About Azure Advisor

Azure Advisor analyzes your configurations and usage telemetry and offers personalized, actionable recommendations to help you optimize your Azure resources for reliability, security, operational excellence, performance, and cost. Azure Advisor is a free service and can be accessed via the GUI on the Azure portal where recommendations are collated and can be manually examined.

Azure Advisor makes recommendations for potential improvements in several areas, including:

  • Cost
  • Security
  • Operational Excellence
  • High Availability
  • Performance

Leveraging Azure Advisor to reduce costs is a common strategy for users deploying services such as Azure Virtual Desktop (AVD) on Azure at scale. A recent article from HTG covers how AVD costs can be reduced by leveraging Azure Advisor to ensure idle resources and VMs (Virtual Machines) are shutdown to avoid pay-as-you-go (PAYG) costs, see: Azure virtual desktop pricing: 5 ways you can save money (htg.co.uk).

Tracking Azure Advisor Recommendations in eG Enterprise

eG Enterprise supports agentless monitoring of Azure subscriptions. Once you have provided credentials to allow eG Enterprise to connect to your Azure subscription, it automatically collects a variety of performance and usage metrics. Everything from the health of the Azure infrastructure to the Azure compute instances to Azure database services and storage to billing information is tracked. When monitoring the Azure infrastructure, eG Enterprise reports the recommendations provided by Azure Advisor.

Azure Advisor recommendations reported in the Azure Subscription Component

Recommendations pertaining to cost, high availability, operational excellence, performance and security are reported in the eG Enterprise console.  The Azure Advisor score is also reported.  Azure Advisor continually assesses your usage telemetry and resource configuration against industry best practices. Advisor then aggregates its findings into a score. With this score, you can tell at a glance if you’re taking the necessary steps to build reliable, secure, and cost-efficient solutions. By reporting the Advisor score, eG Enterprise allows admins to track and report the progress that they are making in their pursuit to optimize their Azure deployment.

Alerts are set by default to trigger minor alerts if Azure recommendations exist, the amber color coding and replacement of the green tick with an amber “i” indicates recommendations are made. Additionally, these alerts are also sent to the main alarms console. When recommendations exist, the detailed diagnosis icon (the magnifying glass) will appear, the administrator can click on this to drill down into the details of recommendations.

Click on the magnifying glass for details of Azure Advisor’s recommendations

When clicked on the detailed diagnosis icon will display details of the 3 high priority cost recommendations made thus:

Details of Azure Advisor’s recommendations are part of eG Enterprise’s detailed diagnosis capability
Note: The timeline can be adjusted to review different time periods. Scrolling to the right will reveal further information and in the top right-hand corner options to print and export the information to pdf format reports or .csv excel compatible format are available.

In this example:

  • Recommendations are made to “Right-size or shutdown underutilized virtual machines,” and the operator is likely to want to explore eG Enterprise’s out-of-the-box reporting to review their usage over recent and longer-term timeframes to assess their next steps. The capacity planning and right-sizing support within eG Enterprise is also appropriate to leverage now. There is information explaining how a VM is assessed to be under-utilized within the Microsoft documentation – see: Tutorial – Reduce Azure costs with recommendations | Microsoft Docs, which may help you understand the need to understand these recommendations within the cycles and usage patterns of your own organization.
  • “Buy virtual machine reserved instances to save money over pay-as-you-go costs” is recommended. In this case the system I was monitoring is one of our eG Innovations test systems that is frequently reconfigured and scaled up according to various test cycles and PAYG really is the optimal choice as demonstrated from our own long-term monitoring reports. If your business operates on highly variable or seasonal cycle usage, you are likely to need full monitoring data to assess such recommendations. We have discussed similar pros and cons associated with “commitment tier pricing” in another article on reducing Azure costs, see: Reduce Azure Monitoring Cost | eG Innovations.

eG Enterprise alerts are fully configurable so you can choose your own alert levels and thresholds, and being multi-leveled you can configure critical alerts if a large number of recommendations are ignored.

Beyond Costs – Ensuring Performance, Security, and Best Practices

eG Enterprise also covers all the key recommendation areas available, and it is worth familiarizing yourself with the information available.

Performance Recommendations from Azure Advisor

Detailed performance recommendations

On our test system, I found performance recommendations for the AVD (Azure Virtual Desktop) service that had noticed a significant portion of our users are accessing resources where a closer region that may improve latency is available (“Improve user experience and connectivity by deploying VMs closer to user’s location.”). In production systems, this would be one to consider seriously. There is more information on ways of auditing and monitoring your end users in our article: Monitor Azure Active Directory (AD) Users | eG Innovations.

The “Unsupported Kubernetes version is detected” may have more than performance implications. The unsupported version may have security flaws beyond performance ones and shows that it is very worthwhile to review all recommendations as the scope of their impact may be wide.

Operational Excellence Recommendations from Azure Advisor

This area is likely to be light on recommendations. Still, it is worth leveraging eG Enterprise’s continual monitoring as it is where you may find alerts regarding “Service Principal” accounts and similar.

