Discovery Mode · Compliance coming soon
Discovery gives you a full inventory snapshot — every resource and its current configuration. Compliance mode, coming soon, will compare against expected baselines and flag drifts and gaps.
READ-ONLY · BROWSER-ONLY · NO INSTALL
Audit your Azure resources
in five minutes flat.
Paste a Cloud Shell token, choose a resource group, and export a structured Excel audit of its resources, configuration, and compliance gaps. No install, no app registration, no write-back to Azure.
Read-only — never writes to Azure
Excel export, mid-audit OK
How it works
Five guided steps. No app to install, no service principal to register, no IT ticket required.
- 01
Get your token
Run one Azure Cloud Shell command and paste the output.
~1 min - 02
Pick subscription
We list every subscription your account can read.
~30 sec - 03
Resource group
Enter the resource group name — we validate and count what's inside.
~30 sec - 04
Choose resources
Grouped by type. Select one, several, or everything.
~1 min - 05
Audit + export
Live results stream in. Export to Excel any time.
1–3 min
Built for security and platform teams
Two audit modes, an Excel-native report format, and zero attack surface in your tenant.
Excel-native output
Reports drop into Excel with proper styling, frozen headers, and conditional formatting. No CSV-to-spreadsheet wrangling for downstream stakeholders.
Zero tenant footprint
No app registration, no service principal, no agent. Authentication uses your existing Azure identity via a short-lived Cloud Shell token.
The core is free. The cloud adds more.
AZCheck Core is a genuinely powerful standalone tool. The cloud product builds a full workflow on top — for teams that need history, scheduling, and collaboration.
Open source
AZCheck Core
github.com/lensory-labs/azcheck-core
✓
Single resource group audit
✓
Generic resource support
–
Specialised resource logic
✓
Discovery Mode
✓
Excel, CSV & JSON export
✓
Live streaming results grid
✓
Azure identity (Cloud Shell token)
–
Compliance audit mode
–
Multiple resource groups
–
Team workspaces & sharing
–
Audit history & diff view
–
Scheduled recurring audits
–
Policy management & baselines
Free, forever
A single HTML file. Download and run from anywhere — no server, no install, no account.
View on GitHub
Cloud product · Early Access
AZCheck
azcheck.dev — hosted, no setup
✓
Single resource group audit
✓
Generic resource support
✓
Specialised resource logic — 15+ resource types (and growing)
✓
Discovery Mode — Live
✓
Excel, CSV & JSON export
✓
Live streaming results grid
✓
Azure identity (Cloud Shell token)
soon
Compliance audit mode
soon
Multiple resource groups
soon
Team workspaces & sharing
soon
Audit history & diff view
soon
Scheduled recurring audits
soon
Policy management & baselines
Free
while in Early Access
✓ No credit card required
✓ A free tier will always exist after launch
✓ Founding users get first access to paid plans
Stay in the loop
Get notified when new features ship
Compliance mode, scheduled audits, team workspaces — drop your email and we'll let you know when they land. No spam, just release notes.
No spam · Just release notes · Unsubscribe any time
✓ You're on the list. We'll be in touch.
The report is the product.
Fully styled workbooks — README, Audit Data, Errors, Summary. Shareable in Teams, attachable to tickets, openable in Excel on day one.
compliance.xlsx · Audit Data
powered by AZCheck · a lensory product
Resource Group
Resource
Type
Setting
Expected
Current
Status
Comments
rg-contoso-web-demo
stcontosowebdemo
Storage/Account
supportsHttpsTrafficOnly
true
true
Pass
rg-contoso-web-demo
stcontosowebdemo
Storage/Account
minimumTlsVersion
TLS1_2
TLS1_2
Pass
rg-contoso-web-demo
stcontosowebdemo
Storage/Account
allowBlobPublicAccess
false
true
Fail
Disable blob public access
rg-contoso-web-demo
kv-contoso-demo
KeyVault/Vault
enableSoftDelete
true
true
Pass
rg-contoso-web-demo
kv-contoso-demo
KeyVault/Vault
enablePurgeProtection
false
N/A
AZCheck v1 · Template v1.0 · 5 of 7 rows
powered by AZCheck · a lensory product
Privacy by design
If your security review asks where the data goes — the honest answer is "nowhere." Here's why.
Token never leaves your browser
Your Azure access token is held in JavaScript memory only — never written to localStorage, never sent to any server other than the official Azure Resource Manager API at management.azure.com.
Read-only by construction
AZCheck is designed to operate read-only and issues only GET requests to Azure Resource Manager. Your Azure RBAC enforces this server-side independently.
No backend, no telemetry
The Excel report is generated client-side using a JavaScript library. Audit results are not sent to AZCheck servers. Closing the tab clears all session data.
Your existing permissions apply
Reader role on the resource group is sufficient. The audit fetches the same configuration data you can already view in the Azure Portal — nothing more, nothing less.
Frequently asked questions
Quick answers to the things security and platform teams usually ask first.
Does this tool write anything to my Azure tenant?
AZCheck is designed to be read-only and issues only GET requests to Azure Resource Manager. Your existing Azure RBAC permissions enforce this independently server-side.
Where is my access token stored?
Your token is kept in browser memory for the duration of the tab — not intentionally persisted to disk or sent to any server other than Azure Resource Manager. Closing the tab clears it.
Do I need to register an Azure app or service principal?
No. You authenticate by pasting an access token from Azure Cloud Shell, which uses your existing identity. Nothing needs to be registered, granted, or installed in your tenant.
What permissions do I need?
Reader role on the resource group you want to audit is sufficient. The audit fetches the same configuration data you can already see in the Azure Portal.
How long does an audit take?
Most resource groups complete in 1–3 minutes. Results stream in live as each resource is fetched, and you can export to Excel at any point — even mid-audit.
What's the difference between AZCheck and AZCheck Core?
AZCheck Core is the open source tool on GitHub — a single HTML file you can download and run from anywhere, free forever. AZCheck at azcheck.dev is the hosted cloud product, currently in Early Access. Both do a complete resource group audit. The hosted product is evolving toward scheduled audits, team workspaces, audit history, and policy management.
What happens when Early Access ends?
There will always be a free tier — that's a commitment, not a footnote. Founding users (people using AZCheck during Early Access) will be offered the best available rate before public pricing is announced. No surprise paywalls, no bait-and-switch.
Run your first Azure audit now.
No install, no sign-up, no app registration. Or grab the open source version and run it yourself.