Adding additional query includes

Author: jasongroce

articles/governance/resource-graph/includes/query/app-service-resources-tls-version.md

@@ -0,0 +1,39 @@
+---
+ms.service: resource-graph
+ms.topic: include
+ms.date: 12/13/2023
+author: davidsmatlak
+ms.author: davidsmatlak
+---
+
+### List Azure App Service TLS version
+
+List an Azure App Service's minimum Transport Layer Security (TLS) version for incoming requests to a web app.
+
+```kusto
+AppServiceResources
+| where type =~ 'microsoft.web/sites/config'
+| project id, name, properties.MinTlsVersion
+```
+
+# [Azure CLI](#tab/azure-cli)
+
+```azurecli-interactive
+az graph query -q "AppServiceResources | where type =~ 'microsoft.web/sites/config' | project id, name, properties.MinTlsVersion"
+```
+
+# [Azure PowerShell](#tab/azure-powershell)
+
+```azurepowershell-interactive
+Search-AzGraph -Query "AppServiceResources | where type =~ 'microsoft.web/sites/config' | project id, name, properties.MinTlsVersion"
+```
+
+# [Portal](#tab/azure-portal)
+
+
+
+- Azure portal: <a href="https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade/query/AppServiceResources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.web%2Fsites%2Fconfig%27%0D%0A%7C%20project%20id%2C%20name%2C%20properties.MinTlsVersion" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/#blade/HubsExtension/ArgQueryBlade/query/AppServiceResources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.web%2Fsites%2Fconfig%27%0D%0A%7C%20project%20id%2C%20name%2C%20properties.MinTlsVersion" target="_blank">portal.azure.us</a>
+- Microsoft Azure operated by 21Vianet portal: <a href="https://portal.azure.cn/#blade/HubsExtension/ArgQueryBlade/query/AppServiceResources%0D%0A%7C%20where%20type%20%3D~%20%27microsoft.web%2Fsites%2Fconfig%27%0D%0A%7C%20project%20id%2C%20name%2C%20properties.MinTlsVersion" target="_blank">portal.azure.cn</a>
+
+---

articles/governance/resource-graph/includes/query/authorization-resources-classic-administrators-key-properties.md

@@ -0,0 +1,41 @@
+---
+ms.service: resource-graph
+ms.topic: include
+ms.date: 08/24/2023
+author: danielkim916
+ms.author: danielkim
+---
+
+### Get classic administrators with key properties
+
+Provides a sample of [classic administrators](../../../../../role-based-access-control/classic-administrators.md) and some of the resources relevant properties.
+
+```kusto
+authorizationresources
+| where type =~ 'microsoft.authorization/classicadministrators'
+| extend state = properties.adminState
+| extend roles = split(properties.role, ';')
+| take 5
+```
+
+# [Azure CLI](#tab/azure-cli)
+
+```azurecli-interactive
+az graph query -q "authorizationresources | where type =~ 'microsoft.authorization/classicadministrators' | extend state = properties.adminState | extend roles = split(properties.role, ';') | take 5"
+```
+
+# [Azure PowerShell](#tab/azure-powershell)
+
+```azurepowershell-interactive
+Search-AzGraph -Query "authorizationresources | where type =~ 'microsoft.authorization/classicadministrators' | extend state = properties.adminState | extend roles = split(properties.role, ';') | take 5"
+```
+
+# [Portal](#tab/azure-portal)
+
+
+
+- Azure portal: <a href="https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Fclassicadministrators%27%0A%7C%20extend%20state%20%3D%20properties.adminState%0A%7C%20extend%20roles%20%3D%20split%28properties.role%2C%20%27%3B%27%29%0A%7C%20take%205" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Fclassicadministrators%27%0A%7C%20extend%20state%20%3D%20properties.adminState%0A%7C%20extend%20roles%20%3D%20split%28properties.role%2C%20%27%3B%27%29%0A%7C%20take%205" target="_blank">portal.azure.us</a>
+- Microsoft Azure operated by 21Vianet portal: <a href="https://portal.azure.cn/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Fclassicadministrators%27%0A%7C%20extend%20state%20%3D%20properties.adminState%0A%7C%20extend%20roles%20%3D%20split%28properties.role%2C%20%27%3B%27%29%0A%7C%20take%205" target="_blank">portal.azure.cn</a>
+
+---

articles/governance/resource-graph/includes/query/authorization-resources-role-assignments-key-properties.md

