Azure Quick Review (azqr) is a powerful command-line interface (CLI) tool that specializes in analyzing Azure resources to ensure compliance with Azure’s best practices and recommendations. Its main objective is to offer users a comprehensive overview of their Azure resources, allowing them to easily identify any non-compliant configurations or areas for improvement.
Azure Quick Review Recommendations
Azure Quick Review (azqr) scans your resources with 2 types of recommendations:
- Azure Resource Graph (ARG) queries provided by the Azure Proactive Resiliency Library v2 (APRL) and the Azure Orphaned Resources (https://github.com/dolevshor/azure-orphan-resources) projects
- Azure Resource Manager (ARM) rules built with the Azure Golang SDK
To learn more about the recommendations used by Azure Quick Review (azqr), you can refer to the documentation available here.
Scan Results
The output generated by Azure Quick Review (azqr) is written by default to an Excel file, which contains the following sheets:
Core Sheets (always generated)
- Recommendations: Action plan listing all recommendations with the count of impacted resources.
- ImpactedResources: Resources that have issues to address.
- ResourceTypes: Summary of impacted resource types.
- Inventory: All scanned resources with details (SKU, Tier, Kind, calculated SLA).
- OutOfScope: Resources that were not scanned.
Optional Sheets (enabled by default)
- Advisor: Recommendations from Azure Advisor. Disable with
--stages -advisor. - Defender: Microsoft Defender for Cloud plans and tiers. Disable with
--stages -defender.
Optional Sheets (disabled by default)
- DefenderRecommendations: Defender for Cloud recommendations. Enable with
--stages defender-recommendations. - Azure Policy: Non-compliant resources based on Azure Policy. Enable with
--stages policy. - Arc SQL: Azure Arc-enabled SQL Server instances. Enable with
--stages arc. - Costs: Cost data for the last calendar month. Enable with
--stages cost.
By default, Azure Quick Review (azqr) obfuscates the Subscription Ids in the output to ensure the protection of sensitive information and maintain data privacy and security. If you want to display the Subscription Ids without obfuscation, you can use the
--mask=falseflag when executing the tool.
Azure Quick Review can also generate an csv files with the same information as the excel. To generate the csv files, you can use the
--csvflag when running the tool.
Supported Azure Services
Azure Quick Review (azqr) currently supports the following Azure services:
| \Abbreviation | Resource Type |
|---|---|
| aa | Microsoft.Automation/automationAccounts |
| adf | Microsoft.DataFactory/factories |
| afd | Microsoft.Cdn/profiles |
| afw | Microsoft.Network/azureFirewalls |
| afw | Microsoft.Network/ipGroups |
| agw | Microsoft.Network/applicationGateways |
| aif | Microsoft.CognitiveServices/accounts |
| aks | Microsoft.ContainerService/managedClusters |
| amg | Microsoft.Dashboard/grafana |
| apim | Microsoft.ApiManagement/service |
| appcs | Microsoft.AppConfiguration/configurationStores |
| appi | Microsoft.Insights/components |
| appi | Microsoft.Insights/activityLogAlerts |
| arc | Microsoft.AzureArcData/sqlServerInstances |
| as | Microsoft.AnalysisServices/servers |
| asa | Microsoft.StreamAnalytics/streamingJobs |
| asp | Microsoft.Web/serverFarms |
| asp | Microsoft.Web/sites |
| asp | Microsoft.Web/connections |
| asp | Microsoft.Web/certificates |
| avail | Microsoft.Compute/availabilitySets |
| avd | Specialized.Workload/AVD |
| avs | Microsoft.AVS/privateClouds |
| avs | Specialized.Workload/AVS |
| ba | Microsoft.Batch/batchAccounts |
| bastion | Microsoft.Network/bastionHosts |
| ca | Microsoft.App/containerApps |
| cae | Microsoft.App/managedenvironments |
