Azure Tenant Inventory Tool

Azure Tenant Inventory Tool Version 1.0

Description:

The Azure Tenant Inventory Tool is a read-only, PowerShell-based utility that enumerates and reports on the structure and resources of an Azure environment. The tool provides comprehensive visibility into governance, infrastructure, and identity components across the tenant.

This tool collects and displays information, including:
- Management Group hierarchy
- Subscriptions
- Resource Groups
- Azure Resources (all resource types)
- Virtual Networks and subnets
- Virtual Machines
- Public IP addresses
- Microsoft Entra ID users, groups, and devices

The purpose of this tool is to support:
- Environment discovery
- Audit preparation
- Tenant inventory reporting
- Baseline validation of deployed resources

Execution Model:

The tool is designed to run in Azure Cloud Shell (PowerShell) and does not require local installation. It is distributed as a text file to accommodate environments where execution of unsigned PowerShell scripts is restricted. Users can copy and paste the script directly into Cloud Shell for execution.

Authentication Requirements:

Before running the script, ensure you are authenticated to both Azure and Microsoft Graph.

Azure authentication is required to enumerate subscriptions and resources:
Connect-AzAccount

Microsoft Graph authentication is required to enumerate identity data (users, groups, devices):
Connect-MgGraph -Scopes "User.Read.All","Group.Read.All","Device.Read.All"

Permissions Required:

- Azure Reader role (minimum) at the subscription or tenant level
- Microsoft Graph permissions:
  User.Read.All
  Group.Read.All
  Device.Read.All

How to Run:

1. Open the Azure Portal
2. Launch Cloud Shell (PowerShell)
3. Authenticate to Azure (if not already authenticated):
   Connect-AzAccount
4. Authenticate to Microsoft Graph:
   Connect-MgGraph -Scopes "User.Read.All","Group.Read.All","Device.Read.All"
5. Copy the script below (between SCRIPT START and SCRIPT END)
6. Paste the script into Cloud Shell and press Enter
7. Review the output displayed on screen
8. Download the generated CSV report file if needed

Output:

- The tool displays inventory data directly in the console
- A CSV report file is generated with a timestamped name:
  AzureInventoryReport_YYYYMMDD_HHMMSS.csv

Operational Notes:

- This tool performs read-only operations only
- No changes are made to Azure resources
- The scope of results depends on the permissions of the authenticated user
- Some sections may return limited data if access is restricted