Quick tip: Try Azure Resource Graph

This a quick post to share a service I have discovered this week: Azure Resource Graph Explorer.
Apparently it has been around since a couple of years, but I have only found out about its existence this week. Let’s see how awesome this service is.

What is Azure Resource Graph ?

Basically it’s a service (living here in the portal) that let you query your Azure resources using KQL.
Until now when I needed to dig into my resources I used Azure Resource Explorer (from the dedicated site or from the portal), but I have never found it easy to use and was always wondering if I should start searching by providers or by subscriptions.
Using Azure Resource Graph is much easier and powerful, if you want to know more about how to get started with it I recommend checkout the documentation.

What can we do with it

For now I have barely scratched the surface of the service but I can already share a couple of use-cases.

Query resources across subscriptions

The first thing you can do right away is query your Azure resources, and the power of the tool is that you can do this across all the subscriptions you have access to. This is extremely useful in an enterprise environment with a bunch of subscriptions for your various landing zones (with the CLI or PowerShell, you have to change your context to achieve this).
With Azure Resource Graph, a simple KQL request on the resources table will give you everything, and then you can refine the results by type, and do things like getting the number of VMs by size, location, etc.

This blog post is a great read to find out how you can query your resources using Graph Explorer.

Also keep in mind that using it from the portal is just a start, then you can start thinking about using it in your scripts using Azure CLI, PowerShell or REST.

Get the payload of an Azure Monitor alert

Working with Azure Monitor, you often need to check the payload of an alert for troubleshooting reasons. Until now I was doing it with an action group and a webhook to a service like But there is a better way.
From the Azure Monitor Alerts blade in the portal, select the occurrence of your alert and copy its id: azure-monitor-get-alert-idI have cropped the screenshot and masked some details

Then go to the Azure Resource Graph Explorer blade, and copy this query with your alert id:

| where ['id'] == '<YOUR ALERT ID HERE>'

Click on Run query (or use the shift+enter shortcut like a boss 😎), and click on the See details link at the very end of the single result row: query-results

Go to the properties field to grab the full payload of your alert: get-payload

Using this payload you can try to figure out why your processing rule is not catching your alert, or trigger manually your Logic App or Azure Function without waiting for your alert to occur.

Wrapping up

That’s it for this post, I’ll try to do “quick tips” like in the future if I manage to write post… quickly.
In the meantime, go check out this service if you haven’t already 🤓

This post is licensed under CC BY 4.0 by the author.