The latest articles on Forem by David (@azurenoob). https://forem.com/azurenoob https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3658781%2Fe1b53592-39b6-450a-a616-af04d8f19b56.png https://forem.com/azurenoob en David Mon, 22 Dec 2025 10:58:04 +0000 https://forem.com/azurenoob/you-cant-govern-what-you-cant-explain-on-a-napkin-1ln8 https://forem.com/azurenoob/you-cant-govern-what-you-cant-explain-on-a-napkin-1ln8 <blockquote> <p>Originally published on Azure-Noob:<br><br> <a href="https://azure-noob.com/blog/azure-governance-napkin-test/" rel="noopener noreferrer">https://azure-noob.com/blog/azure-governance-napkin-test/</a></p> </blockquote> <p>Every platform team eventually gets asked the same question:</p> <p><strong>“Why does cloud cost this much?”</strong></p> <p>If your answer starts with <em>“let me pull a dashboard”</em>, you’ve already lost.</p> <p>The CFO walks into your office with a printout.</p> <p>“Why did Azure cost $2.3M this quarter?”</p> <p>You have:</p> <ul> <li>Azure Policy enforcing compliance</li> <li>A Landing Zone with perfect architecture</li> <li>Tags on every resource</li> <li>Workbooks showing metrics</li> <li>Dashboards with pretty graphs</li> </ul> <p>But you can’t answer the question.</p> <p>Not in 30 seconds.<br><br> Not on a whiteboard.<br><br> <strong>Not on a napkin.</strong></p> <p>This is the governance failure no one talks about.</p> <h2> The Problem: Tools Enforce Rules, Not Understanding </h2> <p>Every enterprise Azure environment has the same stack:</p> <p><strong>Layer 1: Azure Policy</strong></p> <ul> <li>SKU restrictions</li> <li>Required tags</li> <li>Security baselines</li> <li>Audit findings</li> </ul> <p><strong>Layer 2: Landing Zones</strong></p> <ul> <li>Management groups</li> <li>Subscription design</li> <li>Network topology</li> <li>Identity hierarchy</li> </ul> <p><strong>Layer 3: Tagging Standards</strong></p> <ul> <li>CostCenter</li> <li>Owner</li> <li>Environment</li> <li>Application</li> </ul> <p><strong>Layer 4: Reporting Tools</strong></p> <ul> <li>Azure Monitor Workbooks</li> <li>Power BI dashboards</li> <li>Cost Management exports</li> <li>Custom queries</li> </ul> <p>This stack gives you:</p> <ul> <li>✅ Compliance</li> <li>✅ Security controls</li> <li>✅ Resource inventory</li> <li>✅ Cost visibility</li> </ul> <p>But it doesn’t give you:</p> <ul> <li>❌ <strong>Defensibility</strong> </li> </ul> <p>And there’s a critical difference.</p> <h2> Compliance ≠ Defensibility </h2> <p><strong>Compliance means:</strong><br><br> “Our resources follow the rules we wrote.”</p> <p><strong>Defensibility means:</strong><br><br> “I can explain why this costs what it costs — and justify it to someone who doesn’t trust me.”</p> <p><strong>Compliant Azure bill:</strong><br><br> “All resources are tagged correctly. Policy enforced. Landing Zone followed. Here’s the report.”</p> <p><strong>Defensible Azure bill:</strong><br><br> “Application X costs $180K/month because it serves 2,400 users across 12 regions with 99.95% SLA requirements. Storage is $40K due to 7-year retention for SOX compliance. Network is $25K for dual ExpressRoute. Compute scales between $95K–$140K based on usage.”</p> <p>The first answer is compliant.<br><br> The second answer is defensible.</p> <p>And most Azure environments can only produce the first one.</p> <h2> The Napkin Test </h2> <p>Can you explain your Azure costs on a napkin?</p> <p>Not “here’s a dashboard.”<br><br> Not “let me pull a report.”</p> <p><strong>Right now. On a napkin. In 60 seconds.</strong></p> <p>Try this:</p> <ol> <li>Draw three boxes: Production, Staging, Development </li> <li>Write the monthly cost in each box </li> <li>Break Production into: Apps, Data, Network, Security </li> <li>For the largest app: What does it do? How many users? What’s the SLA?</li> </ol> <p><strong>If you can’t do this without looking anything up:</strong><br><br> Your governance isn’t working.</p> <p>It doesn’t matter how good your policies are.<br><br> It doesn’t matter how clean your Landing Zone is.<br><br> It doesn’t matter how consistent your tags are.</p> <p><strong>If the person responsible can’t explain it simply, it’s not governed — it’s just compliant.</strong></p> <h2> Why Tools Fail the Napkin Test </h2> <h3> Tags Report Facts, Not Meaning </h3> <p>Tags tell you:</p> <ul> <li>CostCenter: 4200</li> <li>Environment: Production</li> <li>Owner: John Smith</li> <li>Application: CustomerPortal</li> </ul> <p>They don’t tell you:</p> <ul> <li>Why does it cost $340K/month?</li> <li>Is that reasonable?</li> <li>What breaks if we cut 30%?</li> <li>Which business capability disappears?</li> </ul> <p>Tags group resources.<br><br> They don’t create understanding.</p> <h3> Landing Zones Organize, They Don’t Explain </h3> <p>Landing Zones give you beautiful structure.</p> <p>They don’t explain:</p> <ul> <li>Why one subscription costs 3× another</li> <li>Which decisions drove last month’s increase</li> <li>What trade-offs were made</li> <li>What the ROI actually is</li> </ul> <p>Structure without narrative isn’t governance.<br><br> It’s just organized chaos.</p> <h3> Policy Audits the Past, Not the Future </h3> <p>Azure Policy tells you what’s non-compliant.</p> <p>It doesn’t tell you:</p> <ul> <li>Whether the resource should exist</li> <li>What business problem it solves</li> <li>What happens if you remove it</li> <li>Whether the rule still makes sense</li> </ul> <p>Policy enforces rules you already wrote.<br><br> It doesn’t tell you if they were good rules.</p> <h3> Dashboards Show Data, Not Decisions </h3> <p>Dashboards show <em>what happened</em>.</p> <p>Leadership asks:</p> <blockquote> <p>“Why did costs go up?”</p> </blockquote> <p>You click through visuals.</p> <p>They ask:</p> <blockquote> <p>“What decision caused this?”</p> </blockquote> <p>Your dashboard has no answer.</p> <p>Because dashboards don’t explain <em>why</em> —<br><br> or <em>whether it should have happened at all</em>.</p> <h2> What Defensibility Actually Requires </h2> <p>Defensible cloud costs have:</p> <ul> <li><strong>Business context per dollar</strong></li> <li><strong>Decision history</strong></li> <li><strong>Trade-off awareness</strong></li> <li><strong>Clear owner accountability</strong></li> </ul> <p>Not:</p> <ul> <li>More dashboards</li> <li>More tags</li> <li>More policies</li> </ul> <p>But <strong>clear narratives</strong> that survive CFO scrutiny.</p> <h2> The Hard Truth </h2> <p>You can’t govern what you can’t explain.</p> <p>And if you can’t explain it on a napkin —<br><br> in 60 seconds,<br><br> in business terms,<br><br> to someone who doesn’t trust you —</p> <p>you don’t understand it well enough to govern it.</p> <p>Until then, governance isn’t governance.</p> <p><strong>It’s just expensive infrastructure with extra steps.</strong></p> azure cloud finops architecture David Fri, 12 Dec 2025 18:56:22 +0000 https://forem.com/azurenoob/modernizing-azure-workbooks-taking-billy-yorks-inventory-from-50-to-200-services-3fc6 https://forem.com/azurenoob/modernizing-azure-workbooks-taking-billy-yorks-inventory-from-50-to-200-services-3fc6 <h2> The Problem with Azure Inventory </h2> <p><strong>Azure Portal:</strong> Shows resources one subscription at a time</p> <p><strong>Need:</strong> See ALL resources across 44 subscriptions</p> <p><strong>Billy York's solution:</strong> Azure Monitor Workbook with Resource Graph queries</p> <p><strong>Problem:</strong> Only covers ~50 Azure services. Azure has 200+.</p> <h2> What Billy York Built (And Why It's Great) </h2> <p><strong>Original workbook:</strong></p> <ul> <li>Queries Azure Resource Graph</li> <li>Shows VMs, storage, networking</li> <li>Organized by resource type</li> <li>Open source on GitHub</li> </ul> <p><strong>Why it's excellent:</strong></p> <ul> <li>Actually works (many don't)</li> <li>Clean UI</li> <li>Copy-paste KQL queries</li> <li>Free</li> </ul> <p><strong>Why it needs enhancement:</strong></p> <ul> <li>Missing 150+ services</li> <li>No security hygiene checks</li> <li>No cost context</li> <li>Manual updates for new Azure services</li> </ul> <h2> What We Added </h2> <h3> 150+ Additional Services </h3> <p><strong>Original:</strong> VMs, Storage, VNets, NSGs, Load Balancers</p> <p><strong>Added:</strong></p> <ul> <li>Azure AI (OpenAI, Cognitive Services, ML)</li> <li>Databases (SQL, Cosmos, PostgreSQL, MySQL)</li> <li>Integration (Logic Apps, Service Bus, Event Grid)</li> <li>Security (Key Vault, Defender, Sentinel)</li> <li>Monitoring (Application Insights, Log Analytics)</li> <li>Arc (Hybrid servers, Kubernetes)</li> </ul> <p><strong>Total:</strong> 200+ service types</p> <h3> Security Hygiene Checks </h3> <p><strong>Query for public-facing resources:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | where type =~ 'microsoft.compute/virtualmachines' | extend hasPublicIP = isnotnull(properties.networkProfile.networkInterfaces[0].properties.ipConfigurations[0].properties.publicIPAddress) | where hasPublicIP == true | project name, resourceGroup, location </code></pre> </div> <p><strong>Query for unencrypted storage:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | where type =~ 