azure-resource-lookup

Overview

What is azure-resource-lookup?

azure-resource-lookup is an Azure reporting and discovery skill that helps you list, find, and inspect Azure resources of almost any type across subscriptions and resource groups.

It uses Azure Resource Graph (ARG) for fast, cross-subscription queries over your Azure Resource Manager (ARM) metadata. This makes it well-suited for inventory-style questions such as:

• "list websites"
• "list virtual machines"
• "list my VMs in subscription X"
• "show storage accounts in this resource group"
• "find container apps in region Y"
• "what resources do I have?"

Behind the scenes, azure-resource-lookup translates these intents into ARG queries so you can get structured, near real-time views of your environment without hand-writing KQL for every request.

Who is this skill for?

azure-resource-lookup is aimed at:

• Cloud and platform engineers who need quick visibility into Azure resources across many subscriptions.
• DevOps and SRE teams who want to search for specific resource types, states, or tags as part of operational workflows.
• Security and compliance teams who need to verify that required tags or configurations are present.
• Developers who want a simple way to answer "where is this app/component running?" or "what resources did this deployment create?" without manually browsing the Azure Portal.

If your primary need is reporting, inventory, and resource discovery across Azure, this skill is a good fit.

What problems does azure-resource-lookup solve?

Use azure-resource-lookup when you need to:

• List resources of any common type
  • Virtual machines, web apps, storage accounts, container apps, databases, and more.
• Show resources by scope
  • Restrict results to a specific subscription, set of subscriptions, or a particular resource group.
• Run cross-subscription searches
  • Answer questions like "show all storage accounts in all production subscriptions" without switching contexts.
• Find orphaned or unused resources
  • Discover unattached disks, unused NICs, idle IPs, and other likely clean-up candidates.
• Check tag coverage and conventions
  • Locate resources missing mandatory tags, or group resources by tag values (such as env, owner, costCenter).
• Build a resource inventory
  • Count resources by type, region, or subscription for documentation or audit.
• Filter by resource state
  • Find resources that are stopped, unhealthy, or failed provisioning, using the metadata indexed in Resource Graph.

This aligns with reporting and visibility use cases where you need clear, queryable overviews of your existing Azure infrastructure.

When is this skill not a good fit?

azure-resource-lookup is not designed for:

• Deploying or modifying resources
  • It does not create, update, or delete Azure resources.
• Cost and optimization analysis
  • It does not calculate spend, rightsizing recommendations, or detailed cost breakdowns.
• Non-Azure clouds or on-premises resources
  • It is specific to Azure Resource Manager resources as exposed via Azure Resource Graph.
• Deep, resource-specific tooling
  • For very specialized resource operations (for example, database schema work, Kubernetes object management, or detailed VM configuration changes), you should rely on dedicated tools or other skills.

If you need operational insight and inventory across Azure, azure-resource-lookup is well suited. If you need changes, automation, or cost analytics, combine it with other tools.

How to Use

Prerequisites

Before installing and using azure-resource-lookup, ensure that:

• You have an Azure account with appropriate permissions to read resources in the target subscriptions.
• Azure Resource Graph is available in your tenant (it is enabled by default in most scenarios).
• Your agent or automation environment can authenticate to Azure (via az login, managed identity, or service principal, depending on your setup).

The skill itself lives in the microsoft/azure-skills GitHub repository under skills/azure-resource-lookup and is designed to plug into compatible agent runtimes that support skills from this repo.

Installation steps

1. Add the azure-skills repository and this skill

If your agent runtime supports npx skills (for example, the Microsoft skills tooling), you can add azure-resource-lookup directly from GitHub:

npx skills add https://github.com/microsoft/azure-skills --skill azure-resource-lookup

This command:

• Registers the microsoft/azure-skills repository as a skills source.
• Installs the azure-resource-lookup skill definition and associated reference material into your agent environment.

If your platform uses a different mechanism, point it to:

• Repository: https://github.com/microsoft/azure-skills
• Skill path: skills/azure-resource-lookup

and follow its documented steps for adding a skill.

2. Review the skill definition

After installation, open SKILL.md in the azure-resource-lookup directory. This file contains:

• The official description and main use cases.
• Guidance on when to use this skill vs others in the same repo.

Use this to confirm that the skill matches your scenario (resource inventory and lookup across Azure).

3. Configure Azure access for your agent

Configure the environment where your agent runs so it can query Azure Resource Graph. Common patterns include:

• Interactive login with the Azure CLI for local testing:

  az login
  

• Service principal for non-interactive automation:

  az login --service-principal -u <APP_ID> -p <PASSWORD_OR_CERT> --tenant <TENANT_ID>
  

• Managed identity when running in Azure-hosted services that support it.

The skill itself leverages resource metadata, so it typically requires Reader or similar read-only permissions on the subscriptions being queried.

