
In the context of increasingly complex and distributed cloud environments, visibility over resources becomes a fundamental requirement to ensure governance, security, and compliance. In Microsoft Azure, the wide range of services and the dynamic nature of the infrastructure often make it difficult to maintain an up-to-date, consistent, and easily accessible inventory of active resources. Please see Linux System Update: Upgrade vs. Dist-upgrade Differences, and How to Find the Pathname of a Mapped Network Drive.
In this scenario, Azure Resource Inventory (ARI) comes into play: an open-source project by Microsoft designed to simplify the collection and analysis of Azure resource inventory. The tool allows you to quickly extract a detailed snapshot of your cloud tenant with minimal effort, generating reports that can be exported in Excel format. This approach makes the data immediately usable even for non-technical stakeholders, facilitating audit activities, governance, cost control, and resource sprawl analysis.
The project is publicly available on GitHub and represents a practical starting point for those who want to implement inventory and governance processes without introducing additional architectural complexity: Microsoft ARI repository.
ARI is particularly useful for system engineers and cloud architects who require a centralized view of the infrastructure, supporting compliance scenarios, cost optimization, and resource lifecycle management.
Overall, the tool fits effectively into Azure operational management processes, improving control and transparency across the entire cloud tenant.
Special thanks to Cloudio-Merola Commits · microsoft/ARI for making the project available and sharing it on GitHub, contributing to the growth of the community and the availability of useful tooling. You can download Azure Resource Inventory (ARI) from here.
Please see Azure Load Balancer: Configuring for SQL Server Always On Availability Group Listener on Azure Virtual Machines, Hub Transport Server: Resolving ‘Failed to Reach Running Status’, and Enable Virtualization in Windows: Fixing VirtualBox’s 32-bit Option.
Key Features
Comprehensive Azure Resource Inventory: Generate a detailed inventory of Azure resources across your tenant and subscriptions, providing a complete overview of your cloud environment.
Professional Excel Reporting: Automatically create well-structured Excel reports with resources categorized by type, making analysis, auditing, and documentation straightforward.
Interactive Network Visualization: Build visual topology diagrams that help illustrate resource relationships and network connectivity within the Azure environment.
Integrated Security Insights: Optionally include data from Microsoft Defender for Cloud (formerly Azure Security Center) to provide additional visibility into security recommendations and posture.
Cross-Platform Compatibility: Run ARI seamlessly on Windows, Linux, macOS, and Azure Cloud Shell, allowing flexibility regardless of the administration platform.
Automation-Friendly Design: Supports unattended execution and can be integrated with Azure Automation Accounts and other automation frameworks for scheduled reporting.
Read-Only and Non-Intrusive Operation: ARI performs only read-only operations against Azure resources, ensuring no configuration changes or impact on the environment during inventory collection.
Please see Domain Name System Protocol: Client Registration Issue, how to fix VMware and HyperV are not compatible, and What are the different types of DNS Records.
Prerequisites
Below are the prerequistes needed to proceed with Azure Resource Inventory (ARI).
- PowerShell 7.0+ (required)
- Azure Account with read access to resources you want to inventory
- Administrator privileges during script execution (for module installation)
From the Azure portal, navigate to Virtual Machines and select an available Windows VM from the list. Connect to the virtual machine using Remote Desktop Protocol (RDP) and sign in with an account that has administrative privileges.
Once logged in, open Windows Terminal or PowerShell by selecting Run as Administrator. This environment will be used to install and run Azure Resource Inventory (ARI) and execute the required inventory collection commands.


Please see Azure Virtual Desktop: Build Custom Session Host Images Using Image Builder Templates [Part 07], and Veeam Agent for Windows: VSS Error Caused by Old SQL Server References.
ARI Installation
The following commands install Azure Resource Inventory (ARI) directly from the PowerShell Gallery and load the module into the current PowerShell session.
1: Install the Azure Resource Inventory (ARI) module from the PowerShell Gallery
Install-Module -Name AzureResourceInventory
2: Import the module into the current PowerShell session
Import-Module AzureResourceInventory
3: Launch ARI with default settings and start the inventory collection
Basic Usage Examples
Run ARI against a specific Azure tenant. Use the Tenant ID to scope the inventory collection to a specific Azure tenant.
Invoke-ARI -TenantID <Azure-Tenant-ID>
Run ARI against a specific subscription. Limit the inventory collection to a single Azure subscription within the tenant.
Invoke-ARI -TenantID <Azure-Tenant-ID> -SubscriptionID <Subscription-ID>
Include Azure resource tags in the inventory report. Generate the inventory report including all resource tags, which can be useful for governance, cost allocation, and operational analysis.
Invoke-ARI -TenantID <Azure-Tenant-ID> -IncludeTags
Recommended Command
For a complete inventory that includes resource tags, run:
Invoke-ARI -TenantID <Azure-Tenant-ID> -IncludeTags
This command generates a comprehensive inventory report for all accessible subscriptions within the specified tenant and includes Azure resource tags in the output.
Scope to specific subscription:
Invoke-ARI -TenantID <Azure-Tenant-ID> -SubscriptionID <Subscription-ID>
Invoke-ARI -TenantID xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -SubscriptionID aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa,-SkipAdvisory -SkipDiagram -SkipPolicy -IncludeTags
Important: During execution, the script prompts for authentication and redirects the user to the Microsoft Entra ID sign-in page. Once authentication is completed successfully, the script resumes automatically and proceeds with the Azure inventory discovery and report generation activities.

