Azure organization and cost reduction
How we reduced projected Azure costs by 70% by restructuring a client's cloud architecture: resource groups, ARM templates and a DevOps pipeline for infrastructure as code.
A success story, in which the reorganization of Azure resources has significantly reduced Azure costs. The features of Microsoft Azure and the consumption-based methods of use bring a lot of flexibility to those who decide to adopt the platform.
At the same time, however, its massive use requires a categorization of resources, exploiting resource groups both for reasons of “order” and for security reasons.
Separating the various environments into different resource groups and then applying permissions to individual groups is useful for organizations but in this way the resources on Azure proliferate causing:
- increase in overhead costs for the use of the platform
- increase in time for configuring and maintaining resources
- increased effort for security management
How to run an Azure Cost Assessment
Before touching the architecture, you need to understand exactly where the money is going. The starting point is a complete inventory of all active resources: virtual machines, storage accounts, databases, PaaS services, public IP addresses. For each one, the key questions are whether it is actually in use, how long it has been active, and which project or environment it belongs to.
This phase regularly surfaces forgotten resources. Stopped VMs that still generate costs. Storage accounts filled with test data that nobody ever deleted. Dev and staging environments left running long after a project closed. These are not edge cases — in complex tenants, they are the norm.
Once the inventory is complete, the next step is to classify resources by cost type. Fixed-payment resources incur charges regardless of actual use; consumption-based resources are billed on real usage. This distinction is what drives the consolidation decision: fixed resources are candidates for sharing across projects, while consumption-based ones can often be right-sized or decommissioned when idle.
The right tool for this analysis is Azure Cost Management + Billing, filtering costs by resource group, tag, service type and time period. A clear breakdown by these dimensions makes it straightforward to identify which environments are the biggest drivers of unnecessary spend.
Cost savings, thanks to a new architecture
We have analyzed in detail the costs and the type of resources that were in use by the customer to understand what resources could be put together and then start the activity of reorganizing thanks to a new Azure Architecture.
We then completed the package with an automatic management of the releases of these resources through ARM (Azure Resource Manager) templates and an automatic pipeline for installing the resources through Azure DevOps to allow the customer to have a recovery mechanism for the entire Azure resource infrastructure.
The development of the new Azure Architecture
During the management of the Azure Architecture development project, our experts fully respected the customer’s needs:
- The division of resources by project has been maintained.
- Resources with fixed payment have been put at common factor and consumable resources have been used to the maximum.
- Security has been put at the forefront: all common resources are in charge of the company’s IT, while operational freedom has been left at the project level.
Disaster & Recovery: the safety net for the infrastructure
Cost reduction cannot come at the expense of resilience. Consolidating resources and reducing redundancy is only safe if you have a reliable mechanism to restore the entire infrastructure when something goes wrong.
Every Azure resource in the new architecture was codified in ARM (Azure Resource Manager) templates. This means the entire infrastructure exists as versioned, traceable code stored in a repository. That repository becomes the single source of truth: not a diagram on a whiteboard, not tribal knowledge held by one engineer, but a set of files that can be reviewed, audited and re-applied at any time.
The Azure DevOps pipeline handles automated deployment end to end. In the event of a major incident, the team does not need to rebuild manually, resource by resource. They launch the pipeline, select the target environment, and the entire infrastructure is recreated automatically with the same parameters and configurations as before.
This approach reduces two distinct types of risk at the same time. Operational risk drops because the recovery process no longer depends on individual know-how, manual steps are replaced by tested automation, and procedures can be rehearsed before an actual incident. Recovery cost drops too: without infrastructure as code, rebuilding a complex Azure environment after a serious failure can take days of concentrated effort; with automated pipelines, the same work takes hours.
Reducing Azure costs
The Azure Architecture designed by our experts has allowed the customer to save 70% of costs Azure that he planned to face.
This significant reduction in costs was also accompanied by a more robust organization than the tenant, which has been prepared for centralized management of common resources (both from a configuration and security point of view), for a management of project resources delegated to those who deal with specific solutions and for a disaster & recovery system for the entire infrastructure.
Written by
Emanuele Rossi
Infra & Security · Dev4Side