Here you can find all the orphan resources queries that build this Workbook.
Resources
| where type has "microsoft.compute/disks"
| extend diskState = tostring(properties.diskState)
| where managedBy == ""
| where not(name endswith "-ASRReplica" or name startswith "ms-asr-")
| extend Details = pack_all()
| project id, resourceGroup, diskState, sku.name, properties.diskSizeGB, location, tags, subscriptionId, Details
Note: Azure Site Recovery (aka: ASR) managed disks are excluded from the orphaned resource query.
1) Enable replication process created a temporary 'Unattached' managed disk that begins with the prefix "ms-asr-".
2) When the replication start, a new managed disk that begin with the suffix "-ASRReplica" created in 'ActiveSAS' state.
Resources
| where type has "microsoft.network/networkinterfaces"
| where isnull(properties.privateEndpoint)
| where isnull(properties.privateLinkService)
| where properties.hostedWorkloads == "[]"
| where properties !has 'virtualmachine'
| extend Details = pack_all()
| project Resource=id, resourceGroup, location, tags, subscriptionId, Details
Note: Azure Netapp Volumes are excluded from the orphaned resource query.
When creating a Volume in Azure Netapp Account:
1) A delegated subnet created in the virtaul network (vNET).
2) A Network Interface created in the subnet with the fields:
- "linkedResourceType": "Microsoft.Netapp/volumes"
- "hostedWorkloads": ["/subscriptions/<SubscriptionId>/resourceGroups/<RG-Name>/providers/Microsoft.NetApp/netAppAccounts/<NetAppAccount-Name>/capacityPools//volumes/<NetAppVolume-Name>"
- "bareMetalServer": { "id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG-Name>/providers/Microsoft.Network/bareMetalServers/<baremetalTenant_svm_ID>"}
Resources
| where type == "microsoft.network/publicipaddresses"
| where properties.ipConfiguration == "" and properties.natGateway == ""
| extend Details = pack_all()
| project Resource=id, resourceGroup, location, subscriptionId, sku.name, tags ,Details
ResourceContainers
| where type == "microsoft.resources/subscriptions/resourcegroups"
| extend rgAndSub = strcat(resourceGroup, "--", subscriptionId)
| join kind=leftouter (
Resources
| extend rgAndSub = strcat(resourceGroup, "--", subscriptionId)
| summarize count() by rgAndSub
) on rgAndSub
| where isnull(count_)
| extend Details = pack_all()
| project subscriptionId, Resource=id, location, tags ,Details
Resources
| where type == "microsoft.network/networksecuritygroups" and isnull(properties.networkInterfaces) and isnull(properties.subnets)
| extend Details = pack_all()
| project subscriptionId, Resource=id, resourceGroup, location, tags, Details
Resources
| where type =~ 'Microsoft.Compute/availabilitySets'
| where properties.virtualMachines == "[]"
| extend Details = pack_all()
| project subscriptionId, Resource=id, resourceGroup, location, tags, Details
resources
| where type == "microsoft.network/routetables"
| where isnull(properties.subnets)
| extend Details = pack_all()
| project subscriptionId, Resource=id, resourceGroup, location, tags, Details
resources
| where type == "microsoft.network/loadbalancers"
| where properties.backendAddressPools == "[]"
| extend Details = pack_all()
| project subscriptionId, Resource=id, resourceGroup, location, tags, Details
resources
| where type =~ "microsoft.web/serverfarms"
| where properties.numberOfSites == 0
| extend Details = pack_all()
| project Resource=id, resourceGroup, location, subscriptionId, Sku=sku.name, Tier=sku.tier, tags ,Details
resources
| where type == "microsoft.network/frontdoorwebapplicationfirewallpolicies"
| where properties.frontendEndpointLinks== "[]" and properties.securityPolicyLinks == "[]"
| extend Details = pack_all()
| project Resource=id, resourceGroup, location, subscriptionId, Sku=sku.name, tags, Details
resources
| where type == "microsoft.network/trafficmanagerprofiles"
| where properties.endpoints == "[]"
| extend Details = pack_all()
| project Resource=id, resourceGroup, location, subscriptionId, tags, Details