mondoohq · tas50 · Mar 16, 2026 · Mar 16, 2026
diff --git a/providers/azure/resources/advisor.go b/providers/azure/resources/advisor.go
@@ -64,20 +64,22 @@ func (a *mqlAzureSubscriptionAdvisorService) recommendations() ([]any, error) {
 				return nil, err
 			}
 			args := map[string]*llx.RawData{
-				"id":                   llx.StringDataPtr(r.ID),
-				"name":                 llx.StringDataPtr(r.Name),
-				"type":                 llx.StringDataPtr(r.Type),
-				"category":             llx.StringDataPtr((*string)(r.Properties.Category)),
-				"impact":               llx.StringDataPtr((*string)(r.Properties.Impact)),
-				"risk":                 llx.StringDataPtr((*string)(r.Properties.Risk)),
-				"properties":           llx.DictData(props),
-				"impactedResourceType": llx.StringDataPtr(r.Properties.ImpactedField),
-				"impactedResource":     llx.StringDataPtr(r.Properties.ImpactedValue),
+				"id":         llx.StringDataPtr(r.ID),
+				"name":       llx.StringDataPtr(r.Name),
+				"type":       llx.StringDataPtr(r.Type),
+				"properties": llx.DictData(props),
 			}
-			if r.Properties.ShortDescription != nil {
-				// the 'Description' field in the API response is always empty, use the short description instead
-				args["description"] = llx.StringDataPtr(r.Properties.ShortDescription.Problem)
-				args["remediation"] = llx.StringDataPtr(r.Properties.ShortDescription.Solution)
+			if r.Properties != nil {
+				args["category"] = llx.StringDataPtr((*string)(r.Properties.Category))
+				args["impact"] = llx.StringDataPtr((*string)(r.Properties.Impact))
+				args["risk"] = llx.StringDataPtr((*string)(r.Properties.Risk))
+				args["impactedResourceType"] = llx.StringDataPtr(r.Properties.ImpactedField)
+				args["impactedResource"] = llx.StringDataPtr(r.Properties.ImpactedValue)
+				if r.Properties.ShortDescription != nil {
+					// the 'Description' field in the API response is always empty, use the short description instead
+					args["description"] = llx.StringDataPtr(r.Properties.ShortDescription.Problem)
+					args["remediation"] = llx.StringDataPtr(r.Properties.ShortDescription.Solution)
+				}
 			}
 			mqlRecomm, err := CreateResource(a.MqlRuntime, "azure.subscription.advisorService.recommendation", args)
 			if err != nil {

diff --git a/providers/azure/resources/aks.go b/providers/azure/resources/aks.go
@@ -90,6 +90,13 @@ func (a *mqlAzureSubscriptionAksServiceClusterAutoUpgradeProfile) id() (string,
 	return a.Id.Data, nil
 }
 
+func aksPowerState(entry *clusters.ManagedCluster) *llx.RawData {
+	if entry.Properties != nil && entry.Properties.PowerState != nil {
+		return llx.StringDataPtr((*string)(entry.Properties.PowerState.Code))
+	}
+	return llx.NilData
+}
+
 func (a *mqlAzureSubscriptionAksService) clusters() ([]any, error) {
 	conn := a.MqlRuntime.Connection.(*connection.AzureConnection)
 	ctx := context.Background()
@@ -211,7 +218,7 @@ func (a *mqlAzureSubscriptionAksService) clusters() ([]any, error) {
 				}
 				aadRes, err := CreateResource(a.MqlRuntime, "azure.subscription.aksService.cluster.aadProfile",
 					map[string]*llx.RawData{
-						"id":                  llx.StringData(*entry.ID + "/aadProfile"),
+						"id":                  llx.StringData(convert.ToValue(entry.ID) + "/aadProfile"),
 						"managed":             llx.BoolDataPtr(aadP.Managed),
 						"enableAzureRBAC":     llx.BoolDataPtr(aadP.EnableAzureRBAC),
 						"adminGroupObjectIDs": llx.ArrayData(adminGroupObjectIDs, types.String),
@@ -228,7 +235,7 @@ func (a *mqlAzureSubscriptionAksService) clusters() ([]any, error) {
 				aup := entry.Properties.AutoUpgradeProfile
 				autoUpgradeRes, err := CreateResource(a.MqlRuntime, "azure.subscription.aksService.cluster.autoUpgradeProfile",
 					map[string]*llx.RawData{
-						"id":                   llx.StringData(*entry.ID + "/autoUpgradeProfile"),
+						"id":                   llx.StringData(convert.ToValue(entry.ID) + "/autoUpgradeProfile"),
 						"upgradeChannel":       llx.StringDataPtr((*string)(aup.UpgradeChannel)),
 						"nodeOSUpgradeChannel": llx.StringDataPtr((*string)(aup.NodeOSUpgradeChannel)),
 					})
@@ -247,7 +254,7 @@ func (a *mqlAzureSubscriptionAksService) clusters() ([]any, error) {
 					"provisioningState":              llx.StringDataPtr(entry.Properties.ProvisioningState),
 					"createdAt":                      llx.TimeDataPtr(createdAt),
 					"nodeResourceGroup":              llx.StringDataPtr(entry.Properties.NodeResourceGroup),
-					"powerState":                     llx.StringDataPtr((*string)(entry.Properties.PowerState.Code)),
+					"powerState":                     aksPowerState(entry),
 					"tags":                           llx.MapData(convert.PtrMapStrToInterface(entry.Tags), types.String),
 					"rbacEnabled":                    llx.BoolDataPtr(entry.Properties.EnableRBAC),
 					"dnsPrefix":                      llx.StringDataPtr(entry.Properties.DNSPrefix),

diff --git a/providers/azure/resources/cloud_defender.go b/providers/azure/resources/cloud_defender.go
@@ -456,8 +456,10 @@ func (a *mqlAzureSubscriptionCloudDefenderService) monitoringAgentAutoProvision(
 	if err != nil {
 		return false, err
 	}
-	autoProvision := *setting.Properties.AutoProvision
-	return autoProvision == security.AutoProvisionOn, nil
+	if setting.Properties == nil || setting.Properties.AutoProvision == nil {
+		return false, nil
+	}
+	return *setting.Properties.AutoProvision == security.AutoProvisionOn, nil
 }
 
 func (a *mqlAzureSubscriptionCloudDefenderService) defenderForContainers() (any, error) {
@@ -522,19 +524,21 @@ func (a *mqlAzureSubscriptionCloudDefenderService) defenderForContainers() (any,
 	}
 
 	enabled := false
-	if containersPricing.Properties.PricingTier != nil {
+	if containersPricing.Properties != nil && containersPricing.Properties.PricingTier != nil {
 		enabled = *containersPricing.Properties.PricingTier == security.PricingTierStandard
 	}
 	extensions := []extension{}
-	for _, ext := range containersPricing.Properties.Extensions {
-		if ext.IsEnabled == nil || ext.Name == nil {
-			continue
-		}
-		e := false
-		if *ext.IsEnabled == security.IsEnabledTrue {
-			e = true
+	if containersPricing.Properties != nil {
+		for _, ext := range containersPricing.Properties.Extensions {
+			if ext.IsEnabled == nil || ext.Name == nil {
+				continue
+			}
+			e := false
+			if *ext.IsEnabled == security.IsEnabledTrue {
+				e = true
+			}
+			extensions = append(extensions, extension{Name: *ext.Name, IsEnabled: e})
 		}
-		extensions = append(extensions, extension{Name: *ext.Name, IsEnabled: e})
 	}
 
 	def := defenderForContainers{

diff --git a/providers/azure/resources/compute.go b/providers/azure/resources/compute.go
@@ -526,9 +526,15 @@ func (a *mqlAzureSubscriptionComputeServiceVm) publicIpAddresses() ([]any, error
 			return nil, err
 		}
 
+		if networkInterface.Interface.Properties == nil {
+			continue
+		}
 		for _, config := range networkInterface.Interface.Properties.IPConfigurations {
+			if config.Properties == nil {
+				continue
+			}
 			ip := config.Properties.PublicIPAddress
-			if ip != nil {
+			if ip != nil && ip.ID != nil {
 				publicIPID := *ip.ID
 				publicIpResource, err := ParseResourceID(publicIPID)
 				if err != nil {

diff --git a/providers/azure/resources/iam.go b/providers/azure/resources/iam.go
@@ -71,28 +71,34 @@ func (a *mqlAzureSubscriptionAuthorizationService) roles() ([]any, error) {
 			return nil, err
 		}
 		for _, roleDef := range page.Value {
-			roleType := convert.ToValue(roleDef.Properties.RoleType)
+			var roleType string
 			scopes := []any{}
-			for _, s := range roleDef.Properties.AssignableScopes {
-				if s != nil {
-					scopes = append(scopes, *s)
-				}
-			}
 			permissions := []any{}
-			for idx, p := range roleDef.Properties.Permissions {
-				id := fmt.Sprintf("%s/azure.subscription.authorizationService.roleDefinition.permission/%d", *roleDef.ID, idx)
-				permission, err := newMqlRolePermission(a.MqlRuntime, id, p)
-				if err != nil {
-					return nil, err
+			var roleName, description *string
+			if roleDef.Properties != nil {
+				roleType = convert.ToValue(roleDef.Properties.RoleType)
+				roleName = roleDef.Properties.RoleName
+				description = roleDef.Properties.Description
+				for _, s := range roleDef.Properties.AssignableScopes {
+					if s != nil {
+						scopes = append(scopes, *s)
+					}
+				}
+				for idx, p := range roleDef.Properties.Permissions {
+					id := fmt.Sprintf("%s/azure.subscription.authorizationService.roleDefinition.permission/%d", convert.ToValue(roleDef.ID), idx)
+					permission, err := newMqlRolePermission(a.MqlRuntime, id, p)
+					if err != nil {
+						return nil, err
+					}
+					permissions = append(permissions, permission)
 				}
-				permissions = append(permissions, permission)
 			}
 			mqlRoleDefinition, err := CreateResource(a.MqlRuntime, "azure.subscription.authorizationService.roleDefinition",
 				map[string]*llx.RawData{
 					"__id":        llx.StringDataPtr(roleDef.ID),
 					"id":          llx.StringDataPtr(roleDef.ID),
-					"name":        llx.StringDataPtr(roleDef.Properties.RoleName),
-					"description": llx.StringDataPtr(roleDef.Properties.Description),
+					"name":        llx.StringDataPtr(roleName),
+					"description": llx.StringDataPtr(description),
 					"type":        llx.StringData(roleType),
 					"scopes":      llx.ArrayData(scopes, types.String),
 					"permissions": llx.ArrayData(permissions, types.ResourceLike),

diff --git a/providers/azure/resources/monitor.go b/providers/azure/resources/monitor.go
@@ -242,30 +242,34 @@ func (a *mqlAzureSubscriptionMonitorServiceActivityLog) alerts() ([]any, error)
 			actions := []mqlAlertAction{}
 			conditions := []mqlAlertCondition{}
 
-			for _, act := range entry.Properties.Actions.ActionGroups {
-				mqlAction := mqlAlertAction{
-					ActionGroupId:     convert.ToValue(act.ActionGroupID),
-					WebhookProperties: convert.PtrMapStrToStr(act.WebhookProperties),
+			if entry.Properties != nil && entry.Properties.Actions != nil {
+				for _, act := range entry.Properties.Actions.ActionGroups {
+					mqlAction := mqlAlertAction{
+						ActionGroupId:     convert.ToValue(act.ActionGroupID),
+						WebhookProperties: convert.PtrMapStrToStr(act.WebhookProperties),
+					}
+					actions = append(actions, mqlAction)
 				}
-				actions = append(actions, mqlAction)
 			}
-			for _, cond := range entry.Properties.Condition.AllOf {
-				anyOf := []mqlAlertLeafCondition{}
-				for _, leaf := range cond.AnyOf {
-					mqlAnyOfLeaf := mqlAlertLeafCondition{
-						FieldName:   convert.ToValue(leaf.Field),
-						Equals:      convert.ToValue(leaf.Equals),
-						ContainsAny: convert.SliceStrPtrToStr(leaf.ContainsAny),
+			if entry.Properties != nil && entry.Properties.Condition != nil {
+				for _, cond := range entry.Properties.Condition.AllOf {
+					anyOf := []mqlAlertLeafCondition{}
+					for _, leaf := range cond.AnyOf {
+						mqlAnyOfLeaf := mqlAlertLeafCondition{
+							FieldName:   convert.ToValue(leaf.Field),
+							Equals:      convert.ToValue(leaf.Equals),
+							ContainsAny: convert.SliceStrPtrToStr(leaf.ContainsAny),
+						}
+						anyOf = append(anyOf, mqlAnyOfLeaf)
 					}
-					anyOf = append(anyOf, mqlAnyOfLeaf)
-				}
-				mqlCondition := mqlAlertCondition{
-					FieldName:   convert.ToValue(cond.Field),
-					Equals:      convert.ToValue(cond.Equals),
-					ContainsAny: convert.SliceStrPtrToStr(cond.ContainsAny),
-					AnyOf:       anyOf,
+					mqlCondition := mqlAlertCondition{
+						FieldName:   convert.ToValue(cond.Field),
+						Equals:      convert.ToValue(cond.Equals),
+						ContainsAny: convert.SliceStrPtrToStr(cond.ContainsAny),
+						AnyOf:       anyOf,
+					}
+					conditions = append(conditions, mqlCondition)
 				}
-				conditions = append(conditions, mqlCondition)
 			}
 
 			actionsDict := []any{}