Exposing Dark Matter: PowerShell Script to Find All Untagged Resources
I’ve walked into too many “cloud migrations” where the client thinks they’re running lean, only to find $12k a month in “Dark Matter”—resources floating in the periphery with no owner, no tag, and no purpose. If you don’t have a tag, you don’t exist in the eyes of the finance department, yet you’re still on the invoice.
Before you go full “Enforcement Mode” with the Azure Policy snippet we discussed, you need to audit the damage. This script is your flashlight.
The Script: The “Dark Matter” Finder
I wrote this to be lightweight. It doesn’t just look for “missing tags”—it looks for resources where the tag object is null or completely empty.
PowerShell
# Get all subscriptions you have access to
$subs = Get-AzSubscription
$results = foreach ($sub in $subs) {
Set-AzContext -SubscriptionId $sub.Id -Force | Out-Null
Write-Host "Scanning Subscription: $($sub.Name)" -ForegroundColor Cyan
# Fetch resources where tags are null or empty
Get-AzResource | Where-Object { $_.Tags -eq $null -or $_.Tags.Count -eq 0 } | Select-Object `
@{Name="SubscriptionName"; Expression={$sub.Name}},
Name,
ResourceType,
ResourceGroupName,
Location
}
# Output to GridView for quick inspection or CSV for the boss
$results | Out-GridView
$results | Export-Csv -Path "./UntaggedResources_Jan2026.csv" -NoTypeInformation
Write-Host "Audit Complete. Found $($results.Count) untagged resources." -ForegroundColor Yellow
How to Run
- Open Azure Cloud Shell (PowerShell) or your local terminal.
- If local, ensure you’ve run
Connect-AzAccount. - Copy-paste the block.
- Check the
UntaggedResources_Jan2026.csvfile in your root directory.
Decision Framework: Audit vs. Remediation
| Action | When to use | OpEx Cost | Risk Level |
| Manual Audit (This Script) | Initial cleanup phase / Brownfield. | High (Labor intensive). | Zero. |
| Azure Resource Graph | At scale (>100 subscriptions). | Low. | Zero. |
| Auto-Tagging (Policy) | Day 2 Operations / Greenfileld. | Lowest (Automated). | Medium (Logic errors). |
The Financial Reality (OpEx Trap)
Every untagged resource is a leak. In our latest tools portfolio, we emphasize that Deterministic Cloud management requires 100% attribution. If you can’t tell me who owns a Premium SSD v2 disk, that disk should be snapshotted and killed.
I once saw a “hidden” testing environment in East US that sat untagged for 14 months. Total cost? $22,000. That’s not a rounding error; that’s a senior engineer’s bonus.
Additional Resources
Editorial Integrity & Security Protocol
This technical deep-dive adheres to the Rack2Cloud Deterministic Integrity Standard. All benchmarks and security audits are derived from zero-trust validation protocols within our isolated lab environments. No vendor influence.
R.M.
Senior Solutions Architect with 25+ years of experience in HCI, cloud strategy, and data resilience. As the lead behind Rack2Cloud, I focus on lab-verified guidance for complex enterprise transitions. View Credentials →
Get the Playbooks Vendors Won’t Publish
Field-tested blueprints for migration, HCI, sovereign infrastructure, and AI architecture. Real failure-mode analysis. No marketing filler. Delivered weekly.
Select your infrastructure paths. Receive field-tested blueprints direct to your inbox.
- > Virtualization & Migration Physics
- > Cloud Strategy & Egress Math
- > Data Protection & RTO Reality
- > AI Infrastructure & GPU Fabric
Zero spam. Includes The Dispatch weekly drop.
Need Architectural Guidance?
Unbiased infrastructure audit for your migration, cloud strategy, or HCI transition.
>_ Request Triage Session