Output Files
At the end of the execution, ARI generates two output files:
- Excel Report (.xlsx) – A comprehensive inventory of Azure resources, organized into multiple worksheets and categorized by resource type. This report can be used for documentation, auditing, governance, and operational reviews.
- Network Diagram (.html) – An interactive visualization of the Azure environment that illustrates resource relationships, connectivity, and topology. The diagram can be opened directly in a web browser for easy navigation and analysis.
Note: If the
-SkipDiagramparameter is used, the network topology diagram will not be generated. Similarly, other output sections may vary depending on the parameters specified when running the command.



Parameters Reference
ARI provides a rich set of parameters that allow you to customize the scope of the inventory, authentication method, report content, and output format according to your requirements.
| Parameter | Description | Usage |
|---|---|---|
| Core Parameters | ||
| TenantID | Specify the tenant ID for inventory | -TenantID <ID> |
| SubscriptionID | Specify subscription(s) to inventory | -SubscriptionID <ID> |
| ResourceGroup | Limit inventory to specific resource group(s) | -ResourceGroup <NAME> |
| Authentication | ||
| AppId | Application ID for service principal auth | -AppId <ID> |
| Secret | Secret for service principal authentication | -Secret <VALUE> |
| CertificatePath | Certificate path for service principal | -CertificatePath <PATH> |
| DeviceLogin | Use device login authentication | -DeviceLogin |
| Scope Control | ||
| ManagementGroup | Inventory all subscriptions in management group | -ManagementGroup <ID> |
| TagKey | Filter resources by tag key | -TagKey <NAME> |
| TagValue | Filter resources by tag value | -TagValue <NAME> |
| Content Options | ||
| SecurityCenter | Include Security Center data | -SecurityCenter |
| IncludeTags | Include resource tags | -IncludeTags |
| SkipPolicy | Skip Azure Policy collection | -SkipPolicy |
| SkipVMDetails | Skip Azure VM Extra Details collection | -SkipVMDetails |
| SkipAdvisory | Skip Azure Advisory collection | -SkipAdvisory |
| IncludeCosts | Includes Azure Cost details for the Subscriptions (Requires the module Az.CostManagement) | -IncludeCosts |
| SkipVMDetails | Skip extra details for the VM Families (Quota, vCPUs and memory) | -SkipVMDetails |
| Output Options | ||
| ReportName | Custom report filename | -ReportName <NAME> |
| ReportDir | Custom directory for report | -ReportDir "<Path>" |
| Lite | Use lightweight Excel generation (no charts) | -Lite |
| Diagram Options | ||
| SkipDiagram | Skip diagram creation | -SkipDiagram |
| DiagramFullEnvironment | Include all network components in diagram | -DiagramFullEnvironment |
| Other Options | ||
| Debug | Run in debug mode | -Debug |
| NoAutoUpdate | Skip the auto update of the ARI Module | -NoAutoUpdate |
| AzureEnvironment | Specify Azure cloud environment | -AzureEnvironment <NAME> |
| Automation | Run using Automation Account | -Automation |
| StorageAccount | Storage account for automation output | -StorageAccount <NAME> |
| StorageContainer | Storage container for automation output | -StorageContainer <NAME> |
Please see Azure Virtual Desktop: Autoscaling Implementing and Monitoring Session Hosts [Part 05], and how to implement Azure Private Link for Azure Virtual Desktop [Part 06].
Conclusion
The Azure Resource Inventory (ARI) execution completed successfully and generated both the inventory report and the corresponding topology diagram.
The Excel report provides a detailed inventory of the Azure environment, including virtual machine configurations, operating system details, disk types and sizes, monitoring settings, update management configuration, boot diagnostics status, Azure Monitor integration, and resource tags.
This structured output enables administrators to perform infrastructure reviews, governance assessments, compliance checks, and capacity planning activities from a single source of truth.
The topology diagram offers a graphical representation of the environment, highlighting the relationships between on-premises infrastructure and Azure resources.
Network components, virtual machines, gateways, application services, and security elements are displayed in an easy-to-navigate format, making it simpler to understand resource dependencies and overall architecture. As shown in the execution summary, ARI analyzed:
- 864 Azure resources
- 524 resources documented in the Excel report
- 279 Azure Advisor recommendations
- 4 Azure Policies
The generated artifacts provide both a technical and visual overview of the Azure estate, enabling infrastructure teams to quickly assess resource deployment, identify optimization opportunities, review security recommendations, and maintain up-to-date documentation of the environment.
Overall, ARI represents an effective and non-intrusive solution for Azure discovery and documentation, producing comprehensive reporting that supports operational management, governance, migration assessments, and cloud optimization initiatives.
I hope you found this article on “Azure Resource Inventory (ARI) for Engineers: Improving Control and Compliance” very useful. Please feel free to leave a comment below.