@@ -0,0 +1,43 @@
+---
+ms.service: resource-graph
+ms.topic: include
+ms.date: 07/10/2023
+author: davidsmatlak
+ms.author: davidsmatlak
+---
+
+### Get role assignments with key properties
+
+Provides a sample of [role assignments](../../../../../role-based-access-control/role-assignments.md) and some of the resources relevant properties.
+
+```kusto
+authorizationresources
+| where type =~ 'microsoft.authorization/roleassignments'
+| extend roleDefinitionId = properties.roleDefinitionId
+| extend principalType = properties.principalType
+| extend principalId = properties.principalId
+| extend scope = properties.scope
+| take 5
+```
+
+# [Azure CLI](#tab/azure-cli)
+
+```azurecli-interactive
+az graph query -q "authorizationresources | where type =~ 'microsoft.authorization/roleassignments' | extend roleDefinitionId = properties.roleDefinitionId | extend principalType = properties.principalType | extend principalId = properties.principalId | extend scope = properties.scope | take 5"
+```
+
+# [Azure PowerShell](#tab/azure-powershell)
+
+```azurepowershell-interactive
+Search-AzGraph -Query "authorizationresources | where type =~ 'microsoft.authorization/roleassignments' | extend roleDefinitionId = properties.roleDefinitionId | extend principalType = properties.principalType | extend principalId = properties.principalId | extend scope = properties.scope | take 5"
+```
+
+# [Portal](#tab/azure-portal)
+
+
+
+- Azure portal: <a href="https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Froleassignments%27%0A%7C%20extend%20roleDefinitionId%20%3D%20properties.roleDefinitionId%0A%7C%20extend%20principalType%20%3D%20properties.principalType%0A%7C%20extend%20principalId%20%3D%20properties.principalId%0A%7C%20extend%20scope%20%3D%20properties.scope%0A%7C%20take%205" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Froleassignments%27%0A%7C%20extend%20roleDefinitionId%20%3D%20properties.roleDefinitionId%0A%7C%20extend%20principalType%20%3D%20properties.principalType%0A%7C%20extend%20principalId%20%3D%20properties.principalId%0A%7C%20extend%20scope%20%3D%20properties.scope%0A%7C%20take%205" target="_blank">portal.azure.us</a>
+- Microsoft Azure operated by 21Vianet portal: <a href="https://portal.azure.cn/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Froleassignments%27%0A%7C%20extend%20roleDefinitionId%20%3D%20properties.roleDefinitionId%0A%7C%20extend%20principalType%20%3D%20properties.principalType%0A%7C%20extend%20principalId%20%3D%20properties.principalId%0A%7C%20extend%20scope%20%3D%20properties.scope%0A%7C%20take%205" target="_blank">portal.azure.cn</a>
+
+---

articles/governance/resource-graph/includes/query/authorization-resources-role-definitions-actions-list.md