'microsoft.storage/storageaccounts' | where properties.encryption.services.blob.enabled != true | project name, resourceGroup, location </code></pre> </div> <p><strong>Query for expired certificates:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | where type =~ 'microsoft.keyvault/vaults/certificates' | extend expiry = todatetime(properties.attributes.exp) | where expiry &lt; now() + 30d | project name, expiry, resourceGroup </code></pre> </div> <h3> Cost Context </h3> <p><strong>Added cost data to resource views:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | where type =~ 'microsoft.compute/virtualmachines' | extend vmSize = tostring(properties.hardwareProfile.vmSize) | join kind=leftouter ( CostManagementExports | summarize MonthlyCost = sum(Cost) by ResourceId ) on $left.id == $right.ResourceId | project name, vmSize, MonthlyCost, resourceGroup </code></pre> </div> <h3> Global Filters </h3> <p><strong>Original:</strong> Filter per-section</p> <p><strong>Enhanced:</strong> Global subscription/resource group filter applies to ALL sections</p> <p><strong>Implementation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"dropdown"</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Subscriptions"</span><span class="p">,</span><span class="w"> </span><span class="nl">"query"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ResourceContainers | where type == 'microsoft.resources/subscriptions' | project name, subscriptionId"</span><span class="p">,</span><span class="w"> </span><span class="nl">"isMultiSelect"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Result:</strong> Select subscriptions once, affects entire workbook</p> <h2> The Enhancement Process </h2> <h3> Step 1: Clone Billy York's Repo </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/scautomation/Azure-Inventory-Workbook </code></pre> </div> <h3> Step 2: Identify Missing Services </h3> <p><strong>Query all resource types:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | distinct type | order by type asc </code></pre> </div> <p><strong>Compare to workbook:</strong> Find gaps</p> <h3> Step 3: Add Service Sections </h3> <p><strong>Template for new section:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"section"</span><span class="p">,</span><span class="w"> </span><span class="nl">"title"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Azure OpenAI"</span><span class="p">,</span><span class="w"> </span><span class="nl">"query"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Resources | where type =~ 'microsoft.cognitiveservices/accounts' | where kind == 'OpenAI' | project name, sku.name, location, resourceGroup"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Step 4: Add Security Checks </h3> <p><strong>For each service, add:</strong></p> <ul> <li>Public exposure check</li> <li>Encryption status</li> <li>Certificate expiration</li> <li>Compliance flags</li> </ul> <h3> Step 5: Add Cost Columns </h3> <p><strong>Join cost data to resource queries:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | where type =~ '[service-type]' | join kind=leftouter ( CostManagementExports | where TimeGenerated &gt; ago(30d) | summarize MonthlyCost = sum(Cost) by ResourceId ) on $left.id == $right.ResourceId </code></pre> </div> <h2> Real Example: SQL Databases </h2> <p><strong>Original section (basic):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | where type =~ 'microsoft.sql/servers/databases' | project name, resourceGroup, location </code></pre> </div> <p><strong>Enhanced section (with security + cost):</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | where type =~ 'microsoft.sql/servers/databases' | extend serverName = split(id, '/')[8], tier = properties.sku.tier, encrypted = properties.transparentDataEncryption.status, publicAccess = properties.publicNetworkAccess | join kind=leftouter ( CostManagementExports | where TimeGenerated &gt; ago(30d) | summarize MonthlyCost = sum(Cost) by ResourceId ) on $left.id == $right.ResourceId | project Database = name, Server = serverName, Tier = tier, Encrypted = encrypted, PublicAccess = publicAccess, MonthlyCost = round(MonthlyCost, 2), ResourceGroup = resourceGroup, Location = location | order by MonthlyCost desc </code></pre> </div> <p><strong>Result:</strong></p> <ul> <li>Shows SQL databases</li> <li>Security status (encryption, public access)</li> <li>Monthly cost</li> <li>Sorted by expense</li> </ul> <h2> Performance Optimization </h2> <h3> Problem: Workbook Timeout </h3> <p><strong>Original:</strong> Single massive query for all subscriptions</p> <p><strong>Enhanced:</strong> Paginated queries with limits<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | where type =~ 'microsoft.compute/virtualmachines' | take 1000 // Pagination </code></pre> </div> <h3> Problem: Slow Joins </h3> <p><strong>Original:</strong> Join every resource to cost data</p> <p><strong>Enhanced:</strong> Pre-aggregate cost data<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// Pre-aggregate costs let costs = CostManagementExports | where TimeGenerated &gt; ago(30d) | summarize MonthlyCost = sum(Cost) by ResourceId; // Then join Resources | where type =~ 'microsoft.compute/virtualmachines' | join kind=leftouter costs on $left.id == $right.ResourceId </code></pre> </div> <h2> UI/UX Improvements </h2> <h3> Conditional Visibility </h3> <p><strong>Only show sections with resources:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"conditionalVisibility"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"parameterName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"HasOpenAI"</span><span class="p">,</span><span class="w"> </span><span class="nl">"comparison"</span><span class="p">:</span><span class="w"> </span><span class="s2">"isEqualTo"</span><span class="p">,</span><span class="w"> </span><span class="nl">"value"</span><span class="p">:</span><span class="w"> </span><span class="s2">"true"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Color Coding </h3> <p><strong>Red:</strong> Security issues (public access, unencrypted)<br> <strong>Yellow:</strong> Warnings (expiring certs, high cost)<br> <strong>Green:</strong> Compliant resources</p> <h3> Export Functionality </h3> <p><strong>Added:</strong> Export to CSV for each section<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"button"</span><span class="p">,</span><span class="w"> </span><span class="nl">"action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"export"</span><span class="p">,</span><span class="w"> </span><span class="nl">"format"</span><span class="p">:</span><span class="w"> </span><span class="s2">"csv"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h2> Deployment </h2> <h3> Option 1: Import JSON </h3> <ol> <li>Go to Azure Monitor → Workbooks</li> <li>Click "New"</li> <li>Click "Advanced Editor"</li> <li>Paste enhanced JSON</li> <li>Save</li> </ol> <h3> Option 2: ARM Template </h3> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Microsoft.Insights/workbooks"</span><span class="p">,</span><span class="w"> </span><span class="nl">"apiVersion"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2021-03-08"</span><span class="p">,</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"[guid('azure-inventory-enhanced')]"</span><span class="p">,</span><span class="w"> </span><span class="nl">"location"</span><span class="p">:</span><span class="w"> </span><span class="s2">"[resourceGroup().location]"</span><span class="p">,</span><span class="w"> </span><span class="nl">"properties"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"displayName"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Azure Inventory Enhanced"</span><span class="p">,</span><span class="w"> </span><span class="nl">"serializedData"</span><span class="p">:</span><span class="w"> </span><span class="s2">"[parameters('workbookContent')]"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Deploy with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>az deployment group create <span class="nt">--resource-group</span> Monitoring-RG <span class="nt">--template-file</span> workbook.json </code></pre> </div> <h2> Real Results </h2> <p><strong>Before (Billy York original):</strong></p> <ul> <li>50 service types</li> <li>No security context</li> <li>No cost data</li> <li>Good for small environments</li> </ul> <p><strong>After (enhanced):</strong></p> <ul> <li>200+ service types</li> <li>Security hygiene checks</li> <li>Cost context</li> <li>Production-ready for enterprise</li> </ul> <p><strong>Time to generate inventory:</strong></p> <ul> <li>Before: Multiple tools, 2 hours</li> <li>After: Single workbook, 30 seconds</li> </ul> <h2> Community Contribution </h2> <p><strong>Billy York's original:</strong> <a href="https://github.com/scautomation/Azure-Inventory-Workbook" rel="noopener noreferrer">https://github.com/scautomation/Azure-Inventory-Workbook</a></p> <p><strong>Our enhancements:</strong> Fork + pull request with:</p> <ul> <li>150+ additional services</li> <li>Security checks</li> <li>Cost integration</li> <li>Performance fixes</li> </ul> <p><strong>Attribution:</strong> Billy York deserves credit for building the foundation. We just scaled it.