Azure cost optimization checklist

Storage
❑ Delocalized storage accounts
Prefer LRS (locally redundant storage) to other replication options. (GRS—georedundant storage—is the default
in the Azure portal, but it isn’t generally a requirement).
❑ Idle storage accounts
Consider deleting storage accounts with no read or write activity for 30+ days (make sure they aren’t being used
for backup/archiving).
❑ Access tiers
Make sure you’re using the appropriate access tier. Hot storage costs more for storage operations, but less per
‘read’ operation; the opposite is true for cold storage. There’s also an Archive tier.
❑ Old VHD snapshots
Clean up unusable snapshots.
❑ Old managed disk snapshots
Clean up unusable snapshots.
❑ Detached VHD disks
Consider deleting unmanaged VHD disks that aren’t attached to a virtual machine. These are often left behind
after an incomplete VM deletion.
❑ Detached managed disks
Consider deleting managed disks that aren’t attached to a virtual machine.
❑ Premium managed disk snapshots
Always use standard disks for snapshots.
Databases
❑ Inactive databases
Consider downscaling or deleting databases that have very little or no DTU activity.
❑ Idle Azure Cosmos DB account
Consider deleting accounts that haven’t had any total Request Unit (RU) activity in the past 30 days.
❑ Azure SQL Database elastic pools
Consider joining multiple databases that have varying and unpredictable usage demands.
❑ Azure SQL Database reserved capacity
Save on SQL Database compute costs by buying reserved vCores for 1 or 3 years.
❑ Azure SQL Data Warehouse reserved capacity
Save on SQL Data Warehouse costs by buying reserved capacity for 1 or 3 years.
❑ Azure Cosmos DB reserved capacity
Save on Cosmos DB by buying reserved throughput capacity for 1 or 3 years.
❑ Azure Databricks reserved capacity
Save on Azure Databricks costs by pre-purchasing DBUs for 1 or 3 years.
App Service
❑ Idle services
Consider deleting App Services with unused or idle applications.
❑ Empty services
Consider deleting App Service Plans that are empty and have no applications, sites or jobs associated to it.
❑ Oversized services
Consider downscaling any App Service Plan that stays lower than 50% utilization.
❑ Isolated App Services
Save on App Services Isolated stamp fees by buying a 3-year reserved instance.
Virtual machines
❑ Stopped virtual machines
Ensure shutdown virtual machines are in the Stopped (Deallocated) state, otherwise they’ll continue to accrue costs
(even if they aren’t running).
❑ Intermittent activity
Workloads with typically low usage and occasional peaks in CPU activity (such as web servers or development build
environments) are good candidates for the economical burstable B-series VMs.
❑ Clean up after virtual machine deletion
Deleting a VM doesn’t delete related resources. Make sure to also get rid of the attached disk and public IP address.
❑ Virtual machine reserved instances
Save on virtual machine costs by buying reserved instances for 1 or 3 years.
Networking
❑ Unconnected virtual network gateways
Delete unnecessary gateways that don’t have any connections.
❑ Connected virtual network gateways with no traffic
Monitor connected gateways to ensure traffic is flowing in.
❑ Unused public IP addresses
Consider deleting public IP addresses that are not attached to a virtual machine network interface, an internet-facing
load balancer, a VPN gateway, or an application gateway
Monitoring
Keep an especially close eye on the following to avoid unexpected cost spikes, and consider
replacing them with more cost-effective options whenever possible.
❑ Redis Cache
❑ Cosmos DB
❑ Service Bus
❑ API management service
❑ Azure IoT
❑ Any service that’s ingestion-base (volume) : App Insights, Analytics, Logs
❑ Egress bandwidth costs (out of Azure datacenters)
❑ Number of indexes defined in Azure Search (the more you have, the more it’ll cost you)
❑ Application Insights
Even if it’s high, always set a daily cap for your Application Insights, and consider sampling to reduce the amount of data
ingested. (free 500MB/day)
Management
❑ Subscription type
Take advantage of the Pay-As-You-Go (0023P) or Enterprise (0138P) Dev/Test offers to save up to 55% on non-
production workloads. Also look at Azure-in-Open for the best rate in market.
Tips and best practices for optimizing Azure
❑ Architecture, provisioning and design
1. Prefer virtual machine scale sets over individual VMs for similar workloads; they offer several benefits on the
management front
2. Plan from the start for redundancy, backup and disaster recovery
3. When provisioning compute, target a higher SKU at first, then downscale, to ensure the destination cluster stamp
support that size/pricing plan
4. Disposable environments are hard to achieve and often leave behind orphaned resources
5. Make sure the VM size and family you need are available in your target region
6. Use a messaging approach (queues, messages, web jobs/serverless) to prevent monoliths
7. Use Logic App to enable a richer notification and alerting experience
8. Prefer resource sharing over individual resources if isolation is not required
9. Use dev/test labs for development teams
10. A good tagging convention is more important and more valuable than a strict naming convention
11. Use infrastructure-as-code (IaC) instead of creating resources manually— this will also help self-document your
infrastructure
12. When you scale up/out compute, set a reminder or an autoscale rule to
make sure it gets downscaled/scaled in
13. Review App Service deployment slots. These are in fact collocated resources in your App Service Plan and could
impact the performance of other environments.
14. Split ARM templates into smaller pieces to facilitate the development feedback loop (this helps you deploy only what
is needed)
15. If you need to scale up multiple times to address performance issues, it might be a good idea to revisit the design
16. Prefer horizontal scaling over vertical scaling
Tips and best practices for optimizing Azure
❑ Security considerations
17. Perform backup restore drills (you’ll be happy you did)
18. Enable soft delete on storage accounts
19. Use Just in Time mechanisms like Privileged Identity Management (PIM) and just-in-time (JIT) VM access
20. Use a network security group (NSG) on subnets and/or network cards
21. Pay attention to Azure Security Center recommendations
22. Whenever possible, restrict traffic to essential IP addresses via firewall and whitelisting
23. Enable Azure Key Vault logging to keep track of vault access