4. Connect the skill to your agent

Most agent platforms that support this repo will automatically expose the skill once installed. In configuration UIs or JSON manifests, ensure that:

• azure-resource-lookup is listed among enabled skills.
• The skill has access to the same Azure credentials configured in the previous step.

Refer to your agent framework documentation to finalize any wiring between skills and tools.

Querying Azure resources with the skill

Common natural language prompts

Once wired up, you can interact with azure-resource-lookup using natural language prompts. Examples that align with the SKILL.md intent include:

• Resource listings

  • "List virtual machines in my production subscription."
  • "Show storage accounts in resource group rg-app-prod."
  • "List container apps in region westeurope."

• Tag-based searches

  • "Find resources tagged env=prod in all subscriptions."
  • "Which resources are missing the owner tag in subscription X?"

• Orphaned resources

  • "List unattached managed disks in all subscriptions."
  • "Show idle IP addresses that are not associated with any resource."

• Inventory and counts

  • "Count all resources by type across all subscriptions."
  • "How many storage accounts are in each region?"

• State-based queries

  • "Show virtual machines that are stopped."
  • "List resources in a failed provisioning state."

The skill translates these requests into Azure Resource Graph queries and returns structured results suitable for reporting or follow-up analysis.

Using Azure Resource Graph query patterns

For more advanced scenarios, review the reference file references/azure-resource-graph.md in the repository. It documents:

• The standard az graph query command format:

  az graph query -q "<KQL>" --query "data[].{col1:field1, col2:field2}" -o table
  

• Key tables such as Resources, ResourceContainers, HealthResources, and more.
• KQL basics for Resource Graph, like =~ (case-insensitive comparison), mv-expand, isempty(), and tostring().
• Practical inventory patterns like:
  • Counting resources by type.
  • Grouping resources by location.

Even if you do not run az graph query manually, these patterns help you understand what the skill is doing under the hood and how to interpret its outputs.

Integrating into workflows and reporting

Because azure-resource-lookup focuses on read-only inventory and discovery, it fits naturally into:

• Operational dashboards – feed the results into reporting tools for daily overviews of resource counts and coverage.
• Governance and compliance checks – regularly scan for missing tags or disallowed configurations.
• Cleanup campaigns – identify orphaned disks, unused NICs, or idle IPs before running deletion workflows with other tools.
• Release and environment reviews – verify which resources exist in each environment after deployments.

Use this skill as the information layer in larger workflows: it tells you what exists and in what state, while other tools perform changes when needed.

FAQ

What does azure-resource-lookup actually rely on under the hood?

azure-resource-lookup is built to work with Azure Resource Graph, Azure's indexed metadata service for ARM resources. It issues ARG-style queries to quickly search and filter resources across subscriptions and resource groups, then returns those results through your agent.

Can I use azure-resource-lookup to create or delete Azure resources?

No. azure-resource-lookup is a read-only discovery and reporting skill. It is explicitly not intended for deploying, changing, or deleting Azure resources. For those tasks, pair it with deployment tools such as ARM/Bicep templates, Terraform, or other automation skills.

Does this skill support non-Azure clouds?

No. azure-resource-lookup is specific to Azure Resource Manager resources exposed via Azure Resource Graph. It does not query AWS, GCP, or on-premises environments.

Is azure-resource-lookup suitable for cost analysis or optimization?

Not directly. While you can use it to inventory resources (which is often an input to cost work), the skill is not designed for cost optimization. It does not provide cost calculations, price estimates, or rightsizing recommendations.

What permissions are required to use this skill?

You need at least read access (for example, Reader role) to the subscriptions and resource groups you want to query. Because azure-resource-lookup is read-only and uses Resource Graph, elevated permissions beyond read are generally not necessary.

How does azure-resource-lookup compare to using the Azure Portal resource search?

The Azure Portal offers interactive search and filtering. azure-resource-lookup, by contrast, provides:

• Scriptable, repeatable queries across many subscriptions.
• Structured output that agents and workflows can consume automatically.
• Natural language entry points, so you do not need to hand-write KQL for every question.

It is especially valuable when you want consistent, automated inventory and discovery rather than ad-hoc manual searches.

Where can I see more query examples?

Within the azure-resource-lookup directory in the microsoft/azure-skills repository, open:

• SKILL.md for high-level behavior and usage notes.
• references/azure-resource-graph.md for concrete Azure Resource Graph query patterns and KQL tips.

Use these examples as a reference for understanding and extending the kinds of questions you ask through the skill.

When should I choose another skill instead?

Consider a different or additional skill when you need to:

• Change infrastructure (create, update, delete, scale resources).
• Manage workloads inside resources (for example, application deployments, database schemas, or Kubernetes objects).
• Perform detailed cost, performance, or security analysis beyond metadata-level reporting.

In those cases, use azure-resource-lookup for discovery and inventory, then hand off to specialized deployment, monitoring, or security tools for the next steps.