Microsoft Azure Quick Review Microsoft Corporation

• Recommendations: a list with all recommendations with the number of resources that are impacted. You can use this table as an action plan to improve the compliance of your resources.
• ImpactedResources: a list with all resources that are impacted. You can use this table to identify resources that have issues that need to be addressed.
• ResourceTypes: a list of impacted resource types.
• Inventory: a list of all resources scanned by the tool. Here you'll find details such as SKU, Tier, Kind or calculated SLA.
• Advisor: a list of recommendations provided by Azure Advisor.
• DefenderRecommendations: a list of recommendations provided by Microsoft Defender for Cloud.
• OutOfScope: a list of resources that were not scanned.
• Defender: a list of Microsoft Defender for Cloud plans and their tiers.
• Costs: a list of costs associated with the scanned subscription for the last 3 months.

> By default, Azure Quick Review (azqr) obfuscates the Subscription Ids in the output to ensure the protection of sensitive information and maintain data privacy and security. If you want to display the Subscription Ids without obfuscation, you can use the --mask=false flag when executing the tool.

> Azure Quick Review can also generate an csv files with the same information as the excel. To generate the csv files, you can use the --csv flag when running the tool.

> A Power BI template is also available to help you visualize the results generated by Azure Quick Review. You can create the template running Azure Quick Review with the pbi command and then loading the excel file generated by the tool.

Supported Azure Services

Azure Quick Review (azqr) currently supports the following Azure services:

Usage

Install on Linux or Azure Cloud Shell (Bash)

latest_azqr=$(curl -sL https://api.github.com/repos/Azure/azqr/releases/latest | jq -r ".tag_name" | cut -c1-)
wget https://github.com/Azure/azqr/releases/download/$latest_azqr/azqr-ubuntu-latest-amd64 -O azqr
chmod +x azqr

Install on Windows

Use winget:

winget install azqr

or download the executable file:

$latest_azqr=$(iwr https://api.github.com/repos/Azure/azqr/releases/latest).content | convertfrom-json | Select-Object -ExpandProperty tag_name
iwr https://github.com/Azure/azqr/releases/download/$latest_azqr/azqr-windows-latest-amd64.exe -OutFile azqr.exe

Install on Mac

Use homebrew:

brew install azqr

or download the latest release from here.

Authentication

Azure Quick Review (azqr) supports the following authentication methods:

• Service Principal. You'll need to set the following environment variables:
  • AZURE_CLIENT_ID
  • AZURE_CLIENT_SECRET
  • AZURE_TENANT_ID
• Azure Managed Identity
• Azure CLI (Using this type of authentication will make scans run slower)

Authorization

Azure Quick Review (azqr) requires the following permissions:

• Reader over Subscription or Management Group scope

Running the Scan

To scan all resources in all subscription run:

./azqr scan

To scan all resources in a specific management group run:

./azqr scan --management-group-id 

To scan all resources in a specific subscription run:

./azqr scan -s 

To scan a specific resource group in a specific subscription run:

./azqr scan -s  -g 

For information on available commands and help run:

./azqr -h

Filtering Recommendations and more

You can configure Azure Quick Review to include or exclude specific subscriptions or resource groups and also exclude services or recommendations. To do so, create a yaml file with the following format:

azqr:
  include:
    subscriptions:
      -  # format: 
    resourceGroups:
      -  # format: /subscriptions//resourceGroups/
    resourceTypes:
      -  # format: Abbreviation of the resource type. For example: "vm" for "Microsoft.Compute/virtualMachines"
  exclude:
    subscriptions:
      -  # format: 
    resourceGroups:
      -  # format: /subscriptions//resourceGroups/
    services:
      -  # format: /subscriptions//resourceGroups//providers//
    recommendations:
      -  # format: 

Then run the scan with the --filters flag:

./azqr scan --filters 

> Check the rules to get the recommendation ids.

Troubleshooting

If you encounter any issue while using Azure Quick Review (azqr), please set the AZURE_SDK_GO_LOGGING environment variable to all, run the tool with the --debug flag and then share the console output with us by filing a new issue.

Building Locally

Make sure you have Go 1.23.x or higher installed in your environment. You can set GOROOT= folder and GOPATH= if you want to be specific about where to find Go binary and Go dependencies.

   git clone git@github.com:Azure/azqr.git
   cd azqr
   git submodule init
   git submodule update --recursive
   go build -o azqr cmd/azqr/main.go

Support

This project uses GitHub Issues to track bugs and feature requests. Before logging an issue please check our troubleshooting guide.

Please search the existing issues before filing new issues to avoid duplicates.

• For new issues, file your bug or feature request as a new issue.
• For help, discussion, and support questions about using this project, join or start a discussion.

Support for this project / product is limited to the resources listed above.

Contributors

Thanks to everyone who has contributed!

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct

Trademark Notice

> Trademarks This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft’s Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party’s policies.