Merge branch 'main' into feat/grafana

Azure · Oct 1, 2024 · 0e93178 · 0e93178
2 parents 45183c1 + 9cd5e4f
commit 0e93178
Show file tree

Hide file tree

Showing 30 changed files with 53 additions and 11 deletions.
diff --git a/.github/workflows/build-recommendation-object.yml b/.github/workflows/build-recommendation-object.yml
@@ -13,7 +13,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           ref: main
 

diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
         with:
           persist-credentials: false
 
@@ -68,6 +68,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+        uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9
         with:
           sarif_file: results.sarif
diff --git a/azure-resources/ApiManagement/service/kql/740f2c1c-8857-4648-80eb-47d2c56d5a50.kql b/azure-resources/ApiManagement/service/kql/740f2c1c-8857-4648-80eb-47d2c56d5a50.kql
@@ -2,6 +2,7 @@
 // Find all Premium API Management instances that aren't zone redundant
 resources
 | where type =~ 'Microsoft.ApiManagement/service'
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | extend skuName = sku.name
 | where tolower(skuName) == tolower('premium')
 | where isnull(zones) or array_length(zones) < 2

diff --git a/azure-resources/ApiManagement/service/kql/baf3bfc0-32a2-4c0c-926d-c9bf0b49808e.kql b/azure-resources/ApiManagement/service/kql/baf3bfc0-32a2-4c0c-926d-c9bf0b49808e.kql
@@ -5,4 +5,3 @@ resources
 | extend skuName = sku.name
 | where tolower(skuName) != tolower('premium')
 | project recommendationId = "baf3bfc0-32a2-4c0c-926d-c9bf0b49808e", name, id, tags, param1=strcat("SKU: ", skuName)
-
diff --git a/azure-resources/App/managedEnvironments/kql/f4201965-a88d-449d-b3b4-021394719eb2.kql b/azure-resources/App/managedEnvironments/kql/f4201965-a88d-449d-b3b4-021394719eb2.kql
@@ -2,6 +2,7 @@
 // The query filters the qualified Container app environments that do not have Zone Redundancy enabled.
 resources
 | where type =~ "microsoft.app/managedenvironments"
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | where tobool(properties.zoneRedundant) == false
 | project recommendationId = "f4201965-a88d-449d-b3b4-021394719eb2", name, id, tags, param1 = "AvailabilityZones: Single Zone"
 | order by id asc
diff --git a/azure-resources/Cache/Redis/kql/5a44bd30-ae6a-4b81-9b68-dc3a8ffca4d8.kql b/azure-resources/Cache/Redis/kql/5a44bd30-ae6a-4b81-9b68-dc3a8ffca4d8.kql
@@ -2,6 +2,7 @@
 // Find Cache for Redis instances with one or no Zones selected
 resources
 | where type =~ "microsoft.cache/redis"
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | where array_length(zones) <= 1 or isnull(zones)
 | project recommendationId = "5a44bd30-ae6a-4b81-9b68-dc3a8ffca4d8", name, id, tags, param1 = "AvailabilityZones: Single Zone"
 | order by id asc

diff --git a/azure-resources/CognitiveServices/_index.md b/azure-resources/CognitiveServices/_index.md
@@ -1,5 +1,5 @@
 ---
 title: CognitiveServices
 geekdocCollapseSection: true
-geekdocHidden: true
+geekdocHidden: false
 ---
diff --git a/azure-resources/CognitiveServices/accounts/_index.md b/azure-resources/CognitiveServices/accounts/_index.md
@@ -1,7 +1,7 @@
 ---
 title: accounts
 geekdocCollapseSection: true
-geekdocHidden: true
+geekdocHidden: false
 ---
 
