Standard run path
Structured quick-reference sections for prerequisites, installation, usage, and troubleshooting.
Prerequisites
- PowerShell 5.1+ or PowerShell Core with Az.Accounts, Az.Resources, Az.ResourceGraph, Az.Compute, and Az.Monitor modules
- Azure authentication (`Connect-AzAccount`) with Reader access to subscriptions and Monitor Reader access for Activity Logs
- Local execution environment with permission to write CSV/HTML reports to the chosen output path
Start conservative
Use a higher day threshold (for example 60+) on the first run to focus on obvious cleanup candidates and validate the report data before expanding the scope.
Key parameters
| Parameter | Purpose | Typical use |
|---|---|---|
| -DaysThreshold | Minimum deallocated days before inclusion (default 30) | Use 60-90 days for conservative first pass |
| -SubscriptionIds | Limits analysis to specific subscriptions | Targeted review for one BU / environment |
| -OutputPath | Sets directory for CSV + HTML reports | Store results in shared audit folder |
| -FastMode | Skips detailed Activity Log lookup for speed | Large estates or quick triage runs |
Standard run path
- 1Run a baseline scan with the default threshold to understand the volume of deallocated VMs.
- 2Re-run with `-DaysThreshold 60` (or higher) to narrow the list to more likely cleanup candidates.
- 3Use `-FastMode` for large environments, then follow up with detailed scans on the highest-cost subscriptions.
- 4Review owner tags and storage footprint before deleting disks or decommissioning resources.
.\\Detect-DeallocatedVMs.ps1.\\Detect-DeallocatedVMs.ps1 -DaysThreshold 60 -SubscriptionIds @("sub1","sub2").\\Detect-DeallocatedVMs.ps1 -FastMode -OutputPath "C:\\Reports\\VM-Deallocation"Outputs and sample results
CSV + HTML report set
The tool produces a CSV for analysis and an HTML summary for sharing with stakeholders.
| Field | Example | Why it matters |
|---|---|---|
| VM Name | dev-api-vm-03 | Identifies the deallocated resource |
| Deallocated Since | 2025-09-14 | Supports aging/cleanup thresholds |
| Est. Monthly Cost | $142.50 | Prioritizes highest savings opportunities |
| Owner | untagged / j.smith | Drives outreach before cleanup |
- Use the CSV for sorting and prioritization, then use the HTML report in review meetings.
Troubleshooting
- If deallocation dates are missing, confirm Monitor Reader access and test a smaller scope without `-FastMode`.
- If output files are not generated, set an explicit `-OutputPath` and verify local write permissions.
- If the run is slow across many subscriptions, use `-SubscriptionIds` to split analysis into batches.
Professional VM Lifecycle Management
Comprehensive analysis and reporting for deallocated Azure VMs with enterprise-grade features
KQL-Powered Discovery
Uses Azure Resource Graph KQL queries for fast, accurate discovery of deallocated VMs across all subscriptions
Intelligent Aging Analysis
Tracks deallocation dates via Activity Logs with smart estimates for VMs without historical data
Owner Detection
Automatically identifies VM owners through tag analysis including IDSApplicationOwner-Symphony patterns
Dual Report Formats
Generates both CSV (for analysis) and HTML (for executive reporting) with comprehensive VM details
Disk Analysis
Analyzes OS and data disk configurations with size estimates for complete storage impact assessment
Performance Modes
Fast Mode for quick scans or Detailed Mode for comprehensive Activity Log analysis
Enterprise Security
Respects Azure RBAC permissions and includes comprehensive error handling for production environments
Real-time Progress
Chef-themed console output with progress tracking and colorful status indicators for engaging analysis
Usage Examples
Real-world scenarios for VM lifecycle management and optimization
Basic Lifecycle Analysis
.\Detect-DeallocatedVMs.ps1Identifies VMs deallocated for 30+ days across all accessible subscriptions with detailed aging analysis and owner detection.