@@ -0,0 +1,47 @@
+---
+ms.service: resource-graph
+ms.topic: include
+ms.date: 07/10/2023
+author: davidsmatlak
+ms.author: davidsmatlak
+---
+
+### Get role definitions with actions
+
+Displays a sample of [role definitions](../../../../../role-based-access-control/role-definitions.md) with an expanded list of actions and not actions for each role definition's permissions list.
+
+```kusto
+authorizationresources
+| where type =~ 'microsoft.authorization/roledefinitions'
+| extend assignableScopes = properties.assignableScopes
+| extend permissionsList = properties.permissions
+| extend isServiceRole = properties.isServiceRole
+| mv-expand permissionsList
+| extend Actions = permissionsList.Actions
+| extend notActions = permissionsList.notActions
+| extend DataActions = permissionsList.DataActions
+| extend notDataActions = permissionsList.notDataActions
+| take 5
+```
+
+# [Azure CLI](#tab/azure-cli)
+
+```azurecli-interactive
+az graph query -q "authorizationresources | where type =~ 'microsoft.authorization/roledefinitions' | extend assignableScopes = properties.assignableScopes | extend permissionsList = properties.permissions | extend isServiceRole = properties.isServiceRole | mv-expand permissionsList | extend Actions = permissionsList.Actions | extend notActions = permissionsList.notActions | extend DataActions = permissionsList.DataActions | extend notDataActions = permissionsList.notDataActions | take 5"
+```
+
+# [Azure PowerShell](#tab/azure-powershell)
+
+```azurepowershell-interactive
+Search-AzGraph -Query "authorizationresources | where type =~ 'microsoft.authorization/roledefinitions' | extend assignableScopes = properties.assignableScopes | extend permissionsList = properties.permissions | extend isServiceRole = properties.isServiceRole | mv-expand permissionsList | extend Actions = permissionsList.Actions | extend notActions = permissionsList.notActions | extend DataActions = permissionsList.DataActions | extend notDataActions = permissionsList.notDataActions | take 5"
+```
+
+# [Portal](#tab/azure-portal)
+
+
+
+- Azure portal: <a href="https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Froledefinitions%27%0A%7C%20extend%20assignableScopes%20%3D%20properties.assignableScopes%0A%7C%20extend%20permissionsList%20%3D%20properties.permissions%0A%7C%20extend%20isServiceRole%20%3D%20properties.isServiceRole%0A%7C%20mv-expand%20permissionsList%0A%7C%20extend%20Actions%20%3D%20permissionsList.Actions%0A%7C%20extend%20notActions%20%3D%20permissionsList.notActions%0A%7C%20extend%20DataActions%20%3D%20permissionsList.DataActions%0A%7C%20extend%20notDataActions%20%3D%20permissionsList.notDataActions%0A%7C%20take%205" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Froledefinitions%27%0A%7C%20extend%20assignableScopes%20%3D%20properties.assignableScopes%0A%7C%20extend%20permissionsList%20%3D%20properties.permissions%0A%7C%20extend%20isServiceRole%20%3D%20properties.isServiceRole%0A%7C%20mv-expand%20permissionsList%0A%7C%20extend%20Actions%20%3D%20permissionsList.Actions%0A%7C%20extend%20notActions%20%3D%20permissionsList.notActions%0A%7C%20extend%20DataActions%20%3D%20permissionsList.DataActions%0A%7C%20extend%20notDataActions%20%3D%20permissionsList.notDataActions%0A%7C%20take%205" target="_blank">portal.azure.us</a>
+- Microsoft Azure operated by 21Vianet portal: <a href="https://portal.azure.cn/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Froledefinitions%27%0A%7C%20extend%20assignableScopes%20%3D%20properties.assignableScopes%0A%7C%20extend%20permissionsList%20%3D%20properties.permissions%0A%7C%20extend%20isServiceRole%20%3D%20properties.isServiceRole%0A%7C%20mv-expand%20permissionsList%0A%7C%20extend%20Actions%20%3D%20permissionsList.Actions%0A%7C%20extend%20notActions%20%3D%20permissionsList.notActions%0A%7C%20extend%20DataActions%20%3D%20permissionsList.DataActions%0A%7C%20extend%20notDataActions%20%3D%20permissionsList.notDataActions%0A%7C%20take%205" target="_blank">portal.azure.cn</a>
+
+---

articles/governance/resource-graph/includes/query/authorization-resources-role-definitions-key-properties.md