 {{< azure-resources-recommendationlist name="azure-resources-recommendationlist" >}}
diff --git a/azure-resources/CognitiveServices/accounts/recommendations.yaml b/azure-resources/CognitiveServices/accounts/recommendations.yaml
@@ -0,0 +1,17 @@
+- description: Enable diagnostic logging for Azure AI services and send the data to Log Analytics
+  aprlGuid: d6d9e18a-9ad2-491e-878d-86d621785453
+  recommendationTypeId: null
+  recommendationControl: Monitoring and Alerting
+  recommendationImpact: Low
+  recommendationResourceType: Microsoft.CognitiveServices/Accounts
+  recommendationMetadataState: Active
+  longDescription: |
+    All Logs and Metrics should be configured. These logs provide rich, frequent data about the operation of a resource that are used for issue identification and debugging.
+  potentialBenefits: Enhanced monitoring and troubleshooting capabilities
+  pgVerified: false
+  publishedToLearn: false
+  automationAvailable: false
+  tags: null
+  learnMoreLink:
+    - name: Enable diagnostic logging for Azure AI services
+      url: "https://learn.microsoft.com/en-us/azure/ai-services/diagnostic-logging"
diff --git a/azure-resources/Compute/galleries/kql/488dcc8b-f2e3-40ce-bf95-73deb2db095f.kql b/azure-resources/Compute/galleries/kql/488dcc8b-f2e3-40ce-bf95-73deb2db095f.kql
@@ -2,6 +2,7 @@
 // Query to list all image versions and its associated image and gallery name whose Storage account type is not using ZRS
 resources
 | where type =~ "microsoft.compute/galleries/images/versions"
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | extend GalleryName = tostring(split(tostring(id), "/")[8]), ImageName = tostring(split(tostring(id), "/")[10])
 | extend StorageAccountType = tostring(properties.publishingProfile.storageAccountType)
 | where StorageAccountType !has "ZRS"

diff --git a/azure-resources/Compute/virtualMachineScaleSets/kql/1422c567-782c-7148-ac7c-5fc14cf45adc.kql b/azure-resources/Compute/virtualMachineScaleSets/kql/1422c567-782c-7148-ac7c-5fc14cf45adc.kql
@@ -2,6 +2,7 @@
 // Find VMSS instances with one or no Zones selected
 resources
 | where type == "microsoft.compute/virtualmachinescalesets"
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | where array_length(zones) <= 1 or isnull(zones)
 | project recommendationId = "1422c567-782c-7148-ac7c-5fc14cf45adc", name, id, tags, param1 = "AvailabilityZones: Single Zone"
 | order by id asc

diff --git a/azure-resources/Compute/virtualMachines/kql/2bd0be95-a825-6f47-a8c6-3db1fb5eb387.kql b/azure-resources/Compute/virtualMachines/kql/2bd0be95-a825-6f47-a8c6-3db1fb5eb387.kql
@@ -2,6 +2,6 @@
 // Find all VMs that are not assigned to a Zone
 Resources
 | where type =~ 'Microsoft.Compute/virtualMachines'
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | where isnull(zones)
 | project recommendationId="2bd0be95-a825-6f47-a8c6-3db1fb5eb387", name, id, tags, param1="No Zone"
-
diff --git a/azure-resources/Compute/virtualMachines/kql/fa0cf4f5-0b21-47b7-89a9-ee936f193ce1.kql b/azure-resources/Compute/virtualMachines/kql/fa0cf4f5-0b21-47b7-89a9-ee936f193ce1.kql
@@ -2,6 +2,7 @@
 // Find eligible Disks that are not zonal nor zone redundant
 resources
 | where type == 'microsoft.compute/disks'
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | where sku has "Premium_LRS" or sku has "StandardSSD_LRS"
 | where sku.name has_cs 'ZRS' or array_length(zones) > 0
 | project recommendationId="fa0cf4f5-0b21-47b7-89a9-ee936f193ce1", name, id, tags, param1 = sku, param2 = sku.name
diff --git a/azure-resources/ContainerRegistry/registries/kql/63491f70-22e4-3b4a-8b0c-845450e46fac.kql b/azure-resources/ContainerRegistry/registries/kql/63491f70-22e4-3b4a-8b0c-845450e46fac.kql
@@ -2,6 +2,7 @@
 // Find all Container Registries that do not have zone redundancy enabled
 resources
 | where type =~ "microsoft.containerregistry/registries"
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | where properties.zoneRedundancy != "Enabled"
 | project recommendationId = "63491f70-22e4-3b4a-8b0c-845450e46fac", name, id, tags, param1=strcat("zoneRedundancy: ", tostring(properties.zoneRedundancy))
 | order by id asc

