The Challenge: Lost in the Azure Cloud
Managing a large-scale Azure environment is like owning a massive property with hundreds of buildings – you need to know what’s happening in each one. But unlike physical buildings where you can walk around and check things, cloud resources are virtual, distributed, and often configured by different teams with varying standards.
One of the most common questions I hear from enterprise customers is deceptively simple:
Where is all our Azure monitoring data going?
It sounds basic, but in environments with hundreds or thousands of resources spread across multiple subscriptions, the answer is rarely straightforward. You might have some resources sending logs to Log Analytics Workspace A, others sending metrics to Storage Account B, a few critical services streaming events to Event Hub C, and many resources with no diagnostic settings configured at all.
This diagnostic configuration sprawl creates blind spots in your monitoring strategy and can lead to compliance issues, security vulnerabilities, and operational inefficiencies.
The Solution: Azure Diagnostic Settings Scanner
After facing this challenge repeatedly, I built a PowerShell-based solution that scans your entire Azure environment and creates a comprehensive report of all your diagnostic settings. Think of it as a “Find My Data” app for your Azure resources.
The tool, which I’m sharing today, scans all Azure resources across your subscriptions, maps where diagnostic data is flowing (Log Analytics, Storage Accounts, Event Hubs), identifies resources missing diagnostic settings, and generates a detailed Excel report with summary statistics and visualizations.
How It Works
The scanner uses Azure Resource Graph to query resources across your environment, then checks each resource for its diagnostic settings configuration. It’s designed to be efficient and respectful of API limits, using parallel processing to speed up the scan while maintaining reliability.
An important feature of the tool is its resource type blacklist functionality. Not all Azure resource types support diagnostic settings, and querying these unsupported resources would waste time and potentially generate errors. The script uses a JSON-based blacklist file that contains known resource types that don’t support diagnostic settings. This list is continuously evolving as Azure services change, so you can easily update it when you discover new resource types that should be excluded.
Here’s a simplified view of what happens when you run the script: You connect to your Azure environment and the tool queries all subscriptions you have access to. For each subscription, it scans all resources (filtering out those that don’t support diagnostic settings), checks each resource’s diagnostic configuration, and finally compiles the results into a comprehensive report.
The Report: Your Azure Diagnostic Settings Map
- Summary Dashboard
- This tab gives you the big picture view of your environment. You’ll see the total number of resources scanned and what percentage have diagnostic settings properly configured. The summary also shows you how many resources are sending data to each destination type and provides a detailed breakdown by resource type so you can quickly identify gaps in your monitoring coverage.
- This tab gives you the big picture view of your environment. You’ll see the total number of resources scanned and what percentage have diagnostic settings properly configured. The summary also shows you how many resources are sending data to each destination type and provides a detailed breakdown by resource type so you can quickly identify gaps in your monitoring coverage.
- Data Flow Summary
- The Data Flow Summary tab acts as your monitoring data map. It shows exactly where your data is going by listing which Log Analytics workspaces are collecting data (and from which resources), which Storage Accounts are receiving diagnostic logs, and which Event Hubs are being used for streaming. This view is particularly valuable for understanding your monitoring architecture at a glance.
- Detailed Resource View
- For those who need the details, the third tab provides a complete inventory of every resource and its diagnostic configuration. This granular view is perfect for auditing purposes or for planning remediation efforts.
Real-World Impact
After running this tool in several enterprise environments, I’ve seen it help teams in numerous ways. One customer discovered they were using 12 different Log Analytics workspaces when they only needed 3, allowing them to consolidate their monitoring and reduce complexity. Another organization found critical resources with no diagnostic logging enabled, helping them close significant security gaps. Teams have also used the insights to optimize costs by identifying redundant data collection and unnecessary storage, and to improve compliance by ensuring all required resources had appropriate logging enabled.
Getting Started
Ready to find your Azure data? Here’s how to get started:
Prerequisites
- You’ll need PowerShell 7.0 or higher, the Az PowerShell modules installed, Reader access to the Azure subscriptions you want to scan, and Microsoft Excel to view the final report.
Download (Premium Members Only)
Conclusion
If you’ve ever felt like those guys in “Dude, Where’s My Car?” wandering around trying to find your Azure diagnostic data, this tool is your GPS. It maps out your entire monitoring landscape, helping you understand where your data is going (or not going).
Managing Azure at scale requires visibility, and this scanner provides exactly that for your diagnostic settings. Give it a try and let me know in the comments how it works for your environment!