| ci | Microsoft.ContainerInstance/containerGroups |
| con | Microsoft.Network/connections |
| cosmos | Microsoft.DocumentDB/databaseAccounts |
| cr | Microsoft.ContainerRegistry/registries |
| dbw | Microsoft.Databricks/workspaces |
| ddos | Microsoft.Network/ddosProtectionPlans |
| dec | Microsoft.Kusto/clusters |
| disk | Microsoft.Compute/disks |
| dnsres | Microsoft.Network/dnsResolvers |
| dnsz | Microsoft.Network/dnsZones |
| domain | Microsoft.AAD/domainServices |
| erc | Microsoft.Network/expressRouteCircuits |
| erc | Microsoft.Network/ExpressRoutePorts |
| erc | Microsoft.Network/expressRouteGateways |
| evgd | Microsoft.EventGrid/domains |
| evgt | Microsoft.EventGrid/topics |
| evh | Microsoft.EventHub/namespaces |
| fabric | Microsoft.Fabric/capacities |
| fdfp | Microsoft.Network/frontdoorWebApplicationFirewallPolicies |
| gal | Microsoft.Compute/galleries |
| hpc | Specialized.Workload/HPC |
| hub | Microsoft.MachineLearningServices/workspaces |
| hub | Microsoft.MachineLearningServices/registries |
| iot | Microsoft.Devices/IotHubs |
| it | Microsoft.VirtualMachineImages/imageTemplates |
| kv | Microsoft.KeyVault/vaults |
| lb | Microsoft.Network/loadBalancers |
| log | Microsoft.OperationalInsights/workspaces |
| logic | Microsoft.Logic/workflows |
| mysql | Microsoft.DBforMySQL/servers |
| mysql | Microsoft.DBforMySQL/flexibleServers |
| netapp | Microsoft.NetApp/netAppAccounts |
| ng | Microsoft.Network/natGateways |
| nic | Microsoft.Network/networkInterfaces |
| nsg | Microsoft.Network/networkSecurityGroups |
| ntc | Microsoft.NetworkFunction/azureTrafficCollectors |
| nw | Microsoft.Network/networkWatchers |
| odb | Oracle.Database/cloudExadataInfrastructures |
| odb | Oracle.Database/cloudVmClusters |
| p2svpng | Microsoft.Network/p2sVpnGateways |
| pdnsz | Microsoft.Network/privateDnsZones |
| pep | Microsoft.Network/privateEndpoints |
| pip | Microsoft.Network/publicIPAddresses |
| psql | Microsoft.DBforPostgreSQL/servers |
| psql | Microsoft.DBforPostgreSQL/flexibleServers |
| redis | Microsoft.Cache/Redis |
| resource | Microsoft.Resources |
| rg | Microsoft.Resources/resourceGroups |
| rsv | Microsoft.RecoveryServices/vaults |
| rt | Microsoft.Network/routeTables |
| sap | Specialized.Workload/SAP |
| sb | Microsoft.ServiceBus/namespaces |
| sigr | Microsoft.SignalRService/SignalR |
| sql | Microsoft.Sql/servers |
| sql | Microsoft.Sql/servers/databases |
| sql | Microsoft.Sql/servers/elasticPools |
| sqlmi | Microsoft.Sql/managedInstances |
| srch | Microsoft.Search/searchServices |
| st | Microsoft.Storage/storageAccounts |
| sub | Microsoft.Subscription/subscriptions |
| synw | Microsoft.Synapse/workspaces |
| synw | Microsoft.Synapse/workspaces/bigDataPools |
| synw | Microsoft.Synapse/workspaces/sqlPools |
| traf | Microsoft.Network/trafficManagerProfiles |
| vdpool | Microsoft.DesktopVirtualization/hostPools |
| vdpool | Microsoft.DesktopVirtualization/scalingPlans |
| vdpool | Microsoft.DesktopVirtualization/workspaces |
| vgw | Microsoft.Network/virtualNetworkGateways |
| vhub | Microsoft.Network/virtualHubs |
| vm | Microsoft.Compute/virtualMachines |
| vmss | Microsoft.Compute/virtualMachineScaleSets |
| vnet | Microsoft.Network/virtualNetworks |
| vnet | Microsoft.Network/virtualNetworks/subnets |
| vpng | Microsoft.Network/vpnGateways |
| vpns | Microsoft.Network/vpnSites |
| vrouter | Microsoft.Network/virtualRouters |
| vwan | Microsoft.Network/virtualWans |
| wps | Microsoft.SignalRService/webPubSub |
Code of Conduct
This project has adopted the Microsoft Open Source Code of Conduct
Trademark Notice
Trademarks This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft’s Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party’s policies.