Azure Quick Review (azqr) is a powerful command-line interface (CLI) tool that specializes in analyzing Azure resources to ensure compliance with Azure's best practices and recommendations. Its main objective is to offer users a comprehensive overview of their Azure resources, allowing them to easily identify any non-compliant configurations or areas for improvement.
Azure Quick Review (azqr) scans your resources with 2 types of recommendations:
To learn more about the recommendations used by Azure Quick Review (azqr), you can refer to the documentation available here.
The output generated by Azure Quick Review (azqr) is written by default to an Excel file, which contains the following sheets:
By default, Azure Quick Review (azqr) obfuscates the Subscription Ids in the output to ensure the protection of sensitive information and maintain data privacy and security. If you want to display the Subscription Ids without obfuscation, you can use the
--mask=false
flag when executing the tool.Azure Quick Review can also generate an csv files with the same information as the excel. To generate the csv files, you can use the
--csv
flag when running the tool.A Power BI template is also available to help you visualize the results generated by Azure Quick Review. You can create the template running Azure Quick Review with the
pbi
command and then loading the excel file generated by the tool.
Azure Quick Review (azqr) currently supports the following Azure services:
latest_azqr=$(curl -sL https://api.github.com/repos/Azure/azqr/releases/latest | jq -r ".tag_name" | cut -c1-)
wget https://github.com/Azure/azqr/releases/download/$latest_azqr/azqr-ubuntu-latest-amd64 -O azqr
chmod +x azqr
Use winget
:
winget install azqr
or download the executable file:
$latest_azqr=$(iwr https://api.github.com/repos/Azure/azqr/releases/latest).content | convertfrom-json | Select-Object -ExpandProperty tag_name
iwr https://github.com/Azure/azqr/releases/download/$latest_azqr/azqr-windows-latest-amd64.exe -OutFile azqr.exe
Download the latest release from here.
Azure Quick Review (azqr) supports the following authentication methods:
Azure Quick Review (azqr) requires the following permissions:
To scan all resource groups in all subscription run:
./azqr scan
To scan all resource groups in a specific subscription run:
./azqr scan -s <subscription_id>
To scan a specific resource group in a specific subscription run:
./azqr scan -s <subscription_id> -g <resource_group_name>
For information on available commands and help run:
./azqr -h
You can configure Azure Quick Review to include or exclude specific subscriptions or resource groups and also exclude services or recommendations. To do so, create a yaml
file with the following format:
azqr:
include:
subscriptions:
- <subscription_id> # format: <subscription_id>
resourceGroups:
- <resource_group_resource_id> # format: /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>
exclude:
subscriptions:
- <subscription_id> # format: <subscription_id>
resourceGroups:
- <resource_group_resource_id> # format: /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>
services:
- <service_resource_id> # format: /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/<service_provider>/<service_name>
recommendations:
- <recommendation_id> # format: <recommendation_id>
Then run the scan with the --filters
flag:
./azqr scan --filters <path_to_yaml_file>
Check the rules to get the recommendation ids.
If you encounter any issue while using Azure Quick Review (azqr), please set the AZURE_SDK_GO_LOGGING
environment variable to all
, run the tool with the --debug
flag and then share the console output with us by filing a new issue.
This project uses GitHub Issues to track bugs and feature requests. Before logging an issue please check our troubleshooting guide.
Please search the existing issues before filing new issues to avoid duplicates.
Support for this project / product is limited to the resources listed above.
Thanks to everyone who has contributed!
This project has adopted the Microsoft Open Source Code of Conduct
Trademarks This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft’s Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party’s policies.