Microsoft Azure resource inventory discovery

  • Release version: Australia
  • Updated March 12, 2026
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Microsoft Azure resource inventory discovery

    The ServiceNow Discovery application utilizes the Azure Resource Inventory (LP) pattern to identify Azure resources that lack dedicated discovery patterns. This capability allows customers to discover up to 10,000 Azure resources, enhancing visibility into their cloud environment. To ensure optimal function, customers may need to update to the latest Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Show full answer Show less

    Prerequisites

    • Azure Service Principal: Must be configured properly to enable resource discovery.
    • Privileges: For versions 1.3.0 and later, assign users the API Management Service Reader role with permission to execute specific REST POST requests using the appropriate Azure resource URLs. For versions 1.0.99 and earlier, similar permissions are required for REST GET requests targeting subscription resources.

    Configuration and Usage

    • Create a Cloud Discovery Schedule: Set up a discovery schedule for the relevant Azure service account following ServiceNow guidelines for cloud resource discovery schedules.
    • Resource Inclusion List: To avoid duplicate discovery if custom Azure patterns exist, use the Cloud Inventory Resource Inclusion List to exclude resource types covered by custom patterns. This list is predefined but can be customized to include additional Azure resource types following vendor naming conventions. Note that customizing this list disables automatic updates, requiring manual maintenance.
    • Modify ServiceNow Entries: Adjust related entries to link discovered Azure resources to the ServiceNow CMDB correctly, specifically configuring entries like cmdbcicmpresource and key-value pairs representing Azure tags.

    Data Collected and CI Relationships

    The discovery process populates the following key data points:

    • Cloud Resource [cmdbcicmpresource]: Includes resource name, type (e.g., network, load balancer), object ID, and description indicating Azure origin.
    • Key Value [cmdbkeyvalue]: Captures Azure tag keys and values for detailed resource metadata.
    • CI Relationships: Establishes relationships such as "Hosted on" linking Azure resources to Azure datacenters within the CMDB.

    Practical Benefits for ServiceNow Customers

    This discovery pattern enables ServiceNow customers to comprehensively inventory Azure resources that lack dedicated discovery logic, improving CMDB accuracy and cloud asset management. By fine-tuning resource inclusion and properly configuring permissions and schedules, customers can optimize discovery performance and avoid duplication. The enriched CMDB data supports better operational insight and governance of Azure environments.

    The ServiceNow Discovery application uses the Azure Resource Inventory (LP) pattern to find resources available through Azure that don’t have a dedicated pattern. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    You can discover up to 10 thousand resources using the Azure Resource Inventory (LP) pattern.

    Request apps on the Store

    Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Prerequisites

    Azure service principal
    Verify the Azure service principal is configured. For more information, see Discovery for Microsoft Azure
    Privileges
    For versions 1.3.0 and later:

    On the Microsoft Azure Console, provide a user with the API Management Service Reader role with permissions to run the following REST POST request:

    "https://management.<resource url>/providers/microsoft.resourcegraph/resources?api-version=2022-10-01"

    <resource url> – The URL varies based on the Azure account type, like "azure.com" or government site address.

    For versions 1.0.99 and earlier:

    On the Microsoft Azure Console, provide a user with the API Management Service Reader role with permissions to run the following REST GET request:

    "https://management.azure.com/subscriptions/<subscription id>/resources"

    Create a Cloud Discovery schedule
    Create a schedule for the relevant Azure service account as described in Create Discovery schedules for cloud resources
    Fine-tune Azure inventory discovery using the Resource Inclusion List
    If your deployment has custom patterns for Azure discovery, ensure that you don’t discover Azure resources twice.
    Note:
    Leaving the [pre_resource_whitelist] table empty causes the Pattern to populate all resources and it might cause performance issues.
    1. Ensure that the application scope is Discovery and Service Mapping Patterns:
      1. Navigate to Settings > Developer.
      2. Select Discovery and Service Mapping Patterns from the Application list.
    2. Navigate to System Definitions > Tables.
    3. Open the Cloud Inventory Resource Inclusion List [sa_cloud_inventory_resource_whitelist] table.
    4. Under Related Links, click Show List.
    5. Select resource types for which you have custom patterns, and select Delete from the Actions on selected rows list.
    The Cloud Inventory Resource Inclusion List is predefined with common services. You can expand the inclusion list with additional resource types that you want the pattern to discover. The names of these resource types must conform to the appropriate vendor naming conventions.
    Note:
    When you modify the out-of-the-box inclusion list, it is no longer updated automatically in application updates. You must maintain the customized list on your own.
    1. Open the Cloud Inventory Resource Inclusion List [sa_cloud_inventory_resource_whitelist] table.
    2. Click New.
    3. Fill in the form, and then click Submit.
      Field Description
      Cloud Vendor The vendor of the resource type: Azure.
      Resource Type The Azure resource type value.
      Application The application scope: Discovery and Service Mapping Patterns.
    The changes are applied the next time you run the pattern.
    Modify the ServiceNow related entries
    1. Navigate to Related Entries.
    2. Click New.
    3. For the identifier, enter cmdb_ci_cmp_resource.
    4. For the related table, select Key Value [cmdb_key_value].
    5. For the referenced field, select Configuration Item.
    6. For the criterion attributes, add Key and Value.

      You may need to click the lock icon Lock icon to view and change the criterion attributes.


    Related entry form

    Data collected by Discovery during horizontal discovery

    Table and field Additional information
    Cloud Resource [cmdb_ci_cmp_resource]
    Name A descriptive name used to identify the Azure resource.
    Resource type The type of the resource, for example network, load balancer.
    Object ID The ID of the Azure resource.
    Description The text populated during discovery that specifies that this resource is available from Azure.
    Key Value [cmdb_key_value]
    Key The Azure tag key name.
    Value The Azure tag value name.

    CI relationships

    These relationships are created to support Azure resource inventory discovery:
    CI Relationship CI
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on:Hosts

    Azure datacenter [cmdb_ci_azure_datacenter]