wingetCollections
  • Auto
  • Search
  • Awesome Collections
  • Awesome Programs
  • My Favorite Collections
  • My Collections
  • Account / Settings
  • Terms of Service
  • Privacy
  • About

© 2025 winget.ragerworks.com

Loading...
Install Microsoft Azure Quick Review using Winget - wingetCollections
  1. Go back
  2. Packages
  3. Microsoft Azure Quick Review
Microsoft Azure Quick Review logo

Microsoft Azure Quick Review Microsoft Corporation

azqr azure
Use this command to install Microsoft Azure Quick Review:
winget install --id=Microsoft.Azure.QuickReview -e

Azure Quick Review (azqr) is a command-line interface (CLI) tool designed to analyze Azure resources and identify those that may or may not comply with Azure best practices and recommendations. It helps users ensure their Azure environments meet established standards for security, performance, and cost-efficiency.

Key Features:

  • Comprehensive Recommendations: Analyzes resources using three types of recommendations:
    • Azure Resource Graph (ARG) queries from the Azure Proactive Resiliency Library v2 (APRL).
    • Azure Resource Manager (ARM) rules built with the Azure Golang SDK.
    • Orphan resource detection via ARG queries from the Azure Orphan Resources project.
  • Detailed Output: Results are exported to an Excel file containing multiple sheets, including recommendations, impacted resources, resource types, inventory, Azure Advisor insights, Microsoft Defender for Cloud recommendations, and more.
  • Cost Analysis: Includes a detailed breakdown of costs associated with scanned subscriptions over the past three months.
  • Power BI Integration: Generates a Power BI template to visualize scan results, aiding in deeper analysis and reporting.
  • Customizable Output: Supports generating CSV files and offers options to control data obfuscation (e.g., hiding subscription IDs) for enhanced privacy.

Audience & Benefit: Ideal for IT professionals, cloud architects, and DevOps engineers who need to ensure Azure environments adhere to best practices. By using azqr, users can optimize resource configurations, reduce operational costs, enhance security compliance, and improve overall environment resilience.

Available via winget for easy installation on Windows systems.

README

build CodeQL Github All Releases codecov OpenSSF Best Practices Average time to resolve an issue Percentage of issues still open

Azure Quick Review

Open in vscode.dev

Azure Quick Review

Azure Quick Review (azqr) is a powerful command-line interface (CLI) tool that specializes in analyzing Azure resources to ensure compliance with Azure's best practices and recommendations. Its main objective is to offer users a comprehensive overview of their Azure resources, allowing them to easily identify any non-compliant configurations or areas for improvement.

Azure Quick Review Recommendations

Azure Quick Review (azqr) scans your resources with 2 types of recommendations:

  • Azure Resource Graph (ARG) queries provided by the Azure Proactive Resiliency Library v2 (APRL) and the Azure Orphaned Resources (https://github.com/dolevshor/azure-orphan-resources) projects
  • Azure Resource Manager (ARM) rules built with the Azure Golang SDK

To learn more about the recommendations used by Azure Quick Review (azqr), you can refer to the documentation available here.

Scan Results

The output generated by Azure Quick Review (azqr) is written by default to an Excel file, which contains the following sheets:

Versions
2.12.2
2.12.1
2.12.0
2.11.1
2.11.0
2.10.1
2.10.0
2.9.0
2.8.0
2.7.7
show 66 more
Website
github.com
License
Last updated
11/5/2025
Download latest version
  • Recommendations: a list with all recommendations with the number of resources that are impacted. You can use this table as an action plan to improve the compliance of your resources.
  • ImpactedResources: a list with all resources that are impacted. You can use this table to identify resources that have issues that need to be addressed.
  • ResourceTypes: a list of impacted resource types.
  • Inventory: a list of all resources scanned by the tool. Here you'll find details such as SKU, Tier, Kind or calculated SLA.
  • Advisor: a list of recommendations provided by Azure Advisor.
  • Azure Policy: a list of non-compliant resources based on Azure Policy states.
  • Arc SQL: a list of Azure Arc-enabled SQL Server instances with extension installation status, licensing, and feature enablement details.
  • DefenderRecommendations: a list of recommendations provided by Microsoft Defender for Cloud.
  • OutOfScope: a list of resources that were not scanned.
  • Defender: a list of Microsoft Defender for Cloud plans and their tiers.
  • Costs: a list of costs associated with the scanned subscription for the last 3 months.

> By default, Azure Quick Review (azqr) obfuscates the Subscription Ids in the output to ensure the protection of sensitive information and maintain data privacy and security. If you want to display the Subscription Ids without obfuscation, you can use the --mask=false flag when executing the tool.

> Azure Quick Review can also generate an csv files with the same information as the excel. To generate the csv files, you can use the --csv flag when running the tool.

