Kusto continued

 Kusto comes very useful to query information on Azure resources:

Resources

| where type =~ 'Microsoft.Storage/storageAccounts'

| where tags['tag with a space']=='Custom value'

Or even as part of Azure CLI

az graph query -q "Resources | where type =~ 'Microsoft.Storage/storageAccounts' | where tags['tag with a space']=='Custom value'"

Another sample query for finding work items:

let TotalActionsToBeFiled = cluster('accessmanagement.kusto.windows.net').database('AccessGraph').DstsAccountListServer

| where CloudName=='Public' and DivisionName contains "MyCompanyBusinessUnit"

| distinct ServiceId, CloudName

| join kind=leftanti 

( cluster('accessmanagement.kusto.windows.net').database('AccessGraph').DstsAdoptionSRS 

| where CloudName =="Public"  

    ) on ServiceId

|

project env_ver = "2.1", 

env_name = "Microsoft.Tfs.WorkItemsHistory", 

env_time = tostring(now()), 

env_appId = "T:myAppGuid", 

env_appVer = "1", 

ver ="1.0",

name = "OneAccess.MyOrg",

serviceTreeId = ServiceId,

cloudType = CloudName,

environment = "Prod",

id = strcat(ServiceId, ":", CloudName),

assignedTo = "",

url = "https://microsoft.sharepoint.com/:w:/r/teams/oneAccess/_layouts/15/Doc.aspx?",

createdDate = tostring(now()),

dueDate = tostring(now(+90d)),

lastModifiedDate = tostring(now()),

completionCommitDate = "",

closedDate = "",

closedReason = "",

severity = "1";

//Total new items to be filed

let DoesNotExists = TotalActionsToBeFiled

| join kind=leftanti  (cluster('piesecurity.kusto.windows.net').database('OneAccess').OneAccess_MyOrg) on id ; 

// Total items which are already filed and but are still not resolved

let DoesExits = TotalActionsToBeFiled

| join kind=rightsemi (cluster('piesecurity.kusto.windows.net').database('OneAccess').OneAccess_MyOrg) on id ; 

// Combine these two tables

DoesNotExists

|union DoesExits

|order by dueDate asc