</p> <h2> Full Enhanced Workbook </h2> <p>Complete workbook JSON, deployment templates, and contribution guide:</p> <p>👉 <a href="https://azure-noob.com/blog/modernizing-azure-workbooks/" rel="noopener noreferrer">Enhanced Azure Inventory Workbook</a></p> <p>Also on GitHub: [github.com/dswann101164/azure-inventory-workbook-enhanced]</p> <p><strong>Using Azure Workbooks?</strong> Start with community workbooks like Billy York's, then enhance for your needs. Don't build from scratch—extend what works.</p> azure monitoring workbooks kql David Fri, 12 Dec 2025 18:54:13 +0000 https://forem.com/azurenoob/building-azure-dashboards-for-cloud-noc-teams-what-actually-gets-used-vs-what-gets-ignored-3o75 https://forem.com/azurenoob/building-azure-dashboards-for-cloud-noc-teams-what-actually-gets-used-vs-what-gets-ignored-3o75 <h2> The Dashboard Problem </h2> <p><strong>What we built:</strong> 47 tiles showing metrics, logs, alerts, compliance, costs</p> <p><strong>What NOC uses:</strong> 3 tiles</p> <p><strong>Why:</strong> Dashboard answered "what's our resource count?" not "what's broken?"</p> <h2> What NOC Teams Actually Need </h2> <h3> Question #1: "What's Down Right Now?" </h3> <p><strong>Not:</strong> 15 charts showing healthy services</p> <p><strong>Yes:</strong> List of failures, ranked by business impact</p> <h3> Question #2: "What Needs My Attention?" </h3> <p><strong>Not:</strong> 200 active alerts</p> <p><strong>Yes:</strong> 5 critical alerts requiring human action</p> <h3> Question #3: "Is This Normal?" </h3> <p><strong>Not:</strong> Current CPU usage</p> <p><strong>Yes:</strong> Current vs 7-day baseline with "normal range" shading</p> <h2> Dashboard Design That Works </h2> <h3> Tile 1: Critical Incidents (Top Priority) </h3> <p><strong>Query:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>AzureActivity | where Level == "Critical" or Level == "Error" | where TimeGenerated &gt; ago(1h) | summarize Count=count() by ResourceGroup, OperationNameValue | order by Count desc | take 10 </code></pre> </div> <p><strong>Display:</strong></p> <ul> <li>Red alert icon</li> <li>Resource name</li> <li>Error count</li> <li>Time since first occurrence</li> <li>Business impact (if known)</li> </ul> <h3> Tile 2: Service Health Issues </h3> <p><strong>Query:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ServiceHealthResources | where type == "microsoft.resourcehealth/events" | where properties.status == "Active" | project ServiceName = properties.service, Issue = properties.title, Impact = properties.impact </code></pre> </div> <p><strong>Display:</strong></p> <ul> <li>Azure service name</li> <li>Issue description </li> <li>Affected regions</li> <li>Link to status page</li> </ul> <h3> Tile 3: Failed Deployments </h3> <p><strong>Query:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>AzureActivity | where OperationNameValue contains "Microsoft.Resources/deployments/write" | where ActivityStatusValue == "Failed" | where TimeGenerated &gt; ago(24h) | project TimeGenerated, Caller, ResourceGroup, ErrorMessage = Properties </code></pre> </div> <p><strong>Display:</strong></p> <ul> <li>Who tried to deploy</li> <li>What failed</li> <li>Error message</li> <li>Time</li> </ul> <h3> Tile 4: Abnormal Resource Consumption </h3> <p><strong>Query:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Perf | where TimeGenerated &gt; ago(1h) | where CounterName == "% Processor Time" | summarize AvgCPU = avg(CounterValue) by Computer | where AvgCPU &gt; 85 </code></pre> </div> <p><strong>Display:</strong></p> <ul> <li>VM name</li> <li>Current CPU %</li> <li>Comparison to 7-day average</li> <li>Threshold breach time</li> </ul> <h3> Tile 5: Budget Alerts </h3> <p><strong>Query:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>AzureActivity | where OperationNameValue contains "Microsoft.Consumption" | where Level == "Warning" or Level == "Error" | where TimeGenerated &gt; ago(24h) </code></pre> </div> <p><strong>Display:</strong></p> <ul> <li>Subscription name</li> <li>Current spend</li> <li>Budget amount</li> <li>Forecast end-of-month</li> </ul> <h2> What NOT to Include </h2> <h3> ❌ Resource Counts </h3> <p><strong>Why NOC doesn't care:</strong> "We have 847 VMs" doesn't help incident response</p> <p><strong>Who cares:</strong> Capacity planning team</p> <p><strong>Where it belongs:</strong> Monthly capacity review, not NOC dashboard</p> <h3> ❌ Compliance Metrics </h3> <p><strong>Why NOC doesn't care:</strong> "72% compliant with tag policy" isn't urgent at 2 AM</p> <p><strong>Who cares:</strong> Governance team</p> <p><strong>Where it belongs:</strong> Weekly governance report</p> <h3> ❌ Cost Breakdown Charts </h3> <p><strong>Why NOC doesn't care:</strong> "Compute is 45% of spend" doesn't help fix outages</p> <p><strong>Who cares:</strong> FinOps team</p> <p><strong>Where it belongs:</strong> Monthly cost review</p> <h3> ❌ "Healthy" Status </h3> <p><strong>Why NOC doesn't care:</strong> If it's working, they don't need to see it</p> <p><strong>Better:</strong> Only show failures. If dashboard is empty, everything's fine.</p> <h2> Real NOC Dashboard Example </h2> <p><strong>Our 5-tile dashboard:</strong></p> <ol> <li> <p><strong>Critical Alerts</strong> (red box, top-left)</p> <ul> <li>Currently: 0</li> <li>If &gt;0: Shows alert details</li> </ul> </li> <li> <p><strong>Service Health</strong> (orange box, top-right)</p> <ul> <li>Currently: 1 (Azure DevOps degraded, East US)</li> <li>Impact: Low</li> </ul> </li> <li> <p><strong>Failed Deployments</strong> (yellow box, middle-left)</p> <ul> <li>Last 24h: 3 failures</li> <li>Links to logs</li> </ul> </li> <li> <p><strong>High CPU VMs</strong> (yellow box, middle-right)</p> <ul> <li>Currently: 2 VMs over 85%</li> <li>Shows VM names, current %</li> </ul> </li> <li> <p><strong>Budget Status</strong> (green box, bottom)</p> <ul> <li>67% of monthly budget used</li> <li>45% of month elapsed</li> <li>Forecast: On track</li> </ul> </li> </ol> <p><strong>Total tiles:</strong> 5</p> <p><strong>Time to understand status:</strong> 10 seconds</p> <h2> Dashboard Refresh Strategy </h2> <h3> Real-Time Data (1-minute refresh) </h3> <ul> <li>Critical alerts</li> <li>Service health</li> <li>High CPU/memory</li> </ul> <h3> Near Real-Time (5-minute refresh) </h3> <ul> <li>Failed deployments</li> <li>Error logs</li> <li>Network issues</li> </ul> <h3> Hourly Refresh </h3> <ul> <li>Budget status</li> <li>Backup failures</li> <li>Compliance alerts</li> </ul> <h2> Common Mistakes </h2> <h3> ❌ Mistake #1: Too Many Tiles </h3> <p><strong>Problem:</strong> 47 tiles, can't see critical issues</p> <p><strong>Fix:</strong> Maximum 10 tiles, prioritize by urgency</p> <h3> ❌ Mistake #2: Showing "Green" </h3> <p><strong>Problem:</strong> "99% of services healthy" takes space</p> <p><strong>Fix:</strong> Only show failures. Empty dashboard = everything's fine.</p> <h3> ❌ Mistake #3: No Business Context </h3> <p><strong>Problem:</strong> "VM-SQL-12 is down" (which app is that?)</p> <p><strong>Fix:</strong> Map VMs to apps in dashboard query</p> <h3> ❌ Mistake #4: Metrics Without Baselines </h3> <p><strong>Problem:</strong> "CPU is 45%" (is that normal?)</p> <p><strong>Fix:</strong> Show current vs 7-day average</p> <h2> The "Empty Dashboard Is Good" Philosophy </h2> <p><strong>Traditional thinking:</strong> Dashboard must always show data</p> <p><strong>Better thinking:</strong> Dashboard shows PROBLEMS</p> <p><strong>Result:</strong></p> <ul> <li>Dashboard empty most of the time</li> <li>When something appears, it's urgent</li> <li>NOC knows exactly what to fix</li> </ul> <h2> Multi-Team Dashboard Strategy </h2> <p><strong>Don't:</strong> One dashboard for everyone</p> <p><strong>Do:</strong> Separate dashboards per team:</p> <h3> NOC Dashboard </h3> <ul> <li>Incidents requiring immediate action</li> <li>5 tiles, 10-second understanding</li> </ul> <h3> FinOps Dashboard </h3> <ul> <li>Cost trends</li> <li>Budget tracking</li> <li>Reservation coverage</li> </ul> <h3> Security Dashboard </h3> <ul> <li>Security alerts</li> <li>Compliance violations</li> <li>Vulnerability scans</li> </ul> <h3> Capacity Dashboard </h3> <ul> <li>Resource utilization</li> <li>Growth trends</li> <li>Forecast capacity needs</li> </ul> <h2> Full Dashboard Templates </h2> <p>Complete KQL queries, Azure Monitor Workbook templates, and multi-team dashboard architecture:</p> <p>👉 <a href="https://azure-noob.com/blog/azure-dashboards-cloud-noc/" rel="noopener noreferrer">Azure NOC Dashboard Complete Guide</a></p> <p><strong>Building dashboards for NOC teams?</strong> Show problems, not status. Empty dashboard = everything's working. That's success.</p> azure monitoring dashboards operations David Fri, 12 Dec 2025 18:49:56 +0000 https://forem.com/azurenoob/azure-tag-governance-reality-why-247-variations-of-environment-collapse-your-cost-reports-3408 https://forem.com/azurenoob/azure-tag-governance-reality-why-247-variations-of-environment-collapse-your-cost-reports-3408 <h2> The Tag Governance Problem </h2> <p><strong>Policy:</strong> "All resources must have Environment tag"</p> <p><strong>Reality:</strong> Teams create resources with:</p> <ul> <li><code>Environment: Production</code></li> <li><code>Env: Prod</code></li> <li><code>environment: production</code></li> <li> <code>Enviroment: Production</code> (typo)</li> <li><code>Environment: PRODUCTION</code></li> <li><code>Env: P</code></li> </ul> <p><strong>Result:</strong> Cost reports show 247 variations. Finance can't group costs.