Skip to content

feat: 9 new discovery queries + per-resource Activity Log enrichment#36

Merged
Daren9m merged 1 commit into
claude/azure-tenant-cleanup-strategy-dHLP3from
feature/v0.4.0-extended-coverage
Mar 20, 2026
Merged

feat: 9 new discovery queries + per-resource Activity Log enrichment#36
Daren9m merged 1 commit into
claude/azure-tenant-cleanup-strategy-dHLP3from
feature/v0.4.0-extended-coverage

Conversation

@Daren9m
Copy link
Copy Markdown
Collaborator

@Daren9m Daren9m commented Mar 20, 2026
edited
Loading

Summary

High-impact v0.4.0 items — expands discovery from 11 to 20 KQL queries and adds per-resource last-touch tracking.

New KQL Queries (9)

# Query What it finds Procentrix Dev Impact
12 Empty App Service Plans Plans with 0 apps (still billing) 77 plans, $36.5K/yr
13 Orphaned NICs NICs not attached to VMs 16 NICs
14 Storage Account Inventory Full storage inventory with age 198 accounts
15 App Insights Inventory App Insights with workspace links 111 instances
16 Log Analytics Workspaces Workspaces with retention settings 52 workspaces
17 Orphaned Route Tables Route tables with no subnets Unknown
18 Empty Load Balancers LBs with no backends 9 LBs
19 Key Vault Inventory Vaults with soft-delete status 41 vaults
20 SQL Database Inventory Databases with tier/size 18 databases

Per-Resource Activity Log Enrichment

  • Builds last-touch index from Phase 2 activity log data (zero additional API calls)
  • Exports resource-last-touch.csv: ResourceId, LastTouchTime, DaysSinceTouch, LastOperation, LastCaller
  • Tracks dormant resources at individual resource level (not just RG level)
  • Expected to jump timestamp coverage from 4.3% to ~80%

XLSX Report

  • 10 new worksheet mappings added
  • All new queries auto-appear in the Excel report

Test Plan

  • Run Invoke-TenantDiscovery.ps1 — verify all 20 queries execute
  • Verify empty App Service Plans detected (query 12)
  • Verify resource-last-touch.csv generated with per-resource data
  • Verify XLSX report includes new worksheets
  • Generate XLSX with cost data: .\reporting\Export-DiscoveryReport.ps1 -ReportDir .\reports\{latest} -CostCsv .\reports\cost-analysis.csv

Addresses #29, #22, #30

🤖 Generated with Claude Code

@Daren9m @claude
feat: Add 9 new discovery queries and per-resource Activity Log enric…
5deb97b 
…hment

New KQL queries (#29, #22):
- 12: Empty App Service Plans (zero apps deployed, still billing)
- 13: Orphaned NICs (not attached to any VM)
- 14: Storage Account inventory (198 in Procentrix Dev)
- 15: Application Insights inventory (111 instances, 41% untagged)
- 16: Log Analytics Workspace inventory (retention cost tracking)
- 17: Orphaned Route Tables (no subnet associations)
- 18: Empty Load Balancers (no backend pool members)
- 19: Key Vault inventory (soft-delete, purge protection status)
- 20: SQL Database inventory (tier, size, status)

Per-resource Activity Log enrichment (#30):
- Build per-resource last-touch index from Phase 2 activity logs
- Export resource-last-touch.csv with last operation, caller, days since touch
- Track dormant resources (60+ days) at resource level, not just RG level
- Zero additional API cost — reuses existing Phase 2 data

XLSX report updated with 10 new worksheet mappings.

Addresses #29, #22, #30

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Daren9m Daren9m merged commit 202b444 into claude/azure-tenant-cleanup-strategy-dHLP3 Mar 20, 2026
@Daren9m Daren9m deleted the feature/v0.4.0-extended-coverage branch March 20, 2026 02:54
This was referenced Mar 20, 2026
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Daren9m