diff --git a/...e-resources/ContainerService/managedClusters/kql/4f63619f-5001-439c-bacb-8de891287727.kql b/...e-resources/ContainerService/managedClusters/kql/4f63619f-5001-439c-bacb-8de891287727.kql
@@ -2,6 +2,7 @@
 // Returns AKS clusters that do not have any availability zones enabled or only use a single zone
 resources
 | where type =~ "Microsoft.ContainerService/managedClusters"
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | project id, name, tags, location, pools = properties.agentPoolProfiles
 | mv-expand pool = pools
 | extend

diff --git a/azure-resources/DBforMySQL/flexibleServers/kql/88856605-53d8-4bbd-a75b-4a7b14939d32.kql b/azure-resources/DBforMySQL/flexibleServers/kql/88856605-53d8-4bbd-a75b-4a7b14939d32.kql
@@ -2,5 +2,6 @@
 // Find Database for MySQL instances that are not zone redundant
 resources
 | where type == "microsoft.dbformysql/flexibleservers"
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | where properties.highAvailability.mode != "ZoneRedundant"
 | project recommendationId = "88856605-53d8-4bbd-a75b-4a7b14939d32", name, id, tags, param1 = "ZoneRedundant: False"
diff --git a/azure-resources/DBforPostgreSQL/flexibleServers/kql/ca87914f-aac4-4783-ab67-82a6f936f194.kql b/azure-resources/DBforPostgreSQL/flexibleServers/kql/ca87914f-aac4-4783-ab67-82a6f936f194.kql
@@ -2,5 +2,6 @@
 // Find Database for PostgreSQL instances that are not zone redundant
 resources
 | where type == "microsoft.dbforpostgresql/flexibleservers"
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | where properties.highAvailability.mode != "ZoneRedundant"
 | project recommendationId = "ca87914f-aac4-4783-ab67-82a6f936f194", name, id, tags, param1 = "ZoneRedundant: False"
diff --git a/azure-resources/NetApp/netAppAccounts/kql/47d100a5-7f85-5742-967a-67eb5081240a.kql b/azure-resources/NetApp/netAppAccounts/kql/47d100a5-7f85-5742-967a-67eb5081240a.kql
@@ -2,6 +2,7 @@
 // This Resource Graph query will return all Azure NetApp Files volumes without an availability zone defined.
 Resources
 | where type =~ "Microsoft.NetApp/netAppAccounts/capacityPools/volumes"
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | where array_length(zones) == 0 or isnull(zones)
 | project recommendationId = "47d100a5-7f85-5742-967a-67eb5081240a", name, id, tags
 
diff --git a/azure-resources/NetApp/netAppAccounts/kql/e3d742e1-dacd-9b48-b6b1-510ec9f87c96.kql b/azure-resources/NetApp/netAppAccounts/kql/e3d742e1-dacd-9b48-b6b1-510ec9f87c96.kql
@@ -1,10 +1,11 @@
 // Azure Resource Graph Query
 // This Resource Graph query will return all Azure NetApp Files volumes without cross-zone replication.
 resources
-| where type == "microsoft.netapp/netappaccounts/capacitypools/volumes"
-| extend remoteVolumeRegion = properties.dataProtection.replication.remoteVolumeRegion
-| extend volumeType = properties.volumeType
-| extend replicationType = iff((remoteVolumeRegion == location), "CZR", iff((remoteVolumeRegion == ""),"n/a","CRR"))
+| where type == "microsoft.netapp/netappaccounts/capacitypools/volumes"
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
+| extend remoteVolumeRegion = properties.dataProtection.replication.remoteVolumeRegion
+| extend volumeType = properties.volumeType
+| extend replicationType = iff((remoteVolumeRegion == location), "CZR", iff((remoteVolumeRegion == ""),"n/a","CRR"))
 | where replicationType != "CZR" and volumeType != "DataProtection"
 | project recommendationId = "e3d742e1-dacd-9b48-b6b1-510ec9f87c96", name, id, tags
 
