Resource Management Overview
Azure provides a unified set of APIs, tools, and services to help you discover, organize, secure, and govern your cloud resources. This page aggregates the most commonly used resources and reference material for managing Azure governance.
Table of Contents
Azure Resource Graph
Resource Graph enables fast, efficient queries across your subscriptions. Use it to inventory resources, enforce naming conventions, and detect drift.
az graph query -q "Resources | where type =~ 'microsoft.compute/virtualmachines' | project name, location, tags"Resource Locks
Prevent accidental deletion or modification of critical resources by applying ReadOnly or CanNotDelete locks.
az lock create --name "ProdLock" --lock-type CanNotDelete --resource-group MyProdRGTagging Strategy
Implement a consistent tagging schema to drive cost allocation, compliance, and automation.
Environment: ProductionDepartment: FinanceOwner: john.doe@example.com
Role‑Based Access Control (RBAC)
Assign built‑in or custom roles at subscription, resource group, or resource scope.
az role assignment create --assignee johndoe@contoso.com \
--role "Contributor" --resource-group MyRGPolicy Definitions
Enforce compliance using built‑in or custom policies. Example: deny VMs without managed disks.
{
"properties": {
"displayName": "Deny VMs without managed disks",
"policyRule": {
"if": {
"allOf": [
{ "field": "type", "equals": "Microsoft.Compute/virtualMachines" },
{ "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id", "exists": "false" }
]
},
"then": { "effect": "deny" }
}
}
}Blueprint Samples
Use Azure Blueprints to deploy compliant environments in one step.
SDK & CLI Examples
Programmatic access via Azure SDK for .NET, Python, and JavaScript.
// .NET (C#) – List all resources in a subscription
var client = new ResourcesManagementClient(new DefaultAzureCredential());
await foreach (var rg in client.ResourceGroups.ListAsync())
{
Console.WriteLine($"{rg.Name} - {rg.Location}");
}Explore more resources: