Skip to content

TechDirectArchive

Hands-on IT, Cloud, Security, Veeam & DevOps

  • Home
  • About
  • Advertise With US
  • Contact
  • Reviews
  • Toggle search form

Azure Resource Inventory (ARI) for Engineers: Improving Control and Compliance

Posted on 05/07/202605/07/2026 Link State By Link State No Comments on Azure Resource Inventory (ARI) for Engineers: Improving Control and Compliance
  1. Home
  2. AWS/Azure/OpenShift
  3. Azure Resource Inventory (ARI) for Engineers: Improving Control and Compliance

In the context of increasingly complex and distributed cloud environments, visibility over resources becomes a fundamental requirement to ensure governance, security, and compliance. In Microsoft Azure, the wide range of services and the dynamic nature of the infrastructure often make it difficult to maintain an up-to-date, consistent, and easily accessible inventory of active resources. Please see Linux System Update: Upgrade vs. Dist-upgrade Differences, and How to Find the Pathname of a Mapped Network Drive.

In this scenario, Azure Resource Inventory (ARI) comes into play: an open-source project by Microsoft designed to simplify the collection and analysis of Azure resource inventory. The tool allows you to quickly extract a detailed snapshot of your cloud tenant with minimal effort, generating reports that can be exported in Excel format. This approach makes the data immediately usable even for non-technical stakeholders, facilitating audit activities, governance, cost control, and resource sprawl analysis.

The project is publicly available on GitHub and represents a practical starting point for those who want to implement inventory and governance processes without introducing additional architectural complexity: Microsoft ARI repository.

ARI is particularly useful for system engineers and cloud architects who require a centralized view of the infrastructure, supporting compliance scenarios, cost optimization, and resource lifecycle management.

Overall, the tool fits effectively into Azure operational management processes, improving control and transparency across the entire cloud tenant.

Special thanks to Cloudio-Merola Commits · microsoft/ARI  for making the project available and sharing it on GitHub, contributing to the growth of the community and the availability of useful tooling. You can download Azure Resource Inventory (ARI) from here.

Please see Azure Load Balancer: Configuring for SQL Server Always On Availability Group Listener on Azure Virtual Machines, Hub Transport Server: Resolving ‘Failed to Reach Running Status’, and Enable Virtualization in Windows: Fixing VirtualBox’s 32-bit Option.

Key Features

Comprehensive Azure Resource Inventory: Generate a detailed inventory of Azure resources across your tenant and subscriptions, providing a complete overview of your cloud environment.

Professional Excel Reporting: Automatically create well-structured Excel reports with resources categorized by type, making analysis, auditing, and documentation straightforward.

Interactive Network Visualization: Build visual topology diagrams that help illustrate resource relationships and network connectivity within the Azure environment.

Integrated Security Insights: Optionally include data from Microsoft Defender for Cloud (formerly Azure Security Center) to provide additional visibility into security recommendations and posture.

Cross-Platform Compatibility: Run ARI seamlessly on Windows, Linux, macOS, and Azure Cloud Shell, allowing flexibility regardless of the administration platform.

Automation-Friendly Design: Supports unattended execution and can be integrated with Azure Automation Accounts and other automation frameworks for scheduled reporting.

Read-Only and Non-Intrusive Operation: ARI performs only read-only operations against Azure resources, ensuring no configuration changes or impact on the environment during inventory collection.

Please see Domain Name System Protocol: Client Registration Issue, how to fix VMware and HyperV are not compatible, and What are the different types of DNS Records.

Prerequisites

Below are the prerequistes needed to proceed with Azure Resource Inventory (ARI).

  • PowerShell 7.0+ (required)
  • Azure Account with read access to resources you want to inventory
  • Administrator privileges during script execution (for module installation)

From the Azure portal, navigate to Virtual Machines and select an available Windows VM from the list. Connect to the virtual machine using Remote Desktop Protocol (RDP) and sign in with an account that has administrative privileges.

Once logged in, open Windows Terminal or PowerShell by selecting Run as Administrator. This environment will be used to install and run Azure Resource Inventory (ARI) and execute the required inventory collection commands.

Please see Azure Virtual Desktop: Build Custom Session Host Images Using Image Builder Templates [Part 07], and Veeam Agent for Windows: VSS Error Caused by Old SQL Server References.

ARI Installation

The following commands install Azure Resource Inventory (ARI) directly from the PowerShell Gallery and load the module into the current PowerShell session.

1: Install the Azure Resource Inventory (ARI) module from the PowerShell Gallery

Install-Module -Name AzureResourceInventory

2: Import the module into the current PowerShell session

Import-Module AzureResourceInventory

3: Launch ARI with default settings and start the inventory collection

Basic Usage Examples

Run ARI against a specific Azure tenant. Use the Tenant ID to scope the inventory collection to a specific Azure tenant.

Invoke-ARI -TenantID <Azure-Tenant-ID>

Run ARI against a specific subscription. Limit the inventory collection to a single Azure subscription within the tenant.

Invoke-ARI -TenantID <Azure-Tenant-ID> -SubscriptionID <Subscription-ID>

Include Azure resource tags in the inventory report. Generate the inventory report including all resource tags, which can be useful for governance, cost allocation, and operational analysis.

Invoke-ARI -TenantID <Azure-Tenant-ID> -IncludeTags

Recommended Command

For a complete inventory that includes resource tags, run:

Invoke-ARI -TenantID <Azure-Tenant-ID> -IncludeTags

This command generates a comprehensive inventory report for all accessible subscriptions within the specified tenant and includes Azure resource tags in the output.

Scope to specific subscription:

Invoke-ARI -TenantID <Azure-Tenant-ID> -SubscriptionID <Subscription-ID>
Invoke-ARI -TenantID xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -SubscriptionID aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa,-SkipAdvisory -SkipDiagram -SkipPolicy -IncludeTags

Important: During execution, the script prompts for authentication and redirects the user to the Microsoft Entra ID sign-in page. Once authentication is completed successfully, the script resumes automatically and proceeds with the Azure inventory discovery and report generation activities.

Output Files

At the end of the execution, ARI generates two output files:

  • Excel Report (.xlsx) – A comprehensive inventory of Azure resources, organized into multiple worksheets and categorized by resource type. This report can be used for documentation, auditing, governance, and operational reviews.
  • Network Diagram (.html) – An interactive visualization of the Azure environment that illustrates resource relationships, connectivity, and topology. The diagram can be opened directly in a web browser for easy navigation and analysis.

Note: If the -SkipDiagram parameter is used, the network topology diagram will not be generated. Similarly, other output sections may vary depending on the parameters specified when running the command.

Parameters Reference

ARI provides a rich set of parameters that allow you to customize the scope of the inventory, authentication method, report content, and output format according to your requirements.

ParameterDescriptionUsage
Core Parameters
TenantIDSpecify the tenant ID for inventory-TenantID <ID>
SubscriptionIDSpecify subscription(s) to inventory-SubscriptionID <ID>
ResourceGroupLimit inventory to specific resource group(s)-ResourceGroup <NAME>
Authentication
AppIdApplication ID for service principal auth-AppId <ID>
SecretSecret for service principal authentication-Secret <VALUE>
CertificatePathCertificate path for service principal-CertificatePath <PATH>
DeviceLoginUse device login authentication-DeviceLogin
Scope Control
ManagementGroupInventory all subscriptions in management group-ManagementGroup <ID>
TagKeyFilter resources by tag key-TagKey <NAME>
TagValueFilter resources by tag value-TagValue <NAME>
Content Options
SecurityCenterInclude Security Center data-SecurityCenter
IncludeTagsInclude resource tags-IncludeTags
SkipPolicySkip Azure Policy collection-SkipPolicy
SkipVMDetailsSkip Azure VM Extra Details collection-SkipVMDetails
SkipAdvisorySkip Azure Advisory collection-SkipAdvisory
IncludeCostsIncludes Azure Cost details for the Subscriptions (Requires the module Az.CostManagement)-IncludeCosts
SkipVMDetailsSkip extra details for the VM Families (Quota, vCPUs and memory)-SkipVMDetails
Output Options
ReportNameCustom report filename-ReportName <NAME>
ReportDirCustom directory for report-ReportDir "<Path>"
LiteUse lightweight Excel generation (no charts)-Lite
Diagram Options
SkipDiagramSkip diagram creation-SkipDiagram
DiagramFullEnvironmentInclude all network components in diagram-DiagramFullEnvironment
Other Options
DebugRun in debug mode-Debug
NoAutoUpdateSkip the auto update of the ARI Module-NoAutoUpdate
AzureEnvironmentSpecify Azure cloud environment-AzureEnvironment <NAME>
AutomationRun using Automation Account-Automation
StorageAccountStorage account for automation output-StorageAccount <NAME>
StorageContainerStorage container for automation output-StorageContainer <NAME>

Please see Azure Virtual Desktop: Autoscaling Implementing and Monitoring Session Hosts [Part 05], and how to implement Azure Private Link for Azure Virtual Desktop [Part 06].

Conclusion

The Azure Resource Inventory (ARI) execution completed successfully and generated both the inventory report and the corresponding topology diagram.

The Excel report provides a detailed inventory of the Azure environment, including virtual machine configurations, operating system details, disk types and sizes, monitoring settings, update management configuration, boot diagnostics status, Azure Monitor integration, and resource tags.

This structured output enables administrators to perform infrastructure reviews, governance assessments, compliance checks, and capacity planning activities from a single source of truth.

The topology diagram offers a graphical representation of the environment, highlighting the relationships between on-premises infrastructure and Azure resources.

Network components, virtual machines, gateways, application services, and security elements are displayed in an easy-to-navigate format, making it simpler to understand resource dependencies and overall architecture. As shown in the execution summary, ARI analyzed:

  • 864 Azure resources
  • 524 resources documented in the Excel report
  • 279 Azure Advisor recommendations
  • 4 Azure Policies

The generated artifacts provide both a technical and visual overview of the Azure estate, enabling infrastructure teams to quickly assess resource deployment, identify optimization opportunities, review security recommendations, and maintain up-to-date documentation of the environment.