</p> <h2> Real Example: Our Tag Chaos </h2> <p><strong>Query all "Environment" tags:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | extend envTag = tostring(tags.Environment) | summarize count() by envTag | order by count_ desc </code></pre> </div> <p><strong>Results:</strong></p> <ul> <li> <code>Production</code> - 847 resources</li> <li> <code>Prod</code> - 312 resources</li> <li> <code>PRODUCTION</code> - 156 resources</li> <li> <code>production</code> - 89 resources</li> <li> <code>P</code> - 67 resources</li> <li> <code>PRD</code> - 43 resources</li> <li>241 more variations...</li> </ul> <p><strong>Total:</strong> 247 unique values for "Production" alone</p> <h2> Why Tag Governance Fails </h2> <h3> Problem #1: Azure Policy Doesn't Validate Values </h3> <p><strong>Policy:</strong> "Require Environment tag"</p> <p><strong>What it checks:</strong> Tag key exists</p> <p><strong>What it doesn't check:</strong></p> <ul> <li>Value is valid</li> <li>Capitalization is consistent</li> <li>Spelling is correct</li> </ul> <p><strong>Result:</strong> Tag exists but value is garbage</p> <h3> Problem #2: Teams Work Around Policies </h3> <p><strong>Policy:</strong> "Environment tag required"</p> <p><strong>Team:</strong> Creates resource with <code>Environment: "TODO"</code> to pass policy</p> <p><strong>Later:</strong> Never fixes it</p> <h3> Problem #3: No Enforcement at Portal </h3> <p>Portal lets you:</p> <ul> <li>Free-type tag values</li> <li>Ignore suggested values</li> <li>Create typos</li> <li>Use any capitalization</li> </ul> <h3> Problem #4: Terraform/ARM Templates Don't Help </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">tags</span> <span class="err">=</span> <span class="p">{</span> <span class="nx">Environment</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">environment</span> <span class="c1"># What's in the variable?</span> <span class="p">}</span> </code></pre> </div> <p>If variable contains "prod" or "PROD" or "Production", all valid Terraform. All wrong for governance.</p> <h2> The Cost Impact </h2> <p><strong>Finance request:</strong> "Show me Production costs vs Non-Production"</p> <p><strong>Without governance:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | extend env = tostring(tags.Environment) | where env in ("Production", "Prod", "PRODUCTION", "production", "PRD", "prd", "P", "p", "Prod1", "Production1"...) </code></pre> </div> <p><strong>Missing costs:</strong></p> <ul> <li>43 resources tagged <code>PRD</code> instead of <code>Production</code> </li> <li>$12,000/month unaccounted for in reports</li> </ul> <h2> Tag Governance That Actually Works </h2> <h3> Step 1: Define Standard Values </h3> <p><strong>Environment tag allowed values:</strong></p> <ul> <li> <code>Production</code> (only this, exactly)</li> <li><code>Staging</code></li> <li><code>Development</code></li> <li><code>Sandbox</code></li> </ul> <p><strong>That's it.</strong> No abbreviations. No variations. No typos.</p> <h3> Step 2: Azure Policy with Value Enforcement </h3> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"mode"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Indexed"</span><span class="p">,</span><span class="w"> </span><span class="nl">"policyRule"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"if"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"anyOf"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tags['Environment']"</span><span class="p">,</span><span class="w"> </span><span class="nl">"exists"</span><span class="p">:</span><span class="w"> </span><span class="s2">"false"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"field"</span><span class="p">:</span><span class="w"> </span><span class="s2">"tags['Environment']"</span><span class="p">,</span><span class="w"> </span><span class="nl">"notIn"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"Production"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Staging"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Development"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Sandbox"</span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"then"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"deny"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Result:</strong> Invalid values blocked at creation</p> <h3> Step 3: Fix Existing Resources </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// Find resources with non-standard values Resources | extend env = tostring(tags.Environment) | where env !in ("Production", "Staging", "Development", "Sandbox") | project name, resourceGroup, currentValue = env | extend suggestedValue = case( env in~ ("Prod", "PRD", "P", "PRODUCTION", "production"), "Production", env in~ ("Stage", "STG", "S", "STAGING"), "Staging", env in~ ("Dev", "D", "DEVELOPMENT", "development"), "Development", "Sandbox" ) </code></pre> </div> <p><strong>Remediation script:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="c"># Get resources with wrong tags</span><span class="w"> </span><span class="nv">$resources</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Get-AzResource</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Where-Object</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="bp">$_</span><span class="o">.</span><span class="nf">Tags</span><span class="o">.</span><span class="nf">Environment</span><span class="w"> </span><span class="nt">-notin</span><span class="w"> </span><span class="p">@(</span><span class="s2">"Production"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Staging"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Development"</span><span class="p">,</span><span class="w"> </span><span class="s2">"Sandbox"</span><span class="p">)</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="c"># Fix them</span><span class="w"> </span><span class="kr">foreach</span><span class="w"> </span><span class="p">(</span><span class="nv">$resource</span><span class="w"> </span><span class="kr">in</span><span class="w"> </span><span class="nv">$resources</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nv">$currentValue</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$resource</span><span class="o">.</span><span class="nf">Tags</span><span class="o">.</span><span class="nf">Environment</span><span class="w"> </span><span class="c"># Map to standard value</span><span class="w"> </span><span class="nv">$newValue</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="kr">switch</span><span class="w"> </span><span class="nt">-Regex</span><span class="w"> </span><span class="p">(</span><span class="nv">$currentValue</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s2">"^[Pp](rod|RD)?$"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s2">"Production"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="s2">"^[Ss](tage|taging|TG)?$"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s2">"Staging"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="s2">"^[Dd](ev|EV)?$"</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s2">"Development"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="n">default</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="s2">"Sandbox"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="c"># Update tag</span><span class="w"> </span><span class="nv">$resource</span><span class="o">.</span><span class="nf">Tags</span><span class="o">.</span><span class="nf">Environment</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="nv">$newValue</span><span class="w"> </span><span class="n">Set-AzResource</span><span class="w"> </span><span class="nt">-ResourceId</span><span class="w"> </span><span class="nv">$resource</span><span class="o">.</span><span class="nf">ResourceId</span><span class="w"> </span><span class="nt">-Tag</span><span class="w"> </span><span class="nv">$resource</span><span class="o">.</span><span class="nf">Tags</span><span class="w"> </span><span class="nt">-Force</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Step 4: Terraform Value Validation </h3> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">variable</span> <span class="s2">"environment"</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"Environment name"</span> <span class="nx">validation</span> <span class="p">{</span> <span class="nx">condition</span> <span class="p">=</span> <span class="nx">contains</span><span class="p">([</span> <span class="s2">"Production"</span><span class="p">,</span> <span class="s2">"Staging"</span><span class="p">,</span> <span class="s2">"Development"</span><span class="p">,</span> <span class="s2">"Sandbox"</span> <span class="p">],</span> <span class="nx">var</span><span class="p">.