Medium impact recommendations from Azure Advisor

We have written some more on the importance of auditing Azure AD and Service Principal accounts and certificates and the importance of doing this in Azure AD Monitoring Tips & Strategies | eG Innovations.

High Availability Recommendations from Azure Advisor

High impact Azure Advisor recommendations

Beyond some medium-impact alarms around ensuring failover and backup, I was slightly surprised to find a high-impact alert associated with a recommendation to implement “Additional protection to mitigate Log4j2 vulnerability (CVE-2021-44228)” – this is a well-known industry-wide security issue, and I wouldn’t have expected to find it in via High Availability rather than the Security module – showing the value of reviewing each and every recommendation by process and with thorough auditing.

Security Recommendations from Azure Advisor

This of course is a very important set of recommendations to review and ensure actions are taken on regularly.

Azure Advisor security recommendations

Security recommendations will often include best practice configuration practices for Azure including the use of Microsoft Defender.

For the security conscious and those working within regulated industries with formal compliance criteria, you can read more on eG Innovations take on subjects such as security, secure RBAC (Role Based Access Control), and traceable auditing.

Whilst it can be useful to explore the Azure Advisor metrics, in practice most administrators will not routinely check or need to view in the same way that logging into the Azure portal to access the Advisor pane/blade is a manual process. Most operators would generally only need to investigate Advisor recommendations when they are proactively alerted that recommendations have been made. This will occur with alerts being raised in the main eG Enterprise alert window.

eG Enterprise’s alarm window highlighting Azure Advisor recommendations

Here we can see the thresholds have raised and grouped alerts into the main eG Enterprise alarm window that appears to an administrator when logging into eG Enterprise.

Integrating and Automating Azure Advisor Recommendations by Process

For many commercial organizations especially those with larger distributed teams, using multiple Azure services and scale deployments – the process of reviewing recommendations prior to implementation and the responsibilities to do so need to be formalized.

We have fully integrated support for Azure Advisor recommendations within the eG Enterprise monitoring platform to enable administrators to ensure advice is reviewed and implemented by the process. This workflow itself can be audited to ensure recommendations are regularly reviewed and implemented and not accidentally ignored within a GUI portal.

Key features of the eG Enterprise / Azure Advisor Integration

  • Automated alerting when recommendations are raised with no need for an administrator to log in and review the Azure Advisor blade/pane within the Azure portal.
  • Alerts can be closed with traceable information on the reasons for decisions transparent via the “Fix History” Knowledge base system.
  • Alerts that are compatible with all our ITSM help and service desk integrations such as ServiceNow, JIRA, Autotask, and others to ensure recommendations can be processed as traceable, documented maintenance tickets by process.
  • Information from Azure Advisor is recorded for both live and historical reporting allowing management to audit whether recommendations are being adopted and if they have been reviewed.
  • Administrators do not need to worry about alerts expiring or being missed and review all recommendations regularly over a time period of their choice whether that is daily, weekly, or every quarter. Recommendations can be reviewed alongside full infrastructure and application data within the provided historical reports, capacity, and trend planning tools to assess if recommendations such as to use “commitment”.
  • Alerts and data from Azure Advisor are integrated into alerts, dashboards, and reports alongside data from applications, the rest of the Azure infrastructure, and other IT so recommendations can be evaluated in context and routinely.
  • Domain-specific layers for monitoring Azure AD, AD Connector, Active Directory and similar ensure security recommendations are understood to ensure automated root-cause analysis of issues such as slow desktops or logon performance.

    Monitoring across the whole AVD lifecycle and logon process
  • Rich views via topology maps ensure that the scope of recommended change is understood, and interdependent components are considered.

Overcoming Azure Advisor Limitations

eG Enterprise goes beyond Azure Advisor and overcomes several inherent limitations. Whilst a very useful tool, alone Azure Advisor will not cover some scenarios, and Azure users need to consider its limitations – such as:

  1. Limited scope – Azure Advisor has limited scope https://docs.microsoft.com/en-us/azure/advisor/advisor-overview#what-resources-does-advisor-provide-recommendations-for, i.e., Advisor analyses and provides recommendations for only a limited number of Azure services.
  2. Hybrid cloud scenarios – Advisor offers recommendations for Azure alone. If your workloads are running in multiple clouds, you will need to use multiple solutions or a comprehensive 3rd party solution like eG Enterprise which can cover third-party services including those on-premises or in other clouds such as Amazon AWS.
  3. Limited Automation – You will need to write and maintain bespoke code based on Azure Advisor API calls for automation based on the Advisor recommendations. The built-in automation functionality of a dedicated solution such as eG Enterprise can avoid this overhead.

Simplify Your Systems with eG Enterprise

eG Enterprise offers monitoring solutions that simplify monitoring for enterprise companies. To discover more about how our technologies can work for you, start your free trial today. In as little as 15 minutes, you can find the root cause of your cloud-based or on-prem IT bottlenecks and performance issues. Request your free trial today.