@@ -0,0 +1,42 @@
+---
+ms.service: resource-graph
+ms.topic: include
+ms.date: 07/10/2023
+author: davidsmatlak
+ms.author: davidsmatlak
+---
+
+### Get role definitions with key properties
+
+Provides a sample of [role definitions](../../../../../role-based-access-control/role-definitions.md) and some of the resources relevant properties.
+
+```kusto
+authorizationresources
+| where type =~ 'microsoft.authorization/roledefinitions'
+| extend assignableScopes = properties.assignableScopes
+| extend permissionsList = properties.permissions
+| extend isServiceRole = properties.isServiceRole
+| take 5
+```
+
+# [Azure CLI](#tab/azure-cli)
+
+```azurecli-interactive
+az graph query -q "authorizationresources | where type =~ 'microsoft.authorization/roledefinitions' | extend assignableScopes = properties.assignableScopes | extend permissionsList = properties.permissions | extend isServiceRole = properties.isServiceRole | take 5"
+```
+
+# [Azure PowerShell](#tab/azure-powershell)
+
+```azurepowershell-interactive
+Search-AzGraph -Query "authorizationresources | where type =~ 'microsoft.authorization/roledefinitions' | extend assignableScopes = properties.assignableScopes | extend permissionsList = properties.permissions | extend isServiceRole = properties.isServiceRole | take 5"
+```
+
+# [Portal](#tab/azure-portal)
+
+
+
+- Azure portal: <a href="https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Froledefinitions%27%0A%7C%20extend%20assignableScopes%20%3D%20properties.assignableScopes%0A%7C%20extend%20permissionsList%20%3D%20properties.permissions%0A%7C%20extend%20isServiceRole%20%3D%20properties.isServiceRole%0A%7C%20take%205" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Froledefinitions%27%0A%7C%20extend%20assignableScopes%20%3D%20properties.assignableScopes%0A%7C%20extend%20permissionsList%20%3D%20properties.permissions%0A%7C%20extend%20isServiceRole%20%3D%20properties.isServiceRole%0A%7C%20take%205" target="_blank">portal.azure.us</a>
+- Microsoft Azure operated by 21Vianet portal: <a href="https://portal.azure.cn/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Froledefinitions%27%0A%7C%20extend%20assignableScopes%20%3D%20properties.assignableScopes%0A%7C%20extend%20permissionsList%20%3D%20properties.permissions%0A%7C%20extend%20isServiceRole%20%3D%20properties.isServiceRole%0A%7C%20take%205" target="_blank">portal.azure.cn</a>
+
+---

articles/governance/resource-graph/includes/query/authorization-resources-role-definitions-permissions-list.md