</span><span class="nx">environment</span><span class="p">)</span> <span class="nx">error_message</span> <span class="p">=</span> <span class="s2">"Environment must be exactly: Production, Staging, Development, or Sandbox"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> The Tag Taxonomy That Works </h2> <p><strong>Required tags for ALL resources:</strong></p> <ul> <li> <code>Environment</code> - Production | Staging | Development | Sandbox</li> <li> <code>CostCenter</code> - 4-digit code from finance</li> <li> <code>Owner</code> - Email address</li> <li> <code>Application</code> - App name from CMDB</li> </ul> <p><strong>Optional tags:</strong></p> <ul> <li> <code>Project</code> - Project code</li> <li> <code>Backup</code> - Daily | Weekly | None</li> <li> <code>Compliance</code> - PCI | HIPAA | SOX | None</li> </ul> <p><strong>Key principle:</strong> Every tag has DEFINED allowed values. No free text except Owner email.</p> <h2> Enforcement Timeline </h2> <h3> Week 1: Policy Deployment </h3> <ul> <li>Deploy deny policies for new resources</li> <li>Existing resources not affected</li> </ul> <h3> Week 2-4: Remediation </h3> <ul> <li>Run KQL queries to find non-compliant resources</li> <li>Bulk fix with PowerShell scripts</li> <li>Team meetings to explain standards</li> </ul> <h3> Week 5: Full Enforcement </h3> <ul> <li>All resources compliant</li> <li>Deny policies block non-standard values</li> <li>Cost reports finally accurate</li> </ul> <h2> Real Results </h2> <p><strong>Before:</strong></p> <ul> <li>247 Environment tag variations</li> <li>Cost reports required 2 hours of Excel cleanup</li> <li>Finance didn't trust Azure cost data</li> </ul> <p><strong>After:</strong></p> <ul> <li>4 Environment tag values (only valid ones)</li> <li>Cost reports accurate in 30 seconds</li> <li>Finance trusts data, uses it for budgeting</li> </ul> <h2> Common Mistakes </h2> <h3> ❌ Mistake #1: Too Many Tags </h3> <p><strong>Bad:</strong> Require 15 tags on every resource</p> <p><strong>Result:</strong> Teams copy-paste garbage to pass policy</p> <p><strong>Good:</strong> 4 required tags that matter</p> <h3> ❌ Mistake #2: Free-Text Values </h3> <p><strong>Bad:</strong> Allow any value for "Owner" tag</p> <p><strong>Result:</strong> "John", "john.doe", "<a href="mailto:j.doe@company.com">j.doe@company.com</a>", "IT Team"</p> <p><strong>Good:</strong> Validate email format with policy</p> <h3> ❌ Mistake #3: No Remediation Plan </h3> <p><strong>Bad:</strong> Deploy deny policy, existing resources broken</p> <p><strong>Result:</strong> Production deploys fail, emergency policy exemptions</p> <p><strong>Good:</strong> Fix existing resources BEFORE enforce mode</p> <h2> Full Governance Framework </h2> <p>Complete tag taxonomy, Azure Policy templates, remediation scripts, and enforcement timeline:</p> <p>👉 <a href="https://azure-noob.com/blog/tag-governance-247-variations/" rel="noopener noreferrer">Azure Tag Governance Complete Guide</a></p> <p><strong>Implementing tag governance?</strong> Define allowed values, enforce with policy, remediate existing resources, then enable deny mode. In that order.</p> azure governance finops tagging David Fri, 12 Dec 2025 18:47:28 +0000 https://forem.com/azurenoob/50-windows-commands-every-azure-vm-admin-needs-powershell-active-directory-29a1 https://forem.com/azurenoob/50-windows-commands-every-azure-vm-admin-needs-powershell-active-directory-29a1 <h2> Why This List Exists </h2> <p>Azure Portal is great until:</p> <ul> <li>RDP is slow</li> <li>You need to fix networking</li> <li>Active Directory breaks</li> <li>You're troubleshooting 50 VMs</li> </ul> <p>Then you need actual Windows commands.</p> <h2> Network Troubleshooting </h2> <h3> Check IP Configuration </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-NetIPAddress</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Format-Table</span><span class="w"> </span><span class="nx">InterfaceAlias</span><span class="p">,</span><span class="w"> </span><span class="nx">IPAddress</span><span class="p">,</span><span class="w"> </span><span class="nx">PrefixLength</span><span class="w"> </span></code></pre> </div> <h3> Test DNS Resolution </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Resolve-DnsName</span><span class="w"> </span><span class="nx">azure-noob.com</span><span class="w"> </span><span class="nt">-Server</span><span class="w"> </span><span class="nx">8.8.8.8</span><span class="w"> </span></code></pre> </div> <h3> Trace Route to Endpoint </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>tracert 10.0.1.4 </code></pre> </div> <h3> Check Open Ports </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Test-NetConnection</span><span class="w"> </span><span class="nt">-ComputerName</span><span class="w"> </span><span class="nx">10.0.1.4</span><span class="w"> </span><span class="nt">-Port</span><span class="w"> </span><span class="nx">443</span><span class="w"> </span></code></pre> </div> <h3> Show Routing Table </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>route print </code></pre> </div> <h3> Flush DNS Cache </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ipconfig /flushdns </code></pre> </div> <h3> Show Active Connections </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>netstat -ano | findstr ESTABLISHED </code></pre> </div> <h2> Active Directory Commands </h2> <h3> Join Domain </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Add-Computer</span><span class="w"> </span><span class="nt">-DomainName</span><span class="w"> </span><span class="nx">contoso.com</span><span class="w"> </span><span class="nt">-Credential</span><span class="w"> </span><span class="p">(</span><span class="n">Get-Credential</span><span class="p">)</span><span class="w"> </span><span class="nt">-Restart</span><span class="w"> </span></code></pre> </div> <h3> Verify Domain Join </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>nltest /dsgetdc:contoso.com </code></pre> </div> <h3> Check AD Replication </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>repadmin /replsummary </code></pre> </div> <h3> Find Domain Controllers </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-ADDomainController</span><span class="w"> </span><span class="nt">-Filter</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Select</span><span class="w"> </span><span class="nx">Name</span><span class="p">,</span><span class="w"> </span><span class="nx">IPv4Address</span><span class="w"> </span></code></pre> </div> <h3> Reset Computer Account </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Reset-ComputerMachinePassword</span><span class="w"> </span><span class="nt">-Server</span><span class="w"> </span><span class="nx">DC01</span><span class="w"> </span><span class="nt">-Credential</span><span class="w"> </span><span class="p">(</span><span class="n">Get-Credential</span><span class="p">)</span><span class="w"> </span></code></pre> </div> <h3> Test Domain Trust </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>nltest /sc_query:contoso.com </code></pre> </div> <h2> Disk Management </h2> <h3> List All Disks </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-Disk</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Format-Table</span><span class="w"> </span><span class="nx">Number</span><span class="p">,</span><span class="w"> </span><span class="nx">FriendlyName</span><span class="p">,</span><span class="w"> </span><span class="nx">Size</span><span class="p">,</span><span class="w"> </span><span class="nx">PartitionStyle</span><span class="w"> </span></code></pre> </div> <h3> Initialize New Disk </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Initialize-Disk</span><span class="w"> </span><span class="nt">-Number</span><span class="w"> </span><span class="nx">2</span><span class="w"> </span><span class="nt">-PartitionStyle</span><span class="w"> </span><span class="nx">GPT</span><span class="w"> </span></code></pre> </div> <h3> Create New Partition </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">New-Partition</span><span class="w"> </span><span class="nt">-DiskNumber</span><span class="w"> </span><span class="nx">2</span><span class="w"> </span><span class="nt">-UseMaximumSize</span><span class="w"> </span><span class="nt">-DriveLetter</span><span class="w"> </span><span class="nx">F</span><span class="w"> </span><span class="n">Format-Volume</span><span class="w"> </span><span class="nt">-DriveLetter</span><span class="w"> </span><span class="nx">F</span><span class="w"> </span><span class="nt">-FileSystem</span><span class="w"> </span><span class="nx">NTFS</span><span class="w"> </span><span class="nt">-NewFileSystemLabel</span><span class="w"> </span><span class="s2">"Data"</span><span class="w"> </span></code></pre> </div> <h3> Extend Volume </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Resize-Partition</span><span class="w"> </span><span class="nt">-DriveLetter</span><span class="w"> </span><span class="nx">C</span><span class="w"> </span><span class="nt">-Size</span><span class="w"> </span><span class="p">(</span><span class="n">Get-PartitionSupportedSize</span><span class="w"> </span><span class="nt">-DriveLetter</span><span class="w"> </span><span class="nx">C</span><span class="p">)</span><span class="o">.