Table: azure_management_group - Query Azure Management Groups using SQL
Azure Management Groups offer a level of scope above subscriptions. They provide a hierarchical structure for unified policy and access management across multiple Azure subscriptions. Management groups allow you to organize subscriptions into containers called "management groups" and apply your governance conditions to the management groups.
Table Usage Guide
The azure_management_group table provides insights into Management Groups within Azure. As a system administrator or a DevOps engineer, explore group-specific details through this table, including group hierarchy, subscription associations, and associated metadata. Utilize it to uncover information about groups, such as their structure, the subscriptions they contain, and the policies applied to them.
Important notes:
- You need to have at least read access to the specific management group to query this table.
Examples
Basic info
Explore the management groups within your Azure environment to understand their types and the tenants they belong to. This can help in identifying who last updated these groups, aiding in accountability and tracking changes.
select id, name, type, tenant_id, updated_byfrom azure_management_group;select id, name, type, tenant_id, updated_byfrom azure_management_group;List children for management groups
Explore the updated information of Azure Management Groups, including the associated children groups. This is useful for understanding the hierarchical structure and changes made within your Azure Management Groups.
select name, updated_by, jsonb_pretty(children) as childrenfrom azure_management_group;select name, updated_by, childrenfrom azure_management_group;List parent details for management groups
Explore which management groups in Azure have been recently modified and by whom. This can provide insights into changes in the organizational structure and help maintain accountability.
select name, updated_by, jsonb_pretty(parent) as parentfrom azure_management_group;select name, updated_by, parentfrom azure_management_group;Schema for azure_management_group
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| children | jsonb | The list of children of the management group. | |
| display_name | text | The friendly name of the management group. | |
| id | text | The fully qualified ID for the management group. | |
| name | text | = | The name of the management group. |
| parent | jsonb | The associated parent management group. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| tenant_id | text | The AAD Tenant ID associated with the management group. | |
| title | text | Title of the resource. | |
| type | text | The type of the management group. | |
| updated_by | text | The identity of the principal or process that updated the management group. | |
| updated_time | timestamp with time zone | The date and time when this management group was last updated. | |
| version | double precision | The version number of the management group. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_management_group