Azure Resource Lookup

List, find, and discover Azure resources of any type across subscriptions and resource groups. Use Azure Resource Graph (ARG) for fast, cross-cutting queries when dedicated MCP tools don't cover the resource type.

When to Use This Skill

Use this skill when the user wants to:

List resources of any type (VMs, web apps, storage accounts, container apps, databases, etc.)
Show resources in a specific subscription or resource group
Query resources across multiple subscriptions or resource types
Find orphaned resources (unattached disks, unused NICs, idle IPs)
Discover resources missing required tags or configurations
Get a resource inventory spanning multiple types
Find resources in a specific state (unhealthy, failed provisioning, stopped)
Answer "what resources do I have?" or "show me my Azure resources"

💡 Tip: For single-resource-type queries, first check if a dedicated MCP tool can handle it (see routing table below). If none exists, use Azure Resource Graph.

Quick Reference

Property	Value
Query Language	KQL (Kusto Query Language subset)
CLI Command	`az graph query -q "<KQL>" -o table`
Extension	`az extension add --name resource-graph`
MCP Tool	`extension_cli_generate` with intent for `az graph query`
Best For	Cross-subscription queries, orphaned resources, tag audits

MCP Tools

Tool	Purpose	When to Use
`extension_cli_generate`	Generate `az graph query` commands	Primary tool — generate ARG queries from user intent
`mcp_azure_mcp_subscription_list`	List available subscriptions	Discover subscription scope before querying
`mcp_azure_mcp_group_list`	List resource groups	Narrow query scope

Workflow

Step 1: Check for a Dedicated MCP Tool

For single-resource-type queries, check if a dedicated MCP tool can handle it:

Resource Type	MCP Tool	Coverage
Virtual Machines	`compute`	✅ Full — list, details, sizes
Storage Accounts	`storage`	✅ Full — accounts, blobs, tables
Cosmos DB	`cosmos`	✅ Full — accounts, databases, queries
Key Vault	`keyvault`	⚠️ Partial — secrets/keys only, no vault listing
SQL Databases	`sql`	⚠️ Partial — requires resource group name
Container Registries	`acr`	✅ Full — list registries
Kubernetes (AKS)	`aks`	✅ Full — clusters, node pools
App Service / Web Apps	`appservice`	❌ No list command — use ARG
Container Apps	—	❌ No MCP tool — use ARG
Event Hubs	`eventhubs`	✅ Full — namespaces, hubs
Service Bus	`servicebus`	✅ Full — queues, topics

If a dedicated tool is available with full coverage, use it. Otherwise proceed to Step 2.

Step 2: Generate the ARG Query

Use extension_cli_generate to build the az graph query command:

mcp_azure_mcp_extension_cli_generate
  intent: "query Azure Resource Graph to <user's request>"
  cli-type: "az"

See Azure Resource Graph Query Patterns for common KQL patterns.

Step 3: Execute and Format Results

Run the generated command. Use --query (JMESPath) to shape output:

az graph query -q "<KQL>" --query "data[].{name:name, type:type, rg:resourceGroup}" -o table

Use --first N to limit results. Use --subscriptions to scope.

Error Handling

Error	Cause	Fix
`resource-graph extension not found`	Extension not installed	`az extension add --name resource-graph`
`AuthorizationFailed`	No read access to subscription	Check RBAC — need Reader role
`BadRequest` on query	Invalid KQL syntax	Verify table/column names; use `=~` for case-insensitive type matching
Empty results	No matching resources or wrong scope	Check `--subscriptions` flag; verify resource type spelling

Constraints

✅ Always use =~ for case-insensitive type matching (types are lowercase)
✅ Always scope queries with --subscriptions or --first for large tenants
✅ Prefer dedicated MCP tools for single-resource-type queries
❌ Never use ARG for real-time monitoring (data has slight delay)
❌ Never attempt mutations through ARG (read-only)

azure-resource-lookup