Reducing Azure Cost
Every article you find about reducing Azure cost will invariably mention ensuring any unused (especially PAYG) resources are identified and shut down/deleted. However very few actually will tell you “HOW” to do this. eG Enterprise has added new functionality to enable you to identify unused, wasted and orphaned Azure resources and services without the need to resort to hacking up KQL queries or PowerShell scripts.
There are many obvious steps to reduce Azure costs and improve the quality of user experience when using services such as AVD (Azure Virtual Desktop):
- Shut down Azure VMs when not in use.
- Delete virtual disks that aren’t needed – Unused disks might be hanging around after you’ve migrated or made backups, so you’ll want to ensure you delete these so you’re not still paying for the storage space.
- Delete superfluous old Azure VM snapshots.
- Use resources in a local region to reduce latency.
Azure Advisor is a service that can help advise as to whether your Azure deployments have wastage and unused resources. It is however limited in the information it supplies and users are required to regularly and manually investigate an Azure blade GUI. We’ve covered in a previous article how eG Enterprise can automate monitoring alerts from Azure Advisor into the IT system without bespoke scripting, see: What is Azure Advisor? | eG Innovations.
In this article I’ll cover how eG Enterprise now automatically gathers and collates data beyond Azure Advisor to identify the specific details of wasted resources that are increasing Azure costs without benefit. When unused VM’s are identified the administrator will not only be proactively alerted but also have full access to the specifics of each VM, their live and historical usage, service history and so on from which to take action.
The Challenge
Azure infrastructure is extremely powerful, you can create a service on the click of a button and make it available to your users in a few seconds. In my experience, I have seen many customers frequently using Pay-As-You-Go (PAYG) subscriptions. They can spin up Azure Compute (VM) instances in Azure for small projects and Proof-Of-Concepts (POCs). In large organizations, it is possible that the team of developers created a service, but the team or owner is replaced (or leaves), and a new team creates a new service with their new design. For example, you can find virtual machines that were used before for hosting a web site but replaced by Azure App service now. In many other scenarios, you may also find Azure virtual machines that are no longer in use. These VMs may also have affiliated storage accounts for data storage and public IP address for their external access.
Without a proper access and management controls in place, orphaned and unused services remain in Azure, and you will be charged indefinitely. Moreover, these services can increase the attack surface for malicious operators to target your organization and pose a security risk.
Every organization needs to regularly inspect azure subscriptions or resource groups by process, identify and validate any resources that are no longer in use and delete all such resources that unnecessarily impact your Azure costs or security. Efficient cost management has become one of the top priorities for Azure customers since the presence of orphaned and unused services contributes to the overall Azure bill in many organizations.
Azure Advisor Recommendations
Azure Advisor is a service that will highlight to an extent whether you there are potential cost savings available to you, we’ve covered the types of recommendation it can make in a previous article. These recommendations will tell you that you have unused VMs but don’t quite go as far as identifying which specific VMs could be shut down or deleted.
What does Azure Portal Offer Today to Solve this Problem?
Azure Compute service (VM) and Azure Virtual Desktops (AVD) are some of the most popular services offered by Azure. Suppose that you want to identify VMs that are being wasted in your tenant. The VMs could span many subscriptions or resource groups in the tenant. It is possible that there could be 100’s of unused VMs that are powered on and consuming services like public IP Addresses, Managed disks, Network cards, Load Balancers, etc. It is very difficult to identify powered on VMs that are using lesser than 10% CPU utilization or less than 1% disk activity or less than 1% Network activity for more than a month.
There are guides to manually using the Azure Portal GUI to assess wastage, see Finding Unused Resources Impacting Azure Costs (sqlshack.com).
Similarly, it is not possible to find Azure Storage Accounts that have not been used for long time. These services all add to your Azure bill every month and without proactive action you could be pay these unnecessary costs to Microsoft indefinitely.
Identifying Unused Resources using Native Tools
There is some advice available on both the official Microsoft support site and forums and also community self-help portals on how to identify unused resources. Unfortunately, since Azure does not provide a blade to identify log hanging VMs, orphaned and unused services in a tenant, these solutions do require significant manual or scripting skills and investment. Many solutions rely on the knowledge to write KQL (Kusto Query Language) queries – you can write your KQL queries or copy some of the queries from GitHub repositories and find orphaned and unused services in a tenant. PowerShell cmdlets are another possible option. If you are considering this DIY (Do-It-Yourself) route, it is worth evaluating the effort involved, see:
- Finding unused Resources and Resource groups in a Subscription – Microsoft Q&A
- Monitor unused resources – Microsoft Q&A (includes an example to identify an unattached Azure managed disk)
- Find Orphaned Azure Resources – with Azure Resource Graph (cloudsma.com) (leverage Azure Resource Graph and KQL)
- Find Orphaned Azure Resources (techielass.com)
- Find and delete unattached Azure managed and unmanaged disks – Azure Virtual Machines | Microsoft Docs
- Find unused storage accounts in Azure highlights some of the caveats associated with trying to infer if storage is unused – i.e. files that might still be getting accessed but not modified
An Out-of-the-box Alternative: eG Enterprise Helps Reduce Azure Cost
eG Enterprise continually monitors your Azure tenant. eG Enterprise proactively identifies unused VMs, orphaned and unused services lying in your subscription and provides you actionable insights (highlighting the resource name, resource group name, etc). After a careful validation, you can delete these resources and reduce the Azure cost.