Custom Threshold Analysis
.\Detect-DeallocatedVMs.ps1 -DaysThreshold 60Focuses on VMs deallocated for 60+ days for more conservative lifecycle management and cleanup decisions.
High-Performance Scanning
.\Detect-DeallocatedVMs.ps1 -FastModeOptimized for large environments, skips detailed Activity Log analysis and uses intelligent estimates for faster execution.
Targeted Subscription Analysis
.\Detect-DeallocatedVMs.ps1 -SubscriptionIds @("sub1","sub2")Focuses analysis on specific subscriptions for targeted lifecycle management and compliance reporting.
Technical Specifications
Enterprise-grade PowerShell script with comprehensive VM lifecycle analysis capabilities
Requirements
Windows PowerShell or PowerShell Core for cross-platform execution
Az.Accounts, Az.Resources, Az.ResourceGraph, Az.Compute, Az.Monitor
Interactive login or service principal with appropriate RBAC permissions
Reader access to subscriptions, Monitor Reader for Activity Logs
Local machine execution (no Azure Automation Account required)
Key Parameters
-DaysThresholdMinimum days deallocated before inclusion (default: 30)
-SubscriptionIdsArray of specific subscription IDs to analyze
-OutputPathDirectory for CSV and HTML report output
-FastModeSkip detailed Activity Log analysis for performance
Analysis Features
VM Discovery Engine
- • KQL-powered Azure Resource Graph queries
- • Multi-subscription parallel processing
- • Automatic VM state validation
- • Hardware profile and OS type detection
Aging Analysis
- • Activity Log deallocation date tracking
- • REST API optimization for recent events
- • Intelligent estimates for historical VMs
- • Configurable aging thresholds
Ownership Detection
- • IDSApplicationOwner-Symphony tag priority
- • Multiple owner tag pattern matching
- • Case-insensitive tag key searches
- • Fallback to common ownership patterns
Storage Analysis
- • OS and data disk size calculation
- • VM size-based storage estimates
- • Disk configuration breakdown
- • Total storage impact assessment
Report Outputs
Comprehensive reporting in multiple formats for different stakeholders
CSV Analysis Report
Detailed CSV export optimized for data analysis, filtering, and integration with business intelligence tools.
HTML Executive Report
Professional HTML report with visual summaries, charts, and executive-friendly presentation for stakeholder communication.
Chef's Tips & Best Practices
Professional recommendations for effective VM lifecycle management
Start Conservative
Begin with 60+ day thresholds for initial analysis. Like testing a new recipe with small portions, validate your VM lifecycle policies before implementing aggressive cleanup schedules.
Owner Engagement
Use the owner detection to reach out before cleanup. The script identifies owners through tags, enabling proactive communication about VM lifecycle decisions.
Performance Optimization
Use Fast Mode for large environments (1000+ VMs) to get quick insights. Switch to detailed mode for smaller scopes when precise deallocation dates are critical.
Security Considerations
Ensure proper RBAC permissions before analysis. The script respects Azure security boundaries and will only analyze resources you have access to view.
Regular Monitoring
Schedule monthly analysis to track VM lifecycle trends. Regular monitoring helps identify patterns and optimize your VM management policies over time.
Data Integration
Import CSV reports into Power BI or Excel for advanced analytics. The structured output enables trend analysis and executive dashboards for VM lifecycle management.
Ready to Optimize Your VM Lifecycle?
Download the Azure VM Deallocation Analysis Tool and start identifying optimization opportunities in your Azure environment today. Professional VM lifecycle management made simple.
Sample Output
| VM Name | Resource Group | Deallocated Since | Est. Monthly Cost | Owner |
|---|---|---|---|---|
| dev-api-vm-03 | rg-development | 2025-09-14 | $142.50 | untagged |
| test-db-vm-01 | rg-testing | 2025-07-22 | $287.00 | j.smith |
| staging-web-02 | rg-staging | 2025-11-01 | $98.30 | devops-team |
47 deallocated VMs found · Estimated recoverable spend: $3,420/month
What to do next
Pick the path that fits where you are right now.