Azure Resource Graph is a powerful service for querying and exploring Azure resources at scale. It allows you to efficiently retrieve information about thousands of resources across multiple subscriptions and tenants, enabling large enterprises to gain comprehensive visibility into their cloud inventory. Azure Resource Graph extends Azure Resource Manager with the ability to perform complex filtering, grouping, and sorting of resources based on properties (name, type, tags, etc.), all via a unified query interface. This is crucial for governance, as it helps administrators quickly find resources that meet certain criteria and assess compliance across large environments.
The service uses the Kusto Query Language (KQL) for formulating queries, and it integrates with tools like the Resource Graph Explorer in the Azure portal. Using KQL, you can run sophisticated queries – for example, retrieving all VMs with a specific tag or finding storage accounts with unencrypted endpoints. Azure Resource Graph is optimized for performance: it maintains an index of Azure resource metadata and continuously updates it when resources change. In fact, Azure Resource Graph powers the Azure Portal’s global search and resource browsing experience, which indicates how fast and scalable it is for large-scale lookups.
Because cloud environments can contain tens of thousands of resources, Azure Resource Graph includes features for handling large result sets. By default, each query returns up to 1,000 records to prevent unintentional overload, but this can be overridden for larger queries. Through parameters like –first (or -First in PowerShell) and –skip, you can page through results beyond the 1,000-item default limit. For example, you might retrieve the first 5,000 results by running the query in batches of 1,000 and skipping the ones already fetched. This approach ensures that even if you have hundreds of thousands of resources, you can programmatically iterate over all results without missing data.
Azure Resource Graph can be accessed via Azure CLI, Azure PowerShell, or REST API, making it easy to integrate into scripts and automation. It also ties into other Azure governance services – notably, Azure Policy and Azure Lighthouse. For instance, Azure Policy’s compliance dashboard can leverage Resource Graph to quickly list non-compliant resources across the environment. Likewise, service providers using Azure Lighthouse can run Resource Graph queries across delegated subscriptions to manage multiple tenants efficiently.
In summary, Azure Resource Graph provides at-scale resource querying capabilities. You can think of it as a specialized search engine for your Azure resources, one that is always up-to-date and designed for governance needs. By using KQL queries, administrators can get answers in seconds, even in environments with tens of thousands of resources, helping them to effectively govern their Azure estate and make informed decisions about inventory, compliance, and resource management.