eG Enterprise helps you to identify the following unused resources
- Unused managed disks
- Unused network interfaces (NICs)
- Unused availability sets
- Unused Public IP Addresses (IPs)
- Unused network security groups
- Unused resource groups
- Unused route tables
- Unused load balancers
- Unused app service plans
- Virtual networks without subnets
- Traffic manager profiles without endpoints
- Disabled traffic manager profiles
- Old VM snapshots
Within eG Enterprise you will find a dedicated set of metrics regarding Azure Wastage.
For each wasted resource clicking on the detailed diagnosis icon (the magnifying glass to the right) will bring up the details of those wasted resources. In this case there are 20 unused disks to be investigated.
Traceable Decision by Process
Alerts in eG Enterprise are traceable and full ITSM service desk tool integrations are available with a wide range of help and service desk titles including JIRA, ServiceNow, Autotask and more, allowing an administrator to raise a ticket against identified resource wastage rather than letting an issue languish in Azure Advisor. This ensures that decisions to delete or remove seemingly unused resources does not impact others without proper review. The decision to delete an used disk in a development Kubernetes deployment can rightly be assigned and made by that team.
Sometimes there are business reasons beyond costs or information “unknown” to Azure Advisor that means resources are deliberately left up unused or in a different region than would be optimal for pure cost considerations. eG Enterprise alerts include a full knowledge base history allowing alerts to be closed without action and the reasons for decisions closed so the whole organization can understand and the process is transparent. You can learn more about using the fix history and knowledge base in this short video: Creating a Knowledge Base with Fix History – YouTube.
Reduce Issues, Reduce Azure Cost
The new Azure resource wastage features within eG Enterprise will help you reduce raw infrastructure especially PAYG costs in Azure but significant savings are available from the broader product features that ensure issues are proactively identified and MTTR (Mean time to resolution) is minimized with minimal manual effort. Slow logons and logon slowdowns and failures become easier to manage, see: Troubleshoot Slow Azure Virtual Desktop Logons (eginnovations.com). Costly manual setup of alerts and metric thresholds for Azure Monitor are avoided, see: Azure Virtual Desktop Monitoring – Azure Monitor Costs and Setup.
Beyond unused resources, eG Enterprise includes monitoring, reporting and capacity tools designed to identify under-utilized resources, over-provisioned resources, badly chosen choices of VM instance etc. – for capacity planning and resource optimization both short and long term.
If you’d like to try out eG Enterprise on your own Azure deployments, there is a free out-of-the-box SaaS based trial available. Investigate how much wastage there is in in your own deployment and evaluate the benefit of proactive alerting on Azure Billing and Advisor recommendations for yourself. You can sign up for the eG Enterprise free trial here.
eG Enterprise is an Observability solution for Modern IT. Monitor digital workspaces,
web applications, SaaS services, cloud and containers from a single pane of glass.
Learn More
- Azure Monitoring using eG Enterprise
- Azure Advisor – automate your alerting and processing of Azure Advisor recommendations to ensure recommendations are never missed and cost, performance and security best practices are adhered to
- How to Reduce Azure Log Analytics Costs – quick tips to reduce your native Azure monitoring costs
- Learn about common Azure Virtual Desktop mistakes including those that increase costs unnecessarily: 3 Azure Virtual Desktop (AVD) mistakes when remote working (htg.co.uk)
- 5 quick ways to reduce the costs of AVD: Azure virtual desktop pricing: 5 ways you can save money (htg.co.uk)
- Learn about scripting and automating remediation within eG Enterprise: “Extending and Integrating the Monitoring System with Automation and Scripting”
- Azure AVD (Azure Virtual Desktops) Monitoring
- An Overview of Azure Active Directory (Azure AD) – 101,
- How to monitor and audit Azure AD Users – reduce costs and improve security by ensuring user accounts are fully managed
- More on monitoring Azure AD: Monitoring and Alerting on Azure AD App Client Secret and Certificate Expirations, Azure AD Audit Logs, Azure AD Monitoring
- Learn about scripting and automating remediation within eG Enterprise: “Extending and Integrating the Monitoring System with Automation and Scripting”
- Other technologies supported by eG Enterprise