This query is used to find Azure Network Security Groups that have a rule which allows access to port 3389 (RDP) from any source (*). The query returns the name of any security groups that have this rule.Leaving RDP (Remote Desktop Protocol) exposed to access from any source is generally considered a security risk because it could allow unauthorized individuals or malicious software to gain access to the system. This rule is automatically created by default when provisioning Virtual Machines in Azure and should be removed (or limited) immediately after establishing other remote access mechanisms. Please not that this query does not evaluate for other rules that may supersede and mitigate this risky configuration.

NetworkSecurityGroups[?properties.securityRules[?properties.sourceAddressPrefix == '*' && properties.destinationPortRange == '3389' && properties.access == 'Allow']].name