Get correct property values in Azure Resource Graph Explorer

Ivan Ignatiev 6 Reputation points
2020-06-02T12:20:21.353+00:00

Sorry, I am not sure where to post questions about Azure Resource Graph Explorer

I am trying to get the list of resources with .NET Framework configuration values with Azure Resource Graph Explorer. As in the policy definition "Ensure that '.NET Framework' version is the latest, if used as a part of the API app" but I am unable to query "Microsoft.Web/sites/config" type. In the same time, when I query just for "Microsoft.Web/sites" I am getting "null" values everywhere.

Thank you for any advise!

Just for information :

My Web Apps query :

resources
| where type == "microsoft.web/sites"

Policy Definition :

{
"properties": {
"displayName": "Ensure that '.NET Framework' version is the latest, if used as a part of the API app",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Periodically, newer versions are released for .NET Framework software either due to security flaws or to include additional functionality. Using the latest .NET framework version for web apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version.",
"metadata": {
"version": "1.0.0",
"category": "App Service"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"defaultValue": "AuditIfNotExists"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Web/sites"
},
{
"field": "kind",
"like": "*api"
}
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Web/sites/config",
"name": "web",
"existenceCondition": {
"field": "Microsoft.Web/sites/config/web.netFrameworkVersion",
"in": [
"v3.0",
"v4.0"
]
}
}
}
}
}
}

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,863 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. tbgangav-MSFT 10,376 Reputation points
    2020-06-05T13:47:46.29+00:00

    Hi ignatiev,

    Thanks for reaching out!

    netFrameworkVersion is provided under siteConfig properties so you may have to create a column for it (say netFrameworkVersion) using extend operator. Hence the query would look like: 

    resources  
| where type == "microsoft.web/sites" and kind == "app"  
| extend netFrameworkVersion = tostring(properties.['siteConfig'].netFrameworkVersion)

    But AFAIK netFrameworkVersion property in resource graph explorer is currently always showing as null irrespective of different values a site config would have. @ajkuma FYI.

    9243-rge2.png

    9244-rge3.png

    However, as a workaround you may leverage Az PowerShell cmdlet Get-AzWebApp. Below is the command you may execute to get all webapps that has netFrameworkVersion either v4.0 or v3.0 

    $WebApps = Get-AzWebApp |?{$_.ResourceGroupName -like "*"}  
foreach($WebApp in $WebApps){  
$WebAppResourceGroup = $WebApp.ResourceGroup  
$WebAppName = $WebApp.Name  
Get-AzWebApp -ResourceGroupName $WebAppResourceGroup -Name $WebAppName | ?{$_.SiteConfig.NetFrameworkVersion -eq "v4.0" -or $_.SiteConfig.NetFrameworkVersion -eq "v3.0"}  
}

    9089-rge4.png