Supported Azure Services

Azure Quick Review (azqr) currently supports the following Azure services:

AbbreviationResource Type
aaMicrosoft.Automation/automationAccounts
adfMicrosoft.DataFactory/factories
afdMicrosoft.Cdn/profiles
afwMicrosoft.Network/azureFirewalls
afwMicrosoft.Network/ipGroups
agwMicrosoft.Network/applicationGateways
aifMicrosoft.CognitiveServices/accounts
aksMicrosoft.ContainerService/managedClusters
amgMicrosoft.Dashboard/grafana
apimMicrosoft.ApiManagement/service
appcsMicrosoft.AppConfiguration/configurationStores
appiMicrosoft.Insights/components
appiMicrosoft.Insights/activityLogAlerts
arcMicrosoft.HybridCompute/machines
asMicrosoft.AnalysisServices/servers
aspMicrosoft.Web/serverFarms
aspMicrosoft.Web/sites
aspMicrosoft.Web/connections
aspMicrosoft.Web/certificates
availMicrosoft.Compute/availabilitySets
avdSpecialized.Workload/AVD
avsMicrosoft.AVS/privateClouds
avsSpecialized.Workload/AVS
baMicrosoft.Batch/batchAccounts
caMicrosoft.App/containerApps
caeMicrosoft.App/managedenvironments
ciMicrosoft.ContainerInstance/containerGroups
conMicrosoft.Network/connections
cosmosMicrosoft.DocumentDB/databaseAccounts
crMicrosoft.ContainerRegistry/registries
dbwMicrosoft.Databricks/workspaces
decMicrosoft.Kusto/clusters
diskMicrosoft.Compute/disks
ercMicrosoft.Network/expressRouteCircuits
ercMicrosoft.Network/ExpressRoutePorts
evgdMicrosoft.EventGrid/domains
evhMicrosoft.EventHub/namespaces
fdfpMicrosoft.Network/frontdoorWebApplicationFirewallPolicies
galMicrosoft.Compute/galleries
hpcSpecialized.Workload/HPC
hubMicrosoft.MachineLearningServices/workspaces
iotMicrosoft.Devices/IotHubs
itMicrosoft.VirtualMachineImages/imageTemplates
kvMicrosoft.KeyVault/vaults
lbMicrosoft.Network/loadBalancers
logMicrosoft.OperationalInsights/workspaces
logicMicrosoft.Logic/workflows
mariaMicrosoft.DBforMariaDB/servers
mariaMicrosoft.DBforMariaDB/servers/databases
mysqlMicrosoft.DBforMySQL/servers
mysqlMicrosoft.DBforMySQL/flexibleServers
netappMicrosoft.NetApp/netAppAccounts
ngMicrosoft.Network/natGateways
nicMicrosoft.Network/networkInterfaces
nsgMicrosoft.Network/networkSecurityGroups
nwMicrosoft.Network/networkWatchers
pdnszMicrosoft.Network/privateDnsZones
pepMicrosoft.Network/privateEndpoints
pipMicrosoft.Network/publicIPAddresses
psqlMicrosoft.DBforPostgreSQL/servers
psqlMicrosoft.DBforPostgreSQL/flexibleServers
redisMicrosoft.Cache/Redis
rgMicrosoft.Resources/resourceGroups
rsvMicrosoft.RecoveryServices/vaults
rtMicrosoft.Network/routeTables
sapSpecialized.Workload/SAP
sbMicrosoft.ServiceBus/namespaces
sigrMicrosoft.SignalRService/SignalR
sqlMicrosoft.Sql/servers
sqlMicrosoft.Sql/servers/databases
sqlMicrosoft.Sql/servers/elasticPools
srchMicrosoft.Search/searchServices
stMicrosoft.Storage/storageAccounts
synwMicrosoft.Synapse/workspaces
synwMicrosoft.Synapse workspaces/bigDataPools
synwMicrosoft.Synapse/workspaces/sqlPools
trafMicrosoft.Network/trafficManagerProfiles
vdpoolMicrosoft.DesktopVirtualization/hostPools
vdpoolMicrosoft.DesktopVirtualization/scalingPlans
vdpoolMicrosoft.DesktopVirtualization/workspaces
vgwMicrosoft.Network/virtualNetworkGateways
vmMicrosoft.Compute/virtualMachines
vmssMicrosoft.Compute/virtualMachineScaleSets
vnetMicrosoft.Network/virtualNetworks
vnetMicrosoft.Network/virtualNetworks/subnets
vwanMicrosoft.Network/virtualWans
wpsMicrosoft.SignalRService/webPubSub

Usage

Install on Linux or Azure Cloud Shell (Bash)

bash -c "$(curl -fsSL https://raw.githubusercontent.com/azure/azqr/main/scripts/install.sh)"

Install on Windows

Use winget:

winget install azqr

or download the executable file:

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/azure/azqr/main/scripts/install.ps1'))

Install on Mac

Use homebrew:

brew install azqr

or download the latest release from here.