</span><span class="nf">SizeMax</span><span class="w"> </span></code></pre> </div> <h3> Check Disk Health </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-PhysicalDisk</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Select</span><span class="w"> </span><span class="nx">FriendlyName</span><span class="p">,</span><span class="w"> </span><span class="nx">HealthStatus</span><span class="p">,</span><span class="w"> </span><span class="nx">OperationalStatus</span><span class="w"> </span></code></pre> </div> <h2> Service Management </h2> <h3> List All Services </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-Service</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Where-Object</span><span class="w"> </span><span class="p">{</span><span class="bp">$_</span><span class="o">.</span><span class="nf">Status</span><span class="w"> </span><span class="o">-eq</span><span class="w"> </span><span class="s2">"Running"</span><span class="p">}</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Format-Table</span><span class="w"> </span><span class="nx">Name</span><span class="p">,</span><span class="w"> </span><span class="nx">DisplayName</span><span class="w"> </span></code></pre> </div> <h3> Start/Stop Service </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Start-Service</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="s2">"W32Time"</span><span class="w"> </span><span class="n">Stop-Service</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="s2">"Spooler"</span><span class="w"> </span></code></pre> </div> <h3> Set Service Startup Type </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Set-Service</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="s2">"wuauserv"</span><span class="w"> </span><span class="nt">-StartupType</span><span class="w"> </span><span class="nx">Manual</span><span class="w"> </span></code></pre> </div> <h3> Check Service Dependencies </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-Service</span><span class="w"> </span><span class="nt">-Name</span><span class="w"> </span><span class="s2">"W32Time"</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Select</span><span class="w"> </span><span class="nt">-ExpandProperty</span><span class="w"> </span><span class="nx">DependentServices</span><span class="w"> </span></code></pre> </div> <h2> Performance &amp; Monitoring </h2> <h3> Check CPU Usage </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-Counter</span><span class="w"> </span><span class="s1">'\Processor(_Total)\% Processor Time'</span><span class="w"> </span><span class="nt">-SampleInterval</span><span class="w"> </span><span class="nx">1</span><span class="w"> </span><span class="nt">-MaxSamples</span><span class="w"> </span><span class="nx">5</span><span class="w"> </span></code></pre> </div> <h3> Check Memory Usage </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-WmiObject</span><span class="w"> </span><span class="nx">Win32_OperatingSystem</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Select</span><span class="w"> </span><span class="p">@{</span><span class="nx">N</span><span class="o">=</span><span class="s2">"FreeGB"</span><span class="p">;</span><span class="nx">E</span><span class="o">=</span><span class="p">{[</span><span class="n">math</span><span class="p">]::</span><span class="n">Round</span><span class="p">(</span><span class="bp">$_</span><span class="o">.</span><span class="nf">FreePhysicalMemory</span><span class="n">/1MB</span><span class="p">,</span><span class="nx">2</span><span class="p">)}}</span><span class="w"> </span></code></pre> </div> <h3> Show Top CPU Processes </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-Process</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Sort-Object</span><span class="w"> </span><span class="nx">CPU</span><span class="w"> </span><span class="nt">-Descending</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Select</span><span class="w"> </span><span class="nt">-First</span><span class="w"> </span><span class="nx">10</span><span class="w"> </span><span class="nx">Name</span><span class="p">,</span><span class="w"> </span><span class="nx">CPU</span><span class="p">,</span><span class="w"> </span><span class="nx">PM</span><span class="w"> </span></code></pre> </div> <h3> Check Disk I/O </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-Counter</span><span class="w"> </span><span class="s1">'\PhysicalDisk(_Total)\Disk Reads/sec'</span><span class="p">,</span><span class="s1">'\PhysicalDisk(_Total)\Disk Writes/sec'</span><span class="w"> </span></code></pre> </div> <h3> Show Uptime </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="p">(</span><span class="n">Get-Date</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="p">(</span><span class="n">gcim</span><span class="w"> </span><span class="nx">Win32_OperatingSystem</span><span class="p">)</span><span class="o">.</span><span class="nf">LastBootUpTime</span><span class="w"> </span></code></pre> </div> <h2> Windows Updates </h2> <h3> Check for Updates </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-WindowsUpdate</span><span class="w"> </span></code></pre> </div> <h3> Install Updates </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Install-WindowsUpdate</span><span class="w"> </span><span class="nt">-AcceptAll</span><span class="w"> </span><span class="nt">-AutoReboot</span><span class="w"> </span></code></pre> </div> <h3> Show Update History </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-WmiObject</span><span class="w"> </span><span class="nt">-Class</span><span class="w"> </span><span class="nx">Win32_QuickFixEngineering</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Select</span><span class="w"> </span><span class="nx">HotFixID</span><span class="p">,</span><span class="w"> </span><span class="nx">InstalledOn</span><span class="w"> </span></code></pre> </div> <h2> User &amp; Permission Management </h2> <h3> List Local Admins </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-LocalGroupMember</span><span class="w"> </span><span class="nt">-Group</span><span class="w"> </span><span class="s2">"Administrators"</span><span class="w"> </span></code></pre> </div> <h3> Add User to Local Admin </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Add-LocalGroupMember</span><span class="w"> </span><span class="nt">-Group</span><span class="w"> </span><span class="s2">"Administrators"</span><span class="w"> </span><span class="nt">-Member</span><span class="w"> </span><span class="s2">"CONTOSO\john.doe"</span><span class="w"> </span></code></pre> </div> <h3> Show Logged-in Users </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>query user </code></pre> </div> <h3> Force Logoff User </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>logoff 2 /server:localhost </code></pre> </div> <h3> Check File Permissions </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-Acl</span><span class="w"> </span><span class="nx">C:\Important\File.txt</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Format-List</span><span class="w"> </span></code></pre> </div> <h2> Firewall Management </h2> <h3> Show Firewall Rules </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-NetFirewallRule</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Where</span><span class="w"> </span><span class="nx">Enabled</span><span class="w"> </span><span class="o">-eq</span><span class="w"> </span><span class="nx">True</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Select</span><span class="w"> </span><span class="nx">Name</span><span class="p">,</span><span class="w"> </span><span class="nx">DisplayName</span><span class="w"> </span></code></pre> </div> <h3> Create Firewall Rule </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">New-NetFirewallRule</span><span class="w"> </span><span class="nt">-DisplayName</span><span class="w"> </span><span class="s2">"Allow SQL"</span><span class="w"> </span><span class="nt">-Direction</span><span class="w"> </span><span class="nx">Inbound</span><span class="w"> </span><span class="nt">-Protocol</span><span class="w"> </span><span class="nx">TCP</span><span class="w"> </span><span class="nt">-LocalPort</span><span class="w"> </span><span class="nx">1433</span><span class="w"> </span><span class="nt">-Action</span><span class="w"> </span><span class="nx">Allow</span><span class="w"> </span></code></pre> </div> <h3> Disable Firewall (Testing Only!) </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Set-NetFirewallProfile</span><span class="w"> </span><span class="nt">-Profile</span><span class="w"> </span><span class="nx">Domain</span><span class="p">,</span><span class="nx">Public</span><span class="p">,</span><span class="nx">Private</span><span class="w"> </span><span class="nt">-Enabled</span><span class="w"> </span><span class="nx">False</span><span class="w"> </span></code></pre> </div> <h2> Event Log Analysis </h2> <h3> Show Recent Errors </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-EventLog</span><span class="w"> </span><span class="nt">-LogName</span><span class="w"> </span><span class="nx">System</span><span class="w"> </span><span class="nt">-EntryType</span><span class="w"> </span><span class="nx">Error</span><span class="w"> </span><span class="nt">-Newest</span><span class="w"> </span><span class="nx">20</span><span class="w"> </span></code></pre> </div> <h3> Search Event Logs </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-EventLog</span><span class="w"> </span><span class="nt">-LogName</span><span class="w"> </span><span class="nx">Application</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Where-Object</span><span class="w"> </span><span class="p">{</span><span class="bp">$_</span><span class="o">.