Azure Spring Clean: Leveraging Azure Copilot To Better Manage Your Tenant

Azure, Governance

It’s time for the Azure Spring Clean. The annual event is organised by Joe Carlyle and Thomas Thornton to encourage you to look at your Azure subscriptions and see how you could manage it better.

Bit Logo

In my contribution for this year, we will look at how you can leverage Azure Copilot to manage your Azure Tenants better.

What Is Azure Copilot

Azure Copilot is Microsoft’s AI assistant, but it is tuned to work with Azure. It has all the features of Chat GPT but is also aware of your Azure subscriptions and resources and can answer questions about them. If you want a more detailed introduction to Azure Copilot, then take a look at the article I created on this.

Using Azure Copilot To Better Manage Your Tenant

Because Copilot knows all about your Azure subscriptions, it can help you manage them. Let’s take a look at a few ways it can do that.

1. Cost Management

Copilot has access to all your Azure spending and budget information, so you can ask it questions to help you manage costs or even bring down your bills. Some examples include:

  • Ask for help understanding your Azure bill. Copilot can help break down your Azure bill and get to the bottom of where your costs are.
  • Compare this month’s bill to last month’s and provide information on the differences
  • Ask it to recommend actions that could help you reduce costs
  • Ask Copilot to predict what might happen to your costs in the future if you make a change, such as “How will my costs change if I move all my storage from West Europe to East US?”

2. Resource Graph

Copilot knows about all your resources deployed in Azure via the resource graph. If you want to understand your infrastructure better, you could write resource graph queries yourself or ask Copilot. It can provide you answers to your questions, as well as provide the Resource Graph query it used to get the data for future reference. You can use this to find resources that are not configured correctly, not being used optimally, or even doing nothing at all except costing money.

You could ask:

  • How does the location of resources across my subscriptions break down?
  • What are the most used resource types across my subscriptions
  • How many running and stopped VMs do I have in my subscriptions
  • Find all the orphaned managed disks in my subscriptions
  • Find all app service plans that only have one app service running on them

Orphaned Manged Disks

3. Security

You can also use Copilot to understand the security of your resources better. This could involve more Resource Graph queries:

  • Find all VMs that have port 3389 open to the internet
  • Find all storage accounts that have public access enabled or that do not force the use of HTTPS
  • Find all app services that are not protected by a WAF
  • Get all resources that are not compliant with a specific Azure policy
  • Find all resources that were created in the last week and show who created them

Storage Accounts with public access

You can also have Copilot help you do something about vulnerable resources.

  • Write a script to restrict public access on any storage accounts that have it enabled
  • Create an Azure policy to prevent the creation of storage accounts with this issue in the future

Policy

4. Investigate Performance Problems and Alerts

Copilot can see all your resources’ metrics and alerts and interpret this data to see what is going wrong and potentially how to fix it. For example, I asked Copilot if I had any resources that were not performing well, and it pointed out that I had a storage account where the backup had stopped working.

Backup Issue

I could also ask Copilot to investigate why my web app is down or why it is showing high CPU usage or even to take action like restarting the app service or taking a memory dump.

4. Architecture and Best Practice

Copilot has access to all the Azure documentation, so you can ask questions about how to design solutions that follow best practices or implement cost-saving solutions.

  • How can I design a highly available application hosted on Azure VMs
  • How can I save money when using AKS
  • How do I backup Azure storage data

AKS Cost Savine

Copilot doesn’t just need to provide Azure docs; it can interpret them and rephrase things to answer questions that the docs may not answer directly. For example, I asked it to provide common pitfalls to avoid when using Azure functions; this isn’t spelt out in the docs directly but can be inferred from the data.

Pitfalls for functions

You can also ask it to look at specific resources and tell you if they are architected well or what could be improved.

Improvements

Conclusion

Azure Copilot is a great tool to help you better manage your Azure tenants. It’s not doing anything you couldn’t do yourself with enough effort, but it’s doing it quickly and over a large scale. Copilot can also look at large volumes of data and draw conclusions and inferences you may not have seen yourself. Copilot isn’t going to solve all your problems or do your job for you, but it is a good tool that you can use to make your life a bit easier.