Authentication

Azure Quick Review (azqr) supports the following authentication methods:

  • Service Principal. You'll need to set the following environment variables:
    • AZURE_CLIENT_ID
    • AZURE_CLIENT_SECRET
    • AZURE_TENANT_ID
  • Azure Managed Identity
  • Azure CLI (Using this type of authentication will make scans run slower)

Credential Chain Configuration

Azure Quick Review (azqr) uses the Azure SDK's DefaultAzureCredential which automatically selects the most appropriate credential based on your environment. You can customize the credential chain behavior by setting the AZURE_TOKEN_CREDENTIALS environment variable.

Development environments: Set AZURE_TOKEN_CREDENTIALS=dev to use Azure CLI (az) or Azure Developer CLI (azd) credentials.

Production environments: Set AZURE_TOKEN_CREDENTIALS=pros to use environment variables, workload identity, or managed identity credentials.

Authorization

Azure Quick Review (azqr) requires the following permissions:

  • Reader over Subscription or Management Group scope

Cloud Configuration

Azure Quick Review (azqr) supports scanning resources in different Azure cloud environments including Azure Public Cloud, Azure Government, Azure China, and custom cloud configurations.

You can configure the target cloud using environment variables such as AZURE_CLOUD, AZURE_AUTHORITY_HOST, AZURE_RESOURCE_MANAGER_ENDPOINT, and AZURE_RESOURCE_MANAGER_AUDIENCE.

> For detailed cloud configuration options and examples, see the Usage section in the documentation.

Running the Scan

To scan all resources in all subscription run:

./azqr scan

To scan all resources in a specific management group run:

./azqr scan --management-group-id

To scan all resources in a specific subscription run:

./azqr scan -s

To scan a specific resource group in a specific subscription run:

./azqr scan -s  -g

For information on available commands and help run:

./azqr -h

Interactive Dashboard (show command)

You can explore your scan results with a lightweight embedded web UI using the show command. The dashboard supports both Excel and JSON report formats:

  1. Generate a report (Excel or JSON):
# Excel format (default)
./azqr scan -s  --output-name report

# JSON format
./azqr scan -s  --output-name report --json
  1. Launch the dashboard:
# With Excel file
./azqr show -f report.xlsx --open

# With JSON file
./azqr show -f report.json --open

Binary Verification

To verify the authenticity of downloaded binaries, see our Binary Verification Guide.

Filtering Recommendations and more

You can configure Azure Quick Review to include or exclude specific subscriptions or resource groups and also exclude services or recommendations. To do so, create a yaml file with the following format:

azqr:
  include:
    subscriptions:
      -  # format: 
    resourceGroups:
      -  # format: /subscriptions//resourceGroups/
    resourceTypes:
      -  # format: Abbreviation of the resource type. For example: "vm" for "Microsoft.Compute/virtualMachines"
  exclude:
    subscriptions:
      -  # format: 
    resourceGroups:
      -  # format: /subscriptions//resourceGroups/
    services:
      -  # format: /subscriptions//resourceGroups//providers//
    recommendations:
      -  # format:

Then run the scan with the --filters flag:

./azqr scan --filters

> Check the rules to get the recommendation ids.

Troubleshooting

General Issues

If you encounter any issue while using Azure Quick Review (azqr), please set the AZURE_SDK_GO_LOGGING environment variable to all, run the tool with the --debug flag and then share the console output with us by filing a new issue.

Cost Analysis Permission Issues

If you encounter an error related to cost analysis access when running azqr scan, such as:

FTL Failed to query costs error="POST https://management.azure.com/subscriptions/.../providers/Microsoft.CostManagement/query
ERROR CODE: AccountCostDisabled
message: "Access to cost data has been disabled for account admins..."

This occurs when your account has READER permissions but lacks access to cost analysis data. Azure Cost Management requires specific permissions beyond standard READER access.

Solution:

Disable cost scanning by using the -c=false flag:

azqr scan -c=false

This will skip cost analysis and generate a complete report with all other Azure resource recommendations.

Note: Cost analysis provides valuable insights into resource spending over the last 3 months, but it's optional for security and compliance recommendations.

Building Locally

Make sure you have Go 1.23.x or higher installed in your environment. You can set GOROOT= folder and GOPATH= if you want to be specific about where to find Go binary and Go dependencies.

   git clone git@github.com:Azure/azqr.git
   cd azqr
   git submodule init
   git submodule update --recursive
   make

Support

This project uses GitHub Issues to track bugs and feature requests. Before logging an issue please check our troubleshooting guide.

Please search the existing issues before filing new issues to avoid duplicates.

  • For new issues, file your bug or feature request as a new issue.
  • For help, discussion, and support questions about using this project, join or start a discussion.

Support for this project / product is limited to the resources listed above.

Contributors

Thanks to everyone who has contributed!

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct

Trademark Notice

> Trademarks This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft’s Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party’s policies.