There’s a vast amount of available resources that give advice on Azure best practices. Based on recent recommendations given by experts in the field, we’ve put together this list of 10 of the best practices for 2020 to help you fully utilize and optimize your Azure environment.
1. Ensure Your Azure VMs are the Correct Size
- “There are default VM sizes depending on the image that you choose and the affected Region so be careful and check if the proposed one is really what you need. The majority of the times you can reduce the size to something that fits you better and at a lower cost.”
- Vitor Montalvao, Azure Cost Optimization Best Practices, March 6, 2020.
2. If you use the Azure Cost Management Tool, Know the Limitations
- Azure Cost Management can be a useful tool in your arsenal: “Listed as “cost management + billing” in the Azure portal, the Azure Cost Management service’s cost analysis feature offers comprehensive insights into the costs incurred by your Azure resources—starting from the subscription level. This can then be drilled down to specific resource groups and/or resources. The service also provides an overview of current costs as well as a monthly forecast based on the current consumption rate.”
- Shiji Sujai, Cost Optimization in Azure: The Building Blocks (Part 1), March 12, 2020.
- However, know that visibility and action are not equivalent: “Even though [cloud efficiency] is a core tenant of Microsoft Azure Cost Management, optimization is one of the weakest features of the product. The essence of the documentation around this is that you should manually eliminate waste, without going into much detail about what is being wasted or how to eliminate it. Plus, this expects manual intervention and review of each resource without giving direct actions to eliminate the waste.”
- Chris Parlette, The Three Core Components of Microsoft Azure Cost Management, October 24, 2019
3. Approach Role-Based Access Control (RBAC) Systematically
- “Using Azure RBAC, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs. Instead of giving everybody unrestricted permissions in your Azure subscription or resources, you can allow only certain actions at a particular scope.”
- Robert Lyon, Best practices for Azure RBAC, April 17, 2020.
- “Even with these specific pre-defined roles, the principle of least privilege shows that you’re almost always giving more access than is truly needed. For even more granular permissions, you can create Azure custom roles and list specific commands that can be run.”
- Chris Parlette, Use this Azure IAM Checklist When You Add New Users, May 7, 2020
4. Ensure you aren’t paying for orphaned disks
- “When you delete a virtual machine in Azure, by default, in order to protect against data loss, any disks that are attached to the VM aren’t deleted. One thing to remember is that after a VM is deleted, you will continue to pay for these “orphaned” unattached disks. In order to minimise storage costs, make sure that you identify and remove any orphaned disk resource.”
- WARDY IT SOLUTIONS, 10 Tips for Azure Cost Optimisation, April 14, 2020.
5. Tag Everything
- “Centralize tagging across your Azure environments. This enables you to discover, group and consistently tag cloud resources across your cloud providers – manually or through automated tag rules. Maintaining a consistent tagging structure allows you to see resource information from all cloud providers for enhanced governance, cost analytics and chargeback.”
- Eric Berg, Optimizing Your Azure Environment, February 12, 2020.
6. Decipher how and when to utilize the Azure logging services
- “Logs are a major factor when it comes to successful cloud management. Azure users can access a variety of native logging services to maintain reliable and secure operations. These logging options can be broken down into three overarching types, as well as eight log categories. The granular data collected by Azure logs enables enterprises to monitor resources and helps identify potential system breaches.”
- Sara Grier, 5 tips that can lead to Azure cloud management success, April 2, 2020.
7. Know Your Serverless Options
- “Serverless computing provides a layer of abstraction that offloads maintenance of the underlying infrastructure to the cloud provider. That’s a form of workload automation in and of itself, but IT teams can take it a step further with the right tools.
- Developers and admins can use a range of serverless offerings in Azure, but they need to understand how they want their workflow to operate in order to select the right services. To start, determine whether your application has its own logic to direct events and triggers, or whether that orchestration is defined by something else.”
- Trevor Jones, Learn best practices for cloud automation on Microsoft Azure, January 28, 2020.
8. API Authentication
- “APIs handle an immense amount of data, which is why it’s imperative to invest in API security. Think of authentication as an identification card that proves you are who you say you are. Although Azure Database provides a range of security features, end users are required to practice additional security measures. For example, you must manage strong credentials yourself. Active Directory is the authentication solution of choice for enterprises around the world, and the Azure-hosted version only adds to the attraction as companies continue migrating to the cloud.”
- Susanna Bouse, Azure Security Best Practices, April 30, 2020.
9. Ensure the VM you need is available in your location
- “Have the following 3 things in mind when choosing the location for your virtual machine:
- Place your VMs in a region close as possible to your users to improve performance and to meet any legal, compliance, or tax requirements.
- Each region has different hardware available and some configurations are not available in all regions, so this can limit your available options.
- There are price differences between locations, but if you choose to place your VM in a cheaper region it may impact negatively the performance if the region is far from your users (see point 1).”
- Vitor Montalvao, Azure VM Deployment Best Practices, May 1, 2020.
10. Multi-Factor Authentication for all standard users
- “Businesses that don’t add extra layers of access protection – such as two-step authentication – are more susceptible to credential theft. Credential thefts are usually achieved by phishing or by planting key-logging malware on a user’s device; and it only takes one compromised credential for a cybercriminal to potentially gain access to the whole network.
- Enforcing multi-factor authentication for all users is one of the easiest – yet most effective – of the seven Azure security best practices, as it can be done via Azure Active Directory within a few minutes.”
- CloudHealth Tech Staff, Top 7 Azure Security Best Practices For Busy IT Security Professionals, November 6, 2019.
You can use these best practices as a reference to help you ensure you are fully optimizing all available features in your Azure environment. Have any Azure best practices you’ve learned recently? Let us know in the comments below!