How can I retrieve all resource types in use?

Matthijs de Beer 61 Reputation points

Hi all,

I want to create an Azure policy that whitelistst resource types that are allowed to be used within a management group or subscription. I already found the builtin policy, but as the description states, only resource types that support 'tags' and 'location' will be affected by this policy. Since I actually want to be able to filter resources more granularly (on sub resource level), resource types that only support tags and location are not enough. The policy does state that this can be achieved by duplicating the policy and setting the mode to 'All' rather than 'Indexed', so I tried the following:

  1. I wrote a script that uses the resource graph to retrieve all resources (and sub resources) in use within a subscription
  2. I copied the builtin policy and changed the mode from Indexed to All.
  3. I assigned to policy definition to the subscription, and for the 'allowedResourceTypes' param I provided the list of in-use resource types that I retrieved using the script in step 1

Now the expected result would be that there are no non-compliant resources showing up under the policy assignment as I retrieved all resource types in use within the subscription. However, I get a lot of non-compliant resources for resource types that didn't show up in the resource graph results. Some examples are:

  • microsoft.blueprint/blueprintassignments
  • microsoft.cdn/profiles/endpoints/origins
  • microsoft.costmanagement/views
  • microsoft.datafactory/factories/dataflows

And the list goes on.. As stated, the issue seems to be that not all resources in use are showing up in the resource graph. So my question is simple: is there a way to retrieve all resources in use within a subscription/management group (including sub resources, resources that don't support tags and location, etc.)

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
781 questions
0 comments No comments
{count} votes

Accepted answer
  1. Stanislav Zhelyazkov 20,536 Reputation points MVP

    Azure Resource Graph does not support all resource types available. Supported list. A little more information: It supports only resource group level resources in resources table. Resources on higher level like subscription are in separate tables if they are supported. There are also many second level or third level resources that are also not supported. From your example:

    • microsoft.blueprint/blueprintassignments - subscription/management group level resource
    • microsoft.cdn/profiles/endpoints/origins - third level resources
    • microsoft.costmanagement/views - subscription level resource
    • microsoft.datafactory/factories/dataflows - second level resource
    • - subscription resource

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful