azure-resource-lookup
Azure Resource Lookup
List, find, and discover Azure resources of any type across subscriptions and resource groups. Use Azure Resource Graph (ARG) for fast, cross-cutting queries when dedicated MCP tools don't cover the resource type.
When to Use This Skill
Use this skill when the user wants to:
- List resources of any type (VMs, web apps, storage accounts, container apps, databases, etc.)
- Show resources in a specific subscription or resource group
- Query resources across multiple subscriptions or resource types
- Find orphaned resources (unattached disks, unused NICs, idle IPs)
- Discover resources missing required tags or configurations
- Get a resource inventory spanning multiple types
- Find resources in a specific state (unhealthy, failed provisioning, stopped)
- Answer "what resources do I have?" or "show me my Azure resources"
💡 Tip: For single-resource-type queries, first check if a dedicated MCP tool can handle it (see routing table below). If none exists, use Azure Resource Graph.
Quick Reference
| Property | Value |
|---|---|
| Query Language | KQL (Kusto Query Language subset) |
| CLI Command | az graph query -q "<KQL>" -o table |
| Extension | az extension add --name resource-graph |
| MCP Tool | extension_cli_generate with intent for az graph query |
| Best For | Cross-subscription queries, orphaned resources, tag audits |
MCP Tools
| Tool | Purpose | When to Use |
|---|---|---|
extension_cli_generate |
Generate az graph query commands |
Primary tool — generate ARG queries from user intent |
mcp_azure_mcp_subscription_list |
List available subscriptions | Discover subscription scope before querying |
mcp_azure_mcp_group_list |
List resource groups | Narrow query scope |
Workflow
Step 1: Check for a Dedicated MCP Tool
For single-resource-type queries, check if a dedicated MCP tool can handle it:
| Resource Type | MCP Tool | Coverage |
|---|---|---|
| Virtual Machines | compute |
✅ Full — list, details, sizes |
| Storage Accounts | storage |
✅ Full — accounts, blobs, tables |
| Cosmos DB | cosmos |
✅ Full — accounts, databases, queries |
| Key Vault | keyvault |
⚠️ Partial — secrets/keys only, no vault listing |
| SQL Databases | sql |
⚠️ Partial — requires resource group name |
| Container Registries | acr |
✅ Full — list registries |
| Kubernetes (AKS) | aks |
✅ Full — clusters, node pools |
| App Service / Web Apps | appservice |
❌ No list command — use ARG |
| Container Apps | — | ❌ No MCP tool — use ARG |
| Event Hubs | eventhubs |
✅ Full — namespaces, hubs |
| Service Bus | servicebus |
✅ Full — queues, topics |
If a dedicated tool is available with full coverage, use it. Otherwise proceed to Step 2.
Step 2: Generate the ARG Query
Use extension_cli_generate to build the az graph query command:
mcp_azure_mcp_extension_cli_generate
intent: "query Azure Resource Graph to <user's request>"
cli-type: "az"
See Azure Resource Graph Query Patterns for common KQL patterns.
Step 3: Execute and Format Results
Run the generated command. Use --query (JMESPath) to shape output:
az graph query -q "<KQL>" --query "data[].{name:name, type:type, rg:resourceGroup}" -o table
Use --first N to limit results. Use --subscriptions to scope.
Error Handling
| Error | Cause | Fix |
|---|---|---|
resource-graph extension not found |
Extension not installed | az extension add --name resource-graph |
AuthorizationFailed |
No read access to subscription | Check RBAC — need Reader role |
BadRequest on query |
Invalid KQL syntax | Verify table/column names; use =~ for case-insensitive type matching |
| Empty results | No matching resources or wrong scope | Check --subscriptions flag; verify resource type spelling |
Constraints
- ✅ Always use
=~for case-insensitive type matching (types are lowercase) - ✅ Always scope queries with
--subscriptionsor--firstfor large tenants - ✅ Prefer dedicated MCP tools for single-resource-type queries
- ❌ Never use ARG for real-time monitoring (data has slight delay)
- ❌ Never attempt mutations through ARG (read-only)