Skip to main content

Azure Resource Graph Guide - Part 3

· 2 min read
Hasan Gural

In our last article, we tried to understand Azure Resource Graph queries and use them for particular example scenarios. This part of our article series will cover Secure Score information on subscription levels. There are many different ways to accomplish this aim, but the easiest way to do this is by creating queries with Resource Graph.

Secure Secure information on Subscription level

You can find Secure Score details under the Later on, you can get the information that you wanted as a table with every property.

| where type == ''
| extend percentageScore=properties.score.percentage,
| project tenantId, subscriptionId, percentageScore, currentScore, maxScore, weight

Defender for Cloud services on subscription level

You might want to use, or you might be already using the services on Azure Defender for Cloud. Defender for Cloud provides security to your resources in Azure or other cloud platforms with advanced security features and services. It provides services according to the resource model. By using the query below, you can easily earn which services are activated in your subscription level or get the inventory report of your environment.

| where type =~ ""
| join kind=inner (
| where type == 'microsoft.resources/subscriptions'
| project subscriptionId, subscriptionName = name)
on subscriptionId
| extend planSet = pack(name, pricingTier = properties.pricingTier)
| summarize defenderPlans = make_bag(planSet) by subscriptionId, subscriptionName
| project subscriptionId, subscriptionName,
AppServices = defenderPlans.AppServices,
Arm = defenderPlans.Arm,
ContainerRegistry = defenderPlans.ContainerRegistry,
Containers = defenderPlans.Containers,
DNS = defenderPlans.Dns,
KeyVaults = defenderPlans.KeyVaults,
KubernetesService = defenderPlans.KubernetesService,
OpenSourceRelationalDatabases = defenderPlans.OpenSourceRelationalDatabases,
StorageAccounts = defenderPlans.StorageAccounts,
SqlServerVirtualMachines = defenderPlans.SqlServerVirtualMachines,
SqlServers = defenderPlans.SqlServers,
VirtualMachines = defenderPlans.VirtualMachines

As you can see from the result above, we got the result of our complex query that we created with KQL very quickly. To improve this example, we can create an Azure Workbook and keep these queries on Azure Workbook to create a Dashboard for our organization.