Overall, ARI represents an effective and non-intrusive solution for Azure discovery and documentation, producing comprehensive reporting that supports operational management, governance, migration assessments, and cloud optimization initiatives.

I hope you found this article on “Azure Resource Inventory (ARI) for Engineers: Improving Control and Compliance” very useful. Please feel free to leave a comment below.

5/5 - (1 vote)

Thank you for reading this post. Kindly share it with others.

  • Share on X (Opens in new window) X
  • Share on Reddit (Opens in new window) Reddit
  • Share on LinkedIn (Opens in new window) LinkedIn
  • Share on Facebook (Opens in new window) Facebook
  • Share on Pinterest (Opens in new window) Pinterest
  • Share on Tumblr (Opens in new window) Tumblr
  • Share on Telegram (Opens in new window) Telegram
  • Share on WhatsApp (Opens in new window) WhatsApp
  • Share on Mastodon (Opens in new window) Mastodon
  • Share on Bluesky (Opens in new window) Bluesky
  • Share on Threads (Opens in new window) Threads
  • Share on Nextdoor (Opens in new window) Nextdoor
AWS/Azure/OpenShift Tags:Azure asset inventory management Azure, Azure engineering compliance monitoring, Azure governance and resource inventory, Azure infrastructure inventory automation, Azure management and compliance tools, Azure operational governance best practices, Azure resource documentation and reporting, Azure Resource Inventory ARI, Azure Resource Inventory compliance reporting, Azure Resource Inventory for engineers, Azure Resource Inventory implementation, Azure resource visibility and auditing, Azure subscription resource discovery, Azure tenant resource inventory

Post navigation

Previous Post: Azure Load Balancer: Configuring for SQL Server Always On Availability Group Listener on Azure Virtual Machines

Related Posts

  • Continuous Deployment Pipeline Using AWS CodePipeline
    Setup a Continuous Deployment Pipeline with AWS CodePipeline AWS/Azure/OpenShift
  • Azure SASE
    [AZURE] Security Service Edge (SSE) and Microsoft Entra ID AWS/Azure/OpenShift
  • maxresdefault 2 6
    How to create an AMI from the Command line AWS/Azure/OpenShift
  • Azure VMware Solution Private Cloud
    How To Deploy Azure VMware Solution Private Cloud AWS/Azure/OpenShift
  • Generate SSH Keys
    Associate SSH Public key with Azure Linux VM AWS/Azure/OpenShift
  • Azure Backup For AKS
    How to protect Azure Kubernetes Service (AKS) with Azure Backup AWS/Azure/OpenShift

More Related Articles

Continuous Deployment Pipeline Using AWS CodePipeline Setup a Continuous Deployment Pipeline with AWS CodePipeline AWS/Azure/OpenShift
Azure SASE [AZURE] Security Service Edge (SSE) and Microsoft Entra ID AWS/Azure/OpenShift
maxresdefault 2 6 How to create an AMI from the Command line AWS/Azure/OpenShift
Azure VMware Solution Private Cloud How To Deploy Azure VMware Solution Private Cloud AWS/Azure/OpenShift
Generate SSH Keys Associate SSH Public key with Azure Linux VM AWS/Azure/OpenShift
Azure Backup For AKS How to protect Azure Kubernetes Service (AKS) with Azure Backup AWS/Azure/OpenShift

Leave a Reply Cancel reply

You must be logged in to post a comment.

Microsoft MVP

VEEAMLEGEND

vexpert-badge-stars-5

Virtual Background

GoogleNews

Categories

veeaam100

Veeam Vanguard

  • Veeam App for Splunk setup
    Install Splunk and Veeam App on Windows Server to monitor VBR Backup
  • windows update 03
    How to target WSUS clients with the registry keys Windows Server
  • rrd
    How to uninstall the DriveLock Agent from your device Security | Vulnerability Scans and Assessment
  • banner 1
    How to Export and remove Passwords in Firefox Backup
  • Screenshot 2020 05 19 at 02.57.10
    Create Central Store for Group Policy Administrative Templates Windows Server
  • Ec2 Instance
    How to create an EC2 Instance AWS/Azure/OpenShift
  • speedtest
    How to set up a self-hosted speed test server on Ubuntu Linux Linux
  • Object first ootbi
    How to update Object First OOTBI Cluster Storage

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,785 other subscribers
  • RSS - Posts
  • RSS - Comments
  • About
  • Authors
  • Write for us
  • Advertise with us
  • General Terms and Conditions
  • Privacy policy
  • Feedly
  • Telegram
  • Youtube
  • Facebook
  • Instagram
  • LinkedIn
  • Tumblr
  • Pinterest
  • Twitter
  • mastodon

Tags

Active Directory Azure Bitlocker Microsoft Windows PowerShell WDS Windows 10 Windows 11 Windows Deployment Services Windows Server 2016

Copyright © 2025 TechDirectArchive

Loading Comments...

You must be logged in to post a comment.