@@ -0,0 +1,47 @@
+---
+ms.service: resource-graph
+ms.topic: include
+ms.date: 07/10/2023
+author: davidsmatlak
+ms.author: davidsmatlak
+---
+
+### Get role definitions with permissions listed out
+
+Displays a summary of the `Actions` and `notActions` for each unique role definition.
+
+```kusto
+authorizationresources
+| where type =~ 'microsoft.authorization/roledefinitions'
+| extend assignableScopes = properties.assignableScopes
+| extend permissionsList = properties.permissions
+| extend isServiceRole = properties.isServiceRole
+| mv-expand permissionsList
+| extend Actions = permissionsList.Actions
+| extend notActions = permissionsList.notActions
+| extend DataActions = permissionsList.DataActions
+| extend notDataActions = permissionsList.notDataActions
+| summarize make_set(Actions), make_set(notActions), make_set(DataActions), make_set(notDataActions), any(assignableScopes, isServiceRole) by id
+```
+
+# [Azure CLI](#tab/azure-cli)
+
+```azurecli-interactive
+az graph query -q "authorizationresources | where type =~ 'microsoft.authorization/roledefinitions' | extend assignableScopes = properties.assignableScopes | extend permissionsList = properties.permissions | extend isServiceRole = properties.isServiceRole | mv-expand permissionsList | extend Actions = permissionsList.Actions | extend notActions = permissionsList.notActions | extend DataActions = permissionsList.DataActions | extend notDataActions = permissionsList.notDataActions | summarize make_set(Actions), make_set(notActions), make_set(DataActions), make_set(notDataActions), any(assignableScopes, isServiceRole) by id"
+```
+
+# [Azure PowerShell](#tab/azure-powershell)
+
+```azurepowershell-interactive
+Search-AzGraph -Query "authorizationresources | where type =~ 'microsoft.authorization/roledefinitions' | extend assignableScopes = properties.assignableScopes | extend permissionsList = properties.permissions | extend isServiceRole = properties.isServiceRole | mv-expand permissionsList | extend Actions = permissionsList.Actions | extend notActions = permissionsList.notActions | extend DataActions = permissionsList.DataActions | extend notDataActions = permissionsList.notDataActions | summarize make_set(Actions), make_set(notActions), make_set(DataActions), make_set(notDataActions), any(assignableScopes, isServiceRole) by id"
+```
+
+# [Portal](#tab/azure-portal)
+
+
+
+- Azure portal: <a href="https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Froledefinitions%27%0A%7C%20extend%20assignableScopes%20%3D%20properties.assignableScopes%0A%7C%20extend%20permissionsList%20%3D%20properties.permissions%0A%7C%20extend%20isServiceRole%20%3D%20properties.isServiceRole%0A%7C%20mv-expand%20permissionsList%0A%7C%20extend%20Actions%20%3D%20permissionsList.Actions%0A%7C%20extend%20notActions%20%3D%20permissionsList.notActions%0A%7C%20extend%20DataActions%20%3D%20permissionsList.DataActions%0A%7C%20extend%20notDataActions%20%3D%20permissionsList.notDataActions%0A%7C%20summarize%20make_set%28Actions%29%2C%20make_set%28notActions%29%2C%20make_set%28DataActions%29%2C%20make_set%28notDataActions%29%2C%20any%28assignableScopes%2C%20isServiceRole%29%20by%20id" target="_blank">portal.azure.com</a>
+- Azure Government portal: <a href="https://portal.azure.us/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Froledefinitions%27%0A%7C%20extend%20assignableScopes%20%3D%20properties.assignableScopes%0A%7C%20extend%20permissionsList%20%3D%20properties.permissions%0A%7C%20extend%20isServiceRole%20%3D%20properties.isServiceRole%0A%7C%20mv-expand%20permissionsList%0A%7C%20extend%20Actions%20%3D%20permissionsList.Actions%0A%7C%20extend%20notActions%20%3D%20permissionsList.notActions%0A%7C%20extend%20DataActions%20%3D%20permissionsList.DataActions%0A%7C%20extend%20notDataActions%20%3D%20permissionsList.notDataActions%0A%7C%20summarize%20make_set%28Actions%29%2C%20make_set%28notActions%29%2C%20make_set%28DataActions%29%2C%20make_set%28notDataActions%29%2C%20any%28assignableScopes%2C%20isServiceRole%29%20by%20id" target="_blank">portal.azure.us</a>
+- Microsoft Azure operated by 21Vianet portal: <a href="https://portal.azure.cn/#blade/HubsExtension/ArgQueryBlade/query/authorizationresources%0A%7C%20where%20type%20%3D~%20%27microsoft.authorization%2Froledefinitions%27%0A%7C%20extend%20assignableScopes%20%3D%20properties.assignableScopes%0A%7C%20extend%20permissionsList%20%3D%20properties.permissions%0A%7C%20extend%20isServiceRole%20%3D%20properties.isServiceRole%0A%7C%20mv-expand%20permissionsList%0A%7C%20extend%20Actions%20%3D%20permissionsList.Actions%0A%7C%20extend%20notActions%20%3D%20permissionsList.notActions%0A%7C%20extend%20DataActions%20%3D%20permissionsList.DataActions%0A%7C%20extend%20notDataActions%20%3D%20permissionsList.notDataActions%0A%7C%20summarize%20make_set%28Actions%29%2C%20make_set%28notActions%29%2C%20make_set%28DataActions%29%2C%20make_set%28notDataActions%29%2C%20any%28assignableScopes%2C%20isServiceRole%29%20by%20id" target="_blank">portal.azure.cn</a>
+
+---

articles/governance/resource-graph/includes/query/authorization-resources-troubleshoot-rbac-limits.md

@@ -0,0 +1,11 @@
+---
+ms.service: resource-graph
+ms.topic: include
+ms.date: 08/31/2023
+author: davidsmatlak
+ms.author: davidsmatlak
+---
+
+### Troubleshoot Azure RBAC limits
+
+The `authorizationresources` table can be used to troubleshoot Azure role-based access control (Azure RBAC) if you exceed limits. For more information, go to [Troubleshoot Azure RBAC limits](../../../../../role-based-access-control/troubleshoot-limits.md).