resource Graph extension to the Azure CLI environment 

az extension add –name resource-graph 

Typically when you use this extension in CLI, you can only give one command at a time. But that’s usually more than enough because the power is in the query, not the command.

Running Azure Resource Graph with REST API

Unlike with PowerShell and Azure CLI, there are no libraries or modules that you need to download in order to use Azure Resource Graph through REST API. But you do have to make sure that you’ve installed a tool for calling REST APIs, authenticate it, etc.

Usually people find querying Azure Resource Graph through PowerShell or Azure CLI more efficient for this reason.

Then you can simply call the Resource Graph REST API endpoint using a REST API URI as well as a request body.

Whether you’re using the Azure portal, PowerShell, Azure CLI, or REST API, you use the same query language—so when you know how to use one of these methods, it’s pretty easy to pick up one of the others.

Azure Resource Graph examples

In his demo, Aleksandar walked us through how to create and run a query to see what recommendations Azure has around your virtual machines.

Following the steps listed above to use Azure Resource Graph through the Azure portal, select + New query, and in the tables on the left side, select advisorresources. This will automatically create the first line of your query. In the dropdown menu under advisorresources, you select what type of information you want to query. So for this example, we’ll select microsoft.advisor/recommendations.

You can then open the dropdown menu for the recommendations. Select impactedField : string. This will automatically create the third line of your query, but it’s missing some key information. For our example, we’ll replace “INSERT_VALUE_HERE” with “Microsoft.Compute/virtualMachines”.

This gives Resource Graph all the information it needs to offer you recommendations on virtual machines, so you can hit Run query and check out your results!

When I tried this out in ShareGate’s tenant, I received 138 results in under a second. And if you scroll to the right of all the results, you can select See details for each virtual machine recommendation.

This will give you information about the virtual machine—id, name, type, what subscriptions and resource group it’s in, etc.—and then in the properties field it offers a JSON string with a short description of a problem it identified.

If you wanted to investigate that further, you could go back to the previous screen and add a line to your query for the specific virtual machine you were looking at by adding another line to your query by selecting impactedValue. Insert the name of your virtual machine in this line. Then, you can add another line using ShortDescription from the advisorresources table.

But this time we know we’re specifically looking for the problem. So instead of inserting a value for the short description, we’ll erase that code and replace it with “.problem”. We’ll also replace the “where” at the beginning of this line of the query and instead use “project” because we’re no longer filtering.

Completed, your query should read:


 | where type == “microsoft.advisor/recommendations” 

 | where properties.impactedValue == “Microsoft.Compute/virtualMachine” 

 | where properties.impactedField == “[Resource name]” 

 | project properties.shortDescription.problem 

Then we’ll run the query again.  

This time we only get results for this virtual machine, and we only get information on the problem. So we received our results in just over a second, and we can clearly see what problems Azure has identified about this VM.   

Once you have a query, you can save it to use again later, which is another great way that this tool can save you time.

This is a basic way that you can run a query with Azure Resource Graph. Because the query language is complex and powerful, there’s a lot that you can do with it. With Azure Resource Graph, Aleksandar says that “your imagination is the limit—there are so many things exposed to you and you can use them so quickly” because the querying language is so versatile.

If you’re looking for more quick start query ideas, you can check out the ShareGate Azure Resource Graph repo.

Azure Resource Graph can be a great tool to help you get better visibility over your Azure resources, which isn’t always the easiest thing to do. And the speed that it offers is a huge asset because there’s often a lot of querying to do to verify the health of all your resources.

Recommended by our team

What did you think of this article?

Simplify Microsoft 365 adoption with your ShareGate subscription Watch our on-demand webinar.