Method 1 - Using OAuth

  • Updated on Mar 30, 2026
  • Published on Feb 9, 2026
  • 2 minute(s) read
Prev Next

Note

  • Users executing the commands should have minimum access to the Contributor Role in case of built-in roles.

  • If the user executing the script has a custom role then the user should be having below permissions

"permissions": [
      {
        "actions": [
          "Microsoft.Authorization/denyAssignments/read",
          "Microsoft.Authorization/locks/read",
          "Microsoft.Authorization/roleAssignments/read",
          "Microsoft.Authorization/roleDefinitions/read",
          "Microsoft.Compute/disks/read",
          "Microsoft.Compute/virtualMachineScaleSets/read",
          "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read",   "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommand/action",
          "Microsoft.Compute/virtualMachines/extensions/delete",
          "Microsoft.Compute/virtualMachines/extensions/read",
          "Microsoft.Compute/virtualMachines/extensions/write",
          "Microsoft.Compute/virtualMachines/instanceView/read",
          "Microsoft.Compute/virtualMachines/read",
          "Microsoft.Compute/virtualMachines/runCommand/action",
          "Microsoft.Compute/virtualMachines/write",
          "Microsoft.CostManagement/query/read",
          "Microsoft.Insights/DataCollectionRuleAssociations/Delete",
          "Microsoft.Insights/DataCollectionRuleAssociations/Read",
          "Microsoft.Insights/DataCollectionRuleAssociations/Write",
          "Microsoft.Insights/DataCollectionRules/Delete",
          "Microsoft.Insights/DataCollectionRules/Read",
          "Microsoft.Insights/DataCollectionRules/Write",
          "Microsoft.Insights/Logs/Read",
          "Microsoft.Insights/MetricBaselines/Read",
          "Microsoft.Insights/MetricDefinitions/Read",
          "Microsoft.Insights/Metricnamespaces/Read",
          "Microsoft.Insights/Metrics/Read",
          "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action",
          "Microsoft.OperationalInsights/workspaces/delete",
          "Microsoft.OperationalInsights/workspaces/query/InsightsMetrics/read",
          "Microsoft.OperationalInsights/workspaces/query/read",
          "Microsoft.OperationalInsights/workspaces/read",
          "Microsoft.OperationalInsights/workspaces/sharedKeys/action",
          "Microsoft.OperationalInsights/workspaces/write",
          "Microsoft.OperationsManagement/managementAssociations/delete",
          "Microsoft.OperationsManagement/managementAssociations/read",
          "Microsoft.OperationsManagement/managementAssociations/write",
          "Microsoft.OperationsManagement/managementConfigurations/delete",
          "Microsoft.OperationsManagement/managementConfigurations/read",
          "Microsoft.OperationsManagement/managementConfigurations/write",
          "Microsoft.OperationsManagement/register/action",
          "Microsoft.OperationsManagement/solutions/delete",
          "Microsoft.OperationsManagement/solutions/read",
          "Microsoft.OperationsManagement/solutions/write",
          "Microsoft.Resources/deployments/delete",
          "Microsoft.Resources/deployments/operations/read",
          "Microsoft.Resources/deployments/operationstatuses/read",
          "Microsoft.Resources/deployments/read",
          "Microsoft.Resources/deployments/write",
          "Microsoft.Resources/subscriptions/resourceGroups/read"
        ],
        "dataActions": [],
        "notActions": [],
        "notDataActions": []
      }
    ]

  • If executing the command in Windows please ensure that curl is installed.

    Windows 10 has ‘cURL’ installed by default.

Steps to execute the Assessment tool

The ‘Assessment Tool’ can be run on any instance, whether a virtual machine or a developer laptop. In order to run the Assessment tool:

Step 1

On Windows Machine:

  1. If curl is installed or if you are using Windows 10 (Windows 10 has curl installed by default), run the following command.

    curl https://audittool.s3.ap-south-1.amazonaws.com/script/run.bat --output 
run.bat && run.bat -oauth yes -t <tenant-id> -i <comma separated subscription-ids>

    If the above command is used please skip steps B, C, and D.

    If curl is not installed, please download the ‘.exe’ manually using the link. Please delete all the old azure.exe before downloading the new one.

    If the above process of downloading is used, continue to follow steps B, C, D

  2. Open command prompt

  3. Go to the directory containing azure.exe

  4. Enter the following command to run the tool

    .\azure.exe -oauth yes -t <tenant-id> -i <comma separated subscription-ids>

On Linux Terminal:

Run the following command

curl https://audittool.s3.ap-south-1.amazonaws.com/script/run.sh --output run.sh && 
/bin/bash run.sh -oauth yes -t <tenant-id> -i <comma separated subscription-ids>

Step 2

It will ask the user to sign in. Please sign in using the login credentials.

Step 3

After the completion of the Assessment tool execution, please do share the zip file with us, which will have a naming convention as report-<date> <time> .zip. The zip file has the CSV files with all the storage metrics collected.

Related articles