diff --git a/azure-resources/Network/applicationGateways/kql/c9c00f2a-3888-714b-a72b-b4c9e8fcffb2.kql b/azure-resources/Network/applicationGateways/kql/c9c00f2a-3888-714b-a72b-b4c9e8fcffb2.kql
@@ -2,6 +2,7 @@
 // list Application Gateways that are not configured to use at least 2 Availability Zones
 resources
 | where type =~ "microsoft.network/applicationGateways"
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | where isnull(zones) or array_length(zones) < 2
 | extend zoneValue = iff((isnull(zones)), "null", zones)
 | project recommendationId = "c9c00f2a-3888-714b-a72b-b4c9e8fcffb2", name, id, tags, param1="Zones: No Zone or Zonal", param2=strcat("Zones value: ", zoneValue )

diff --git a/azure-resources/Network/azureFirewalls/kql/c72b7fee-1fa0-5b4b-98e5-54bcae95bb74.kql b/azure-resources/Network/azureFirewalls/kql/c72b7fee-1fa0-5b4b-98e5-54bcae95bb74.kql
@@ -2,6 +2,7 @@
 // List all Azure Firewalls that are not configured with multiple availability zones or deployed without a zone
 resources
 | where type == 'microsoft.network/azurefirewalls'
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | where array_length(zones) <= 1 or isnull(zones)
 | where isempty(properties.virtualHub.id) or isnull(properties.virtualHub.id)
 | project recommendationId = "c72b7fee-1fa0-5b4b-98e5-54bcae95bb74", name, id, tags, param1="multipleZones:false"

diff --git a/azure-resources/Network/loadBalancers/kql/621dbc78-3745-4d32-8eac-9e65b27b7512.kql b/azure-resources/Network/loadBalancers/kql/621dbc78-3745-4d32-8eac-9e65b27b7512.kql
@@ -2,6 +2,7 @@
 // Find all LoadBalancers with with regional or zonal public IP Addresses
 resources
 | where type == "microsoft.network/loadbalancers"
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | where tolower(sku.name) != 'basic'
 | mv-expand feIPconfigs = properties.frontendIPConfigurations
 | extend
@@ -15,6 +16,7 @@ resources
 | project name, feConfigName, id
 | union (resources
     | where type == "microsoft.network/loadbalancers"
+    | where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
     | where tolower(sku.name) != 'basic'
     | mv-expand feIPconfigs = properties.frontendIPConfigurations
     | extend
@@ -25,6 +27,7 @@ resources
     | join kind=innerunique (
         resources
         | where type == "microsoft.network/publicipaddresses"
+        | where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
         | where isnull(zones) or array_length(zones) < 2
         | extend
             LBid = toupper(substring(properties.ipConfiguration.id, 0, indexof(properties.ipConfiguration.id, '/frontendIPConfigurations'))),

diff --git a/azure-resources/Network/publicIPAddresses/kql/c63b81fb-7afc-894c-a840-91bb8a8dcfaf.kql b/azure-resources/Network/publicIPAddresses/kql/c63b81fb-7afc-894c-a840-91bb8a8dcfaf.kql
@@ -2,6 +2,7 @@
 // List public IP addresses that are not Zone-Redundant
 Resources
 | where type =~ "Microsoft.Network/publicIPAddresses" and sku.tier =~ "Regional"
+| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
 | where isempty(zones) or array_length(zones) <= 1
 | extend az = case(isempty(zones), "Non-zonal", array_length(zones) <= 1, strcat("Zonal (", strcat_array(zones, ","), ")"), zones)
 | project recommendationId = "c63b81fb-7afc-894c-a840-91bb8a8dcfaf", name, id, tags, param1 = strcat("sku: ", sku.name), param2 = strcat("availabilityZone: ", az)