Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Look up and query Azure resources by name, type, tag, or subscription across your environment
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
SKILL.md
1---2name: azure-resource-lookup3description: "List, find, and show Azure resources across subscriptions or resource groups. Handles prompts like \"list the websites in my subscription\", \"list my web apps\", \"show my app services\", \"list virtual machines\", \"list my VMs\", \"show storage accounts\", \"find container apps\", and \"what resources do I have\". USE FOR: list websites, list web apps, list app services, show websites in subscription, resource inventory, find resources by tag, tag analysis, orphaned resource discovery (not for cost analysis), unattached disks, count resources by type, cross-subscription lookup, and Azure Resource Graph queries. DO NOT USE FOR: deploying/changing resources (use azure-deploy), cost optimization (use azure-cost), or non-Azure clouds."4license: MIT5metadata:6author: Microsoft7version: "0.0.0-placeholder"8---9# Azure Resource Lookup11List, find, and discover Azure resources of any type across subscriptions and resource groups. Use Azure Resource Graph (ARG) for fast, cross-cutting queries when dedicated MCP tools don't cover the resource type.13## When to Use This Skill15Use this skill when the user wants to:17- **List resources** of any type (VMs, web apps, storage accounts, container apps, databases, etc.)18- **Show resources** in a specific subscription or resource group19- Query resources **across multiple subscriptions** or resource types20- Find **orphaned resources** (unattached disks, unused NICs, idle IPs)21- Discover resources **missing required tags** or configurations22- Get a **resource inventory** spanning multiple types23- Find resources in a **specific state** (unhealthy, failed provisioning, stopped)24- Answer "**what resources do I have?**" or "**show me my Azure resources**"25- **List web apps, websites, or App Services**26> โ ๏ธ **Warning:** App Service / Web Apps have no dedicated MCP `list` command. Prompts like "list websites", "list web apps", or "list app services" **must** route through this skill to use Azure Resource Graph.28> ๐ก **Tip:** For single-resource-type queries, first check if a dedicated MCP tool can handle it (see routing table below). If none exists, use Azure Resource Graph.30## Quick Reference32| Property | Value |34|----------|-------|35| **Query Language** | KQL (Kusto Query Language subset) |36| **CLI Command** | `az graph query -q "<KQL>" -o table` |37| **Extension** | `az extension add --name resource-graph` |38| **MCP Tool** | `extension_cli_generate` with intent for `az graph query` |39| **Best For** | Cross-subscription queries, orphaned resources, tag audits |40## MCP Tools42| Tool | Purpose | When to Use |44|------|---------|-------------|45| `extension_cli_generate` | Generate `az graph query` commands | Primary tool โ generate ARG queries from user intent |46| `mcp_azure_mcp_subscription_list` | List available subscriptions | Discover subscription scope before querying |47| `mcp_azure_mcp_group_list` | List resource groups | Narrow query scope |48## Workflow50### Step 1: Check for a Dedicated MCP Tool52For single-resource-type queries, check if a dedicated MCP tool can handle it:54| Resource Type | MCP Tool | Coverage |56|---|---|---|57| Virtual Machines | `compute` | โ Full โ list, details, sizes |58| Storage Accounts | `storage` | โ Full โ accounts, blobs, tables |59| Cosmos DB | `cosmos` | โ Full โ accounts, databases, queries |60| Key Vault | `keyvault` | โ ๏ธ Partial โ secrets/keys only, no vault listing |61| SQL Databases | `sql` | โ ๏ธ Partial โ requires resource group name |62| Container Registries | `acr` | โ Full โ list registries |63| Kubernetes (AKS) | `aks` | โ Full โ clusters, node pools |64| App Service / Web Apps | `appservice` | โ No list command โ use ARG |65| Container Apps | โ | โ No MCP tool โ use ARG |66| Event Hubs | `eventhubs` | โ Full โ namespaces, hubs |67| Service Bus | `servicebus` | โ Full โ queues, topics |68If a dedicated tool is available with full coverage, use it. Otherwise proceed to Step 2.70### Step 2: Generate the ARG Query72Use `extension_cli_generate` to build the `az graph query` command:74```yaml76mcp_azure_mcp_extension_cli_generate77intent: "query Azure Resource Graph to <user's request>"78cli-type: "az"79```80See [Azure Resource Graph Query Patterns](references/azure-resource-graph.md) for common KQL patterns.82### Step 3: Execute and Format Results84Run the generated command. Use `--query` (JMESPath) to shape output:86```bash88az graph query -q "<KQL>" --query "data[].{name:name, type:type, rg:resourceGroup}" -o table89```90Use `--first N` to limit results. Use `--subscriptions` to scope.92## Error Handling94| Error | Cause | Fix |96|-------|-------|-----|97| `resource-graph extension not found` | Extension not installed | `az extension add --name resource-graph` |98| `AuthorizationFailed` | No read access to subscription | Check RBAC โ need Reader role |99| `BadRequest` on query | Invalid KQL syntax | Verify table/column names; use `=~` for case-insensitive type matching |100| Empty results | No matching resources or wrong scope | Check `--subscriptions` flag; verify resource type spelling |101## Constraints103- โ **Always** use `=~` for case-insensitive type matching (types are lowercase)105- โ **Always** scope queries with `--subscriptions` or `--first` for large tenants106- โ **Prefer** dedicated MCP tools for single-resource-type queries107- โ **Never** use ARG for real-time monitoring (data has slight delay)108- โ **Never** attempt mutations through ARG (read-only)109