Metrics Library

I have an issue when Virtual Machine Reservations expire, I have no idea when they expire. It would be great to be able to pull a list for reporting and managing the expiry. N/A

This query is used to find Azure Virtual Machines that are running the Windows operating system, but do not have the Azure Hybrid Benefits license type enabled.The Azure Hybrid Benefits program allows users to save money on Windows licenses by using their existing on-premises licenses for Windows Server. When a Virtual Machine is running Windows, but does not have the Azure Hybrid Benefits license type enabled (i.e., the licenseType property is null), it means that the user is not taking advantage of this cost-saving program.The query returns the names of all Virtual Machines that meet these criteria, allowing users to identify which machines are not using Azure Hybrid Benefits and potentially saving money on Windows licenses.For more information on Azure Hybrid benefits please see this link: https://learn.microsoft.com/en-us/windows-server/get-started/azure-hybrid-benefit VirtualMachines[?properties.licenseType==null && properties.storageProfile.osDisk.osType=='Windows'].name

Provides the OS Type of an Azure VM - useful for VM specific asset management or onboarding device discovery (especially devices not connected to AD like Linux boxes!) VirtualMachines[].properties.storageProfile.osDisk.osType

Azure level VM name VirtualMachines[].properties.osProfile.computerName

Shows the VM image publisher VirtualMachines[].properties.storageProfile.imageReference.publisher

Shows the configured Admin username VirtualMachines[].properties.osProfile.adminUsername

This metric lists all Windows virtual machines that have a null licenseType property. A null licenseType property indicates that the Hybrid Benefits are not applied to the virtual machine. This presents an opportunity for cost savings by providing license coverage through another means such as CSP (Cloud Solution Provider) or SPLA (Services Provider License Agreement) with software assurance. By identifying such virtual machines, organizations can take steps to optimize licensing costs and ensure compliance.See the following link for restrictions, limitations, and/or more information: https://learn.microsoft.com/en-us/windows-server/get-started/azure-hybrid-benefit VirtualMachines[?properties.licenseType==null && properties.storageProfile.osDisk.osType=='Windows'].name

This query is used to find Azure Network Security Groups that have a rule which allows access to port 3389 (RDP) from any source (*). The query returns the name of any security groups that have this rule.Leaving RDP (Remote Desktop Protocol) exposed to access from any source is generally considered a security risk because it could allow unauthorized individuals or malicious software to gain access to the system. This rule is automatically created by default when provisioning Virtual Machines in Azure and should be removed (or limited) immediately after establishing other remote access mechanisms. Please not that this query does not evaluate for other rules that may supersede and mitigate this risky configuration. NetworkSecurityGroups[?properties.securityRules[?properties.sourceAddressPrefix == '*' && properties.destinationPortRange == '3389' && properties.access == 'Allow']].name

Lists all snapshots including their:NameTime CreatedTime since createdSize in GB Snapshots[].join('', ['Name: ' , name, ' | Time Created: ', date_format(properties.timeCreated, 'MMM-DD-YYYY @ hh:mm A'), ' | Age: ', to_string(time_since(properties.timeCreated, 'days')), ' days | Size: ', to_string(properties.diskSizeGB), 'GB'])

Created this metric for change tracking Azure VM SKUs. Out of the box Liongard does not include VM names associated with the detected change in the log...now it does! VirtualMachines[].join( , , [join( : , [ Name , name]), join( : , [ Size , properties.hardwareProfile.vmSize])])