Over the last six months there have been exciting new releases across Governance services to help you continue to manage your Azure environment with increased speed and control. We are spotlighting the public preview and general availability of highly anticipated policy features, recently released Azure Resource Graph Copilot capabilities, and some sneak peaks into what is coming soon. Stay tuned to explore what AI means for your at-scale cloud management scenarios, and make sure to check us out on X for other updates, @AzureGovernance.

Azure Resource Graph

Azure Resource Graph Copilot Capabilities

We are thrilled with the initial response as well as major enhancements to Azure Resource Graph (ARG) capabilities within the Azure Copilot. Azure CoPilot allows you to understand your resources and environment with ease, through transforming natural language prompts into ARG queries. This reduces the amount of expertise you need to have to run queries and shortens the time to discover solutions for key environmental questions. As we continue to drive enhancements to this capability, our goal is to let our customers interact with their cloud environment in the same language that they use for day-to-day work.

Try it out with some queries like:

“Show me all my VMs that have a public IP address”
“Show me all my Linux VMs along with their creation date”

Learn more about ARG Copilot capabilities here: Get resource information using Microsoft Copilot for Azure (preview) | Microsoft Learn

Generally Available: Azure Resource Graph Power BI Data Connector

A highly anticipated release that we are pleased to announce is Generally available is the Azure Resource Graph Power BI Connector, a tool that allows Azure users to access deeper insights into their Azure resources. This powerful integration leverages the strong querying capabilities of Azure Resource Graph with the interactive visualization features of Power BI, enabling users to easily explore, analyze, and visualize their inventory of Azure resources. Refer here for sample queries that you can use with the new Azure Resource Graph Power BI connector and create visualizations with. 

To learn more about the Azure Resource Graph Power BI Data Connector and how it can transform your Azure experience, review our official documentation and check out our brand new Youtube tutorial that offers step-by-step guidance on how to use the Azure Resource Graph Power BI Data Connector.

Query VMSS Power State Through ARG

Now you can query virtual machine details in the Virtual Machine Scale Set Uniform orchestration mode categorized according to their power state. ARG table “ComputeResources” contains the model view and powerState in the instance view properties for the virtual machines part of Virtual Machine Scale Set Uniform mode.

ComputeResources
| where type =~ ‘microsoft.compute/virtualmachinescalesets/virtualmachines’
| extend powerState = properties.extended.instanceView.powerState.code
| project name, powerState, id

Refer here for sample queries that you can use with the new Azure Resource Graph ComputeResources table.

Coming Soon: ARG enhanced support for GET/LIST calls

ARG is introducing a new feature to support existing Azure control plane GET and List API calls providing significantly higher throttling quota (up to 10X) for large cloud native customer workloads running in Azure. The goal is to address READ throttling issues that could lead to issues like performance degradation, failed requests, and increased latency impacting critical cloud operations.

Customers can use this capability to get an improved performance for Azure GET/LIST APIs, while reducing throttling for these calls across key resource types like Compute, network etc.  The new throttling limits offered by ARG will be aligned to the new Azure Resource Manager throttling limits applied per region and hence offer a more scalable and performant backend for your GET/LIST calls. Stay tuned to learn more about this update!

If you have faced throttling issues in your environment or want to hear from us, you can reach out to us through the Twitter handle @AzureGovernance or fill out this form.

Azure Policy

Generally available: Selectors and Overrides for Gradual Policy Rollout

Selectors and overrides are now generally available, making it easier than ever to safely roll out your policy assignments. The resourceSelectors property on policy assignment enables targeting resources by resource location or resource type to target subset of resources through the rollout stages. In addition, the overrides property allows you to change the effect of a policy definition without modifying the underlying policy definition or use a parameterized effect in the policy definition to first roll out using the audit or auditIfNotExists effect.

Check out our how-to guide to learn more on how to leverage these properties and others to safe deploy policy assignments: Safe deployment of Azure Policy assignments – Azure Policy | Microsoft Learn

Public preview, SSH Posture control through Machine Configuration

We are excited to announce additional built-in capabilities for Linux management scenarios through Azure policy and Machine Configuration. Through new built-in policies, you can manage your SSH configuration settings declaratively at-scale.

SSH Posture Control enables you to use the familiar workflows of Azure Policy and Machine Configuration to:  

Ensure compliance with standards in your industry or organization
Reduce attack surface of remote management features
Ensure consistent setup across your fleet for security and productivity

SSH Posture Control also provides detailed Reasons describing how compliance or non-compliance was determined. These Reasons help you to document compliance for auditors with confidence and evidence. They also enable you to take action when non-compliance is observed.

For more information, see https://aka.ms/SshPostureControl

Coming Soon: Built-in Policy Versioning and Resource Capabilities

Stay tuned to learn about upcoming releases from the governance team including built-in Policy versioning, a platform shift that will allow you to manage version changes and upgrade built-in policies on-demand. To learn more and give it a try fill out the below form to get onboard to the private preview. Also coming up is the release of Resource Capabilities, which allows you to use a single Azure Policy definition to govern a common scenario across multiple resource types. 

Onboard to the private previews through the following link: https://aka.ms/governance_pp

Change Analysis powered by Azure Resource Graph

Public Preview: New Change Analysis Portal Experience

Viewing changes to your Azure resources just became easier! With the new Change Analysis experience powered by Azure Resource Graph, you can now view all your resource changes across all your tenants and subscriptions in the Azure Portal. Resources are at the heart of this new experience. It also gives you an onboarding-free experience, tenant-wide querying rather than selecting subscriptions, more scalable and extensive filtering capabilities, change actor information and improved accuracy. To learn more visit: https://learn.microsoft.com/en-us/azure/governance/resource-graph/changes/view-resource-changes

To stay on top of all our latest releases and updates or if you have any questions, be sure to give us a follow on X at @AzureGovernance.

​Microsoft Tech Community – Latest Blogs –Read More