</span><span class="nf">Message</span><span class="w"> </span><span class="o">-like</span><span class="w"> </span><span class="s2">"*SQL*"</span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> Show Security Events </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-EventLog</span><span class="w"> </span><span class="nt">-LogName</span><span class="w"> </span><span class="nx">Security</span><span class="w"> </span><span class="nt">-InstanceId</span><span class="w"> </span><span class="nx">4624</span><span class="w"> </span><span class="nt">-Newest</span><span class="w"> </span><span class="nx">10</span><span class="w"> </span></code></pre> </div> <h2> Azure-Specific Commands </h2> <h3> Check Azure VM Agent </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-Service</span><span class="w"> </span><span class="nx">WindowsAzureGuestAgent</span><span class="w"> </span></code></pre> </div> <h3> Test Azure Metadata Service </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Invoke-RestMethod</span><span class="w"> </span><span class="nt">-Headers</span><span class="w"> </span><span class="p">@{</span><span class="s2">"Metadata"</span><span class="o">=</span><span class="s2">"true"</span><span class="p">}</span><span class="w"> </span><span class="nt">-Method</span><span class="w"> </span><span class="nx">GET</span><span class="w"> </span><span class="nt">-Uri</span><span class="w"> </span><span class="s2">"http://169.254.169.254/metadata/instance?api-version=2021-02-01"</span><span class="w"> </span></code></pre> </div> <h3> Show Azure VM Extensions </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-AzVMExtension</span><span class="w"> </span><span class="nt">-ResourceGroupName</span><span class="w"> </span><span class="s2">"RG-Prod"</span><span class="w"> </span><span class="nt">-VMName</span><span class="w"> </span><span class="s2">"VM-SQL-01"</span><span class="w"> </span></code></pre> </div> <h2> System Information </h2> <h3> Show OS Version </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-ComputerInfo</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Select</span><span class="w"> </span><span class="nx">WindowsProductName</span><span class="p">,</span><span class="w"> </span><span class="nx">WindowsVersion</span><span class="p">,</span><span class="w"> </span><span class="nx">OsBuildNumber</span><span class="w"> </span></code></pre> </div> <h3> Show Installed Programs </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-WmiObject</span><span class="w"> </span><span class="nt">-Class</span><span class="w"> </span><span class="nx">Win32_Product</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Select</span><span class="w"> </span><span class="nx">Name</span><span class="p">,</span><span class="w"> </span><span class="nx">Version</span><span class="w"> </span></code></pre> </div> <h3> Check System Drivers </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-WindowsDriver</span><span class="w"> </span><span class="nt">-Online</span><span class="w"> </span></code></pre> </div> <h3> Show Environment Variables </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>set </code></pre> </div> <h2> Quick Fixes </h2> <h3> Reset Windows Update </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>net stop wuauserv del C:\Windows\SoftwareDistribution\*.* /s /q net start wuauserv </code></pre> </div> <h3> Clear Temp Files </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Remove-Item</span><span class="w"> </span><span class="nt">-Path</span><span class="w"> </span><span class="s2">"</span><span class="nv">$</span><span class="nn">env</span><span class="p">:</span><span class="nv">TEMP</span><span class="s2">\*"</span><span class="w"> </span><span class="nt">-Recurse</span><span class="w"> </span><span class="nt">-Force</span><span class="w"> </span><span class="nt">-ErrorAction</span><span class="w"> </span><span class="nx">SilentlyContinue</span><span class="w"> </span></code></pre> </div> <h3> Rebuild Windows Search Index </h3> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">Get-Service</span><span class="w"> </span><span class="nx">WSearch</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">Restart-Service</span><span class="w"> </span></code></pre> </div> <h2> Full Command Reference </h2> <p>Complete command library with parameters, examples, and troubleshooting guides:</p> <p>👉 <a href="https://azure-noob.com/blog/50-windows-commands-azure/" rel="noopener noreferrer">50 Windows Commands Complete Guide</a></p> <p><strong>Managing Azure VMs?</strong> Bookmark this. The Azure Portal can't do everything—sometimes you need actual Windows commands.</p> azure windows powershell sysadmin David Fri, 12 Dec 2025 15:32:44 +0000 https://forem.com/azurenoob/azure-arc-ghost-registrations-64-of-our-arc-servers-dont-exist-3beh https://forem.com/azurenoob/azure-arc-ghost-registrations-64-of-our-arc-servers-dont-exist-3beh <h2> The Compliance Report Problem </h2> <p><strong>Azure Policy dashboard:</strong> "850 Arc-enabled servers, 72% compliant"</p> <p><strong>VMware vCenter:</strong> "547 VMs total"</p> <p><strong>Math:</strong> 850 - 547 = <strong>303 ghost registrations</strong></p> <p>Our compliance data was fiction.</p> <h2> What Are Ghost Registrations? </h2> <p><strong>Problem:</strong> When you delete a VM, Azure Arc registration persists.</p> <p><strong>Result:</strong></p> <ul> <li>Compliance reports include servers that don't exist</li> <li>Cost tracking is wrong</li> <li>Security dashboards show phantom vulnerabilities</li> <li>Nobody knows which servers are real</li> </ul> <h2> How It Happens </h2> <h3> Scenario 1: Delete VM Without Removing Arc Agent </h3> <p><strong>Most common</strong></p> <ol> <li>VMware admin deletes VM</li> <li>Arc agent never uninstalls (VM gone)</li> <li>Arc registration stays in Azure</li> <li>Shows as "offline" forever</li> </ol> <h3> Scenario 2: VM Name Reuse </h3> <ol> <li>Delete VM named "SQL-PROD-01"</li> <li>Create new VM with same name</li> <li>Now TWO Arc registrations for "SQL-PROD-01"</li> <li>Which one is real? Nobody knows.</li> </ol> <h3> Scenario 3: Failed Deletions </h3> <ol> <li>Try to delete Arc registration</li> <li>API times out</li> <li>Azure portal shows "deleted"</li> <li>Resource Graph still shows it</li> </ol> <h2> The Impact </h2> <h3> Compliance Reports Are Fiction </h3> <p><strong>Azure Policy:</strong> "347 servers need patches"</p> <p><strong>Reality:</strong> 64% of those are ghosts</p> <p><strong>Finance:</strong> "Why are we patching 347 servers when we only have 220?"</p> <h3> Cost Tracking Is Wrong </h3> <p>Arc costs $5/server/month if you exceed free tier.</p> <p><strong>Bill:</strong> $4,250/month (850 servers)</p> <p><strong>Reality:</strong> $2,735/month (547 servers)</p> <p><strong>Overpayment:</strong> $1,515/month = $18K/year</p> <h3> Security False Positives </h3> <p><strong>Microsoft Defender:</strong> "Critical vulnerabilities on 150 servers"</p> <p><strong>SOC team:</strong> Spends 40 hours investigating</p> <p><strong>Reality:</strong> 96 of those servers don't exist</p> <h2> How to Detect Ghosts </h2> <h3> Method 1: Resource Graph Query </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> kql </code></pre> </div> azure arc hybrid infrastructure David Fri, 12 Dec 2025 15:19:36 +0000 https://forem.com/azurenoob/azure-openai-pricing-reality-2-demo-becomes-4000month-in-production-1577 https://forem.com/azurenoob/azure-openai-pricing-reality-2-demo-becomes-4000month-in-production-1577 <h2> The Demo vs Production Gap </h2> <p><strong>Demo:</strong> "We'll use GPT-4 for customer support. Costs $2/day in testing!"</p> <p><strong>Month 1 production:</strong> $4,200 bill arrives.</p> <p><strong>Month 2:</strong> $6,800.</p> <p><strong>Finance:</strong> "What happened to $2/day?"