This solution returns the last 14 days of changes to all resources of a given Azure Resource type.
Tracking changes to an enterprise's resources is critical for reasons such as monitoring for compliance compliance or identifying resources that changed prior to an outage. Changes to Azure resources can be viewed in the portal using Azure Policy and Azure Activity Log Change History. In 2019, Microsoft made this information available for programmatic access via the Azure Resource Graph.
This Python solution queries for changes made to a specific Azure resource type (such as microsoft.storage/storageaccounts) within a provided Azure subscription. The Azure Resource Graph provides up to 14 days of changes for a resource.
The solution produces JSON file containing the changes made to the resources.
To use this solution, a security prinicpal must be created in the Azure AD Tenant with appropriate permissions on the Azure Subscription and Azure Resource types. Microsoft provides instructions on how to create that principal. The reader role is sufficient to query for the resources and the resource chnages.
A sample parameters file is included.
python azure-resource-changes-query.py --parameterfile parameters.json