Update 4/7/2020: To align with best practices, I’m looking into the possibility of adding support for grabbing secret information from an Azure KeyVault as opposed to having it stored directly in the script.

Welcome to my first Azure post!  Within a few weeks at the new job, I was asked by management if it was possible to have a report generated on a routine schedule listing all resources in Azure currently untagged so they could be addressed accordingly.  The DevOps team at my current employer is charged with overseeing security and governance amongst other things, so this felt like a great opportunity to use PowerShell and Azure Automation.

Using Azure Automation, I set up a PowerShell runbook to retrieve the various subscriptions under the tenant, gather resources that aren’t tagged, and send an email via the Sendgrid service. Using source control allows us to keep the script easily up to date and publish as soon as changes are made.

• The script can be found here.
• See Azure Automation for more details.
• See source control integration for more details.
• Send Email Using SendGrid with Azure.

I hope this helps anyone else who may be faced with a similar challenge.

Cheers!