Exposing Dark Matter: PowerShell Script to Find All Untagged Resources
This technical deep-dive has passed the Rack2Cloud 3-Stage Vetting Process: Lab-Validated, Peer-Challenged, and Document-Anchored. No vendor marketing influence. See our Editorial Guidelines.
I’ve walked into too many “cloud migrations” where the client thinks they’re running lean, only to find $12k a month in “Dark Matter”—resources floating in the periphery with no owner, no tag, and no purpose. If you don’t have a tag, you don’t exist in the eyes of the finance department, yet you’re still on the invoice.
Before you go full “Enforcement Mode” with the Azure Policy snippet we discussed, you need to audit the damage. This script is your flashlight.
Key Takeaways
- Total Visibility: Scans across all subscriptions in your current context.
- CSV Export: Generates a clean audit trail for stakeholders.
- FinOps Ready: Identifies the “Unknowns” that plague your TCO models.
The Script: The “Dark Matter” Finder
I wrote this to be lightweight. It doesn’t just look for “missing tags”—it looks for resources where the tag object is null or completely empty.
PowerShell
# Get all subscriptions you have access to
$subs = Get-AzSubscription
$results = foreach ($sub in $subs) {
Set-AzContext -SubscriptionId $sub.Id -Force | Out-Null
Write-Host "Scanning Subscription: $($sub.Name)" -ForegroundColor Cyan
# Fetch resources where tags are null or empty
Get-AzResource | Where-Object { $_.Tags -eq $null -or $_.Tags.Count -eq 0 } | Select-Object `
@{Name="SubscriptionName"; Expression={$sub.Name}},
Name,
ResourceType,
ResourceGroupName,
Location
}
# Output to GridView for quick inspection or CSV for the boss
$results | Out-GridView
$results | Export-Csv -Path "./UntaggedResources_Jan2026.csv" -NoTypeInformation
Write-Host "Audit Complete. Found $($results.Count) untagged resources." -ForegroundColor Yellow
How to Run
- Open Azure Cloud Shell (PowerShell) or your local terminal.
- If local, ensure you’ve run
Connect-AzAccount. - Copy-paste the block.
- Check the
UntaggedResources_Jan2026.csvfile in your root directory.
Decision Framework: Audit vs. Remediation
| Action | When to use | OpEx Cost | Risk Level |
| Manual Audit (This Script) | Initial cleanup phase / Brownfield. | High (Labor intensive). | Zero. |
| Azure Resource Graph | At scale (>100 subscriptions). | Low. | Zero. |
| Auto-Tagging (Policy) | Day 2 Operations / Greenfileld. | Lowest (Automated). | Medium (Logic errors). |
The Financial Reality (OpEx Trap)
Every untagged resource is a leak. In our latest tools portfolio, we emphasize that Deterministic Cloud management requires 100% attribution. If you can’t tell me who owns a Premium SSD v2 disk, that disk should be snapshotted and killed.
I once saw a “hidden” testing environment in East US that sat untagged for 14 months. Total cost? $22,000. That’s not a rounding error; that’s a senior engineer’s bonus.
Additional Resources
R.M.
Senior Solutions Architect with 25+ years of experience in HCI, cloud strategy, and data resilience. As the lead behind Rack2Cloud, I focus on lab-verified guidance for complex enterprise transitions. View Credentials →
This architectural deep-dive contains affiliate links to hardware and software tools validated in our lab. If you make a purchase through these links, we may earn a commission at no additional cost to you. This support allows us to maintain our independent testing environment and continue producing ad-free strategic research. See our Full Policy.
