steampipe plugin install azuresteampipe plugin install azure

Table: azure_management_group - Query Azure Management Groups using SQL

Azure Management Groups offer a level of scope above subscriptions. They provide a hierarchical structure for unified policy and access management across multiple Azure subscriptions. Management groups allow you to organize subscriptions into containers called "management groups" and apply your governance conditions to the management groups.

Table Usage Guide

The azure_management_group table provides insights into Management Groups within Azure. As a system administrator or a DevOps engineer, explore group-specific details through this table, including group hierarchy, subscription associations, and associated metadata. Utilize it to uncover information about groups, such as their structure, the subscriptions they contain, and the policies applied to them.

Important notes:

You need to have at least read access to the specific management group to query this table.

Examples

Basic info

Explore the management groups within your Azure environment to understand their types and the tenants they belong to. This can help in identifying who last updated these groups, aiding in accountability and tracking changes.

select
  id,
  name,
  type,
  tenant_id,
  updated_by
from
  azure_management_group;

select
  id,
  name,
  type,
  tenant_id,
  updated_by
from
  azure_management_group;

List children for management groups

Explore the updated information of Azure Management Groups, including the associated children groups. This is useful for understanding the hierarchical structure and changes made within your Azure Management Groups.

select
  name,
  updated_by,
  jsonb_pretty(children) as children
from
  azure_management_group;

select
  name,
  updated_by,
  children
from
  azure_management_group;

List parent details for management groups

Explore which management groups in Azure have been recently modified and by whom. This can provide insights into changes in the organizational structure and help maintain accountability.

select
  name,
  updated_by,
  jsonb_pretty(parent) as parent
from
  azure_management_group;

select
  name,
  updated_by,
  parent
from
  azure_management_group;

Schema for azure_management_group

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form, e.g. connection_name.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
children	jsonb		The list of children of the management group.
display_name	text		The friendly name of the management group.
id	text		The fully qualified ID for the management group.
name	text	=	The name of the management group.
parent	jsonb		The associated parent management group.
tenant_id	text		The AAD Tenant ID associated with the management group.
title	text		Title of the resource.
type	text		The type of the management group.
updated_by	text		The identity of the principal or process that updated the management group.
updated_time	timestamp with time zone		The date and time when this management group was last updated.
version	double precision		The version number of the management group.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azure

You can pass the configuration to the command with the --config argument:

steampipe_export_azure --config '<your_config>' azure_management_group