Would you like a compliance report for Azure best practices on your Azure resources, like the following screenshot shows (in this case for Azure Kubernetes Service)? If so, keep reading!
Where is this coming from?
You might have read some previous posts where I describe the work that the FastTrack for Azure team (where I work) has done in the Azure Review Checklists repo. Essentially, it is a collection of the best practices and recommendations that we discuss with organizations when we review their Azure designs and implementations. There you can find best-practice checklists for Azure Landing Zones, Azure Kubernetes Service, Azure Virtual Desktop, API Management and many more. This repo has been getting quite some traction lately: for example, we were so happy to see this tweet:
These Azure best practices recommendations are stored in JSON format, but for easy consumption you can load them in an Excel spreadsheet (which makes very easy the distributing tasks and tracking action items), or even with a preview web frontend we are working on (check https://aka.ms/ftaaas out, if you want to see a preview).
One of the information pieces that is optionally saved for the checks in those checklists is an Azure Resource Graph query, so that you can quickly verify whether your resources fulfill that particular recommendation or not. Since the checklists (including the Azure Resource Graph queries) are in JSON, why not generating Azure Monitor Workbooks to quickly visualize the results?
If you don’t know what these workbooks are, you can think of them as a collection of queries (that get information from resources such as Log Analytics or Azure Resource Graph) for easy consumption and visualization, so they fit perfectly our purpose of making the compliance results of these recommendations easily accessible.
How do I use this?
Very easy. You just go to the
Workbooks folder of the repository, you open up one of the JSON workbooks stored there, and copy the JSON text. You then go to your Azure Monitor, create a new workbook, edit it in “advanced mode”, and paste the previously copied JSON text:
How good is this?
Today we don’t have checklists in all of the items, but in its current state the Landing Zone and the AKS workbooks can already deliver substantial results, and can give you a good indication of whether you are following many of the documented best practices. For other checklists like AVD or SAP some work still needs to be done to document those ARG queries.
In the near future we want to work on increasing the number of recommendations for which we have an Azure Resource Graph query, which will elevate the quality of the automatically generated workbook. If you see something that doesn’t feel quite right, the next section is written for you.
Can I contribute?
I am glad you ask! The generated workbook will only be as great as the queries that are documented in the checklists. If you find an error, or you can think of how to query a check that has no associated query yet, please do send us a Pull Request, the Azure Review Checklists repo is completely public!