</p> <h2> Why Microsoft's Calculator Is Wrong </h2> <p>Microsoft's Azure OpenAI pricing calculator shows token costs. It doesn't show:</p> <ol> <li> <strong>Hosting fees:</strong> $1,836/month minimum for fine-tuning</li> <li> <strong>PTU costs:</strong> $2,448/month minimum for dedicated capacity</li> <li> <strong>Embedding costs:</strong> Often more expensive than completions</li> <li> <strong>Token ratio reality:</strong> Output tokens cost 3x input tokens</li> </ol> <h2> Real Pricing (December 2025) </h2> <h3> GPT-4o (Newest, Cheapest GPT-4 Class) </h3> <ul> <li>Input: $0.005 per 1K tokens</li> <li>Output: $0.015 per 1K tokens</li> </ul> <h3> GPT-4 Turbo </h3> <ul> <li>Input: $0.01 per 1K tokens</li> <li>Output: $0.03 per 1K tokens</li> </ul> <h3> GPT-3.5 Turbo </h3> <ul> <li>Input: $0.0015 per 1K tokens</li> <li>Output: $0.002 per 1K tokens</li> </ul> <h3> Text Embedding (ada-002) </h3> <ul> <li>$0.0001 per 1K tokens</li> <li>(Sounds cheap until you embed millions of documents)</li> </ul> <h2> Token Math That Actually Matters </h2> <p><strong>1,000 tokens ≈ 750 words</strong></p> <p><strong>Typical customer support query:</strong></p> <ul> <li>User question: 50 tokens</li> <li>System prompt: 200 tokens</li> <li>Context from knowledge base: 1,000 tokens</li> <li>Response: 300 tokens</li> <li> <strong>Total:</strong> 1,550 tokens per interaction</li> </ul> <p><strong>Cost per interaction (GPT-4o):</strong></p> <ul> <li>Input: 1,250 tokens × $0.005 / 1,000 = $0.00625</li> <li>Output: 300 tokens × $0.015 / 1,000 = $0.0045</li> <li> <strong>Total:</strong> $0.01075 per interaction</li> </ul> <p><strong>At scale:</strong></p> <ul> <li>1,000 queries/day = $10.75/day = $323/month</li> <li>10,000 queries/day = $107/day = $3,225/month</li> </ul> <h2> The Hidden Costs </h2> <h3> Fine-Tuning Hosting Fee </h3> <p><strong>$1,836/month minimum</strong> just to host a fine-tuned model. Even if you use it zero times.</p> <p><strong>When worth it:</strong></p> <ul> <li>High-volume specialized use case (&gt;1M tokens/month)</li> <li>Accuracy improvement justifies $22K/year fixed cost</li> </ul> <p><strong>When not worth it:</strong></p> <ul> <li>"Let's fine-tune for better results" (try prompt engineering first)</li> <li>Low-volume use cases</li> </ul> azure ai openai finops David Fri, 12 Dec 2025 15:05:41 +0000 https://forem.com/azurenoob/sccm-vs-wsus-vs-azure-update-manager-vs-intune-which-one-do-i-actually-use-4m56 https://forem.com/azurenoob/sccm-vs-wsus-vs-azure-update-manager-vs-intune-which-one-do-i-actually-use-4m56 <h2> Three Different Microsoft Reps, Three Different Answers </h2> <p><strong>Configuration Manager rep:</strong> "Keep using SCCM for everything, including Azure."</p> <p><strong>Azure architect:</strong> "Use Azure Update Manager, it's cloud-native and free."</p> <p><strong>Modern Management rep:</strong> "Migrate to Intune. SCCM is legacy."</p> <h2> The Actual Answer </h2> <p><strong>You need all of them.</strong> Here's why.</p> <h2> What Each Tool Actually Does </h2> <h3> SCCM (Configuration Manager) </h3> <p><strong>Best for:</strong> On-prem servers, complex patch orchestration</p> <p><strong>Use when:</strong></p> <ul> <li>Managing 500+ on-prem Windows servers</li> <li>Need staged deployments with approval workflows</li> <li>Require detailed compliance reporting for audits</li> <li>Have existing SCCM infrastructure</li> </ul> <p><strong>Don't use for:</strong></p> <ul> <li>Cloud-only VMs (expensive licensing)</li> <li>Simple patch-and-reboot scenarios</li> <li>Mobile devices</li> </ul> <h3> WSUS </h3> <p><strong>Best for:</strong> Simple on-prem patching, tight budgets</p> <p><strong>Use when:</strong></p> <ul> <li>Small environment (&lt;100 servers)</li> <li>No budget for SCCM</li> <li>Just need "apply patches monthly"</li> <li>Windows updates only (no 3rd party apps)</li> </ul> <p><strong>Don't use for:</strong></p> <ul> <li>Anything requiring reporting</li> <li>Azure VMs (why manage another server?)</li> <li>macOS or Linux</li> </ul> <h3> Azure Update Manager </h3> <p><strong>Best for:</strong> Azure VMs, hybrid Windows + Linux</p> <p><strong>Use when:</strong></p> <ul> <li>Patching Azure VMs (Windows or Linux)</li> <li>Want cloud-native management</li> <li>Need automatic patching schedules</li> <li>No SCCM infrastructure in Azure</li> </ul> <p><strong>Don't use for:</strong></p> <ul> <li>On-prem servers (requires Arc)</li> <li>3rd party app updates</li> <li>Complex orchestration workflows</li> </ul> <h3> Intune </h3> <p><strong>Best for:</strong> Endpoints (laptops, tablets, phones)</p> <p><strong>Use when:</strong></p> <ul> <li>Managing user devices</li> <li>Remote/hybrid workforce</li> <li>Modern cloud-native management</li> <li>Windows 10/11 endpoints</li> </ul> <p><strong>Don't use for:</strong></p> <ul> <li>Servers</li> <li>Legacy Windows Server 2012/2016</li> <li>Complex patch orchestration</li> </ul> <h2> The Decision Matrix </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Workload Type</th> <th>Tool</th> <th>Why</th> </tr> </thead> <tbody> <tr> <td>On-prem servers</td> <td>SCCM or WSUS</td> <td>Network access, existing infra</td> </tr> <tr> <td>Azure Windows VMs</td> <td>Azure Update Manager</td> <td>Cloud-native, no agent install</td> </tr> <tr> <td>Azure Linux VMs</td> <td>Azure Update Manager</td> <td>Only option for Azure Linux</td> </tr> <tr> <td>Hybrid Arc servers</td> <td>Azure Update Manager + Arc</td> <td>Unified management</td> </tr> <tr> <td>User laptops/desktops</td> <td>Intune</td> <td>Modern management</td> </tr> <tr> <td>Legacy endpoints</td> <td>SCCM</td> <td>Still need complex deployments</td> </tr> </tbody> </table></div> <h2> Real-World Example: Our 850-VM Environment </h2> <p><strong>What we use:</strong></p> <h3> SCCM </h3> <ul> <li>300 on-prem Windows servers</li> <li>Why: Existing infrastructure, complex approval workflows for production</li> </ul> <h3> Azure Update Manager </h3> <ul> <li>400 Azure Windows VMs</li> <li>150 Azure Linux VMs</li> <li>Why: Cloud-native, no SCCM licensing cost in Azure</li> </ul> <h3> Intune </h3> <ul> <li>1,200 user endpoints</li> <li>Why: Modern management, remote workforce</li> </ul> <h3> WSUS </h3> <ul> <li>Nothing (deprecated for us)</li> <li>Why: SCCM replaced it years ago</li> </ul> <h2> Migration Timeline </h2> <p><strong>Don't migrate everything at once.</strong> Do it by workload:</p> <h3> Year 1 </h3> <ul> <li>Keep SCCM for on-prem servers</li> <li>Deploy Azure Update Manager for Azure VMs</li> <li>Pilot Intune for 10% of endpoints</li> </ul> <h3> Year 2 </h3> <ul> <li>Scale Intune to 100% of endpoints</li> <li>Migrate hybrid servers to Arc + Update Manager</li> <li>Keep SCCM for legacy servers only</li> </ul> <h3> Year 3 </h3> <ul> <li>Retire SCCM as on-prem servers migrate to Azure</li> <li>Full Azure Update Manager + Intune environment</li> </ul> <h2> The Cost Comparison </h2> <p><strong>SCCM:</strong></p> <ul> <li>$100-$200 per server/year (licensing)</li> <li>Plus: Infrastructure costs (servers, SQL, management)</li> </ul> <p><strong>WSUS:</strong></p> <ul> <li>Free (Windows Server license includes it)</li> <li>But: Manual effort, limited reporting</li> </ul> <p><strong>Azure Update Manager:</strong></p> <ul> <li>Free (included with Azure VMs)</li> <li>Pay for Arc agent if managing on-prem ($5/server/month)</li> </ul> <p><strong>Intune:</strong></p> <ul> <li>$6-$8 per user/month (part of M365 bundles)</li> <li>Cloud service, no infrastructure</li> </ul> <h2> Common Mistakes </h2> <h3> ❌ Mistake #1: "We'll use Intune for servers" </h3> <p><strong>No.</strong> Intune is for endpoints, not servers. Use Azure Update Manager.</p> <h3> ❌ Mistake #2: "We'll keep SCCM in Azure" </h3> <p><strong>Expensive.</strong> SCCM licensing in Azure costs more than the VMs themselves. Use Update Manager.</p> <h3> ❌ Mistake #3: "We'll migrate everything to Intune" </h3> <p><strong>Won't work.</strong> SCCM has orchestration capabilities Intune doesn't.</p> <h2> Full Guide </h2> <p>Complete decision matrix, migration timeline, and cost calculator:</p> <p>👉 <a href="https://azure-noob.com/blog/sccm-wsus-azure-update-manager-intune-confusion/" rel="noopener noreferrer">SCCM vs Update Manager Complete Guide</a></p> <p><strong>Patching Azure VMs?</strong> Azure Update Manager. <strong>Patching on-prem?</strong> SCCM or WSUS. <strong>Patching laptops?</strong> Intune. Use the right tool for each workload.</p> azure sccm patching devops David Fri, 12 Dec 2025 15:00:10 +0000 https://forem.com/azurenoob/the-azure-hybrid-benefit-mistake-that-cost-us-50k-41ga https://forem.com/azurenoob/the-azure-hybrid-benefit-mistake-that-cost-us-50k-41ga <h2> The Audit Email </h2> <p><strong>Subject:</strong> Azure Hybrid Benefit Compliance Review</p> <p><strong>Our reaction:</strong> "We're compliant. We have SA licenses."</p> <p><strong>Microsoft's finding:</strong> "Your documentation doesn't prove it."</p> <p><strong>The bill:</strong> $78,000 back-payment + penalties.</p> <h2> What Is Azure Hybrid Benefit? </h2> <p>Use existing Windows Server or SQL Server licenses in Azure. Saves 40-55% on VM costs.</p> <p><strong>The catch:</strong> Microsoft audits it. You must prove compliance.</p> <h2> What We Did Wrong </h2> <h3> Mistake #1: No License Inventory </h3> <p>We knew we had Software Assurance (SA). We didn't know:</p> <ul> <li>How many licenses</li> <li>Which SKUs</li> <li>When SA expires</li> <li>Which VMs were using them</li> </ul> <h3> Mistake #2: Assumed Core Mapping </h3> <p><strong>We thought:</strong> 1 license = 1 Azure VM</p> <p><strong>Reality:</strong> License cores must match Azure VM cores. A 16-core Azure VM needs 16 Windows Server core licenses.</p> <h3> Mistake #3: No Documentation </h3> <p>Applied AHB in portal. Didn't document:</p> <ul> <li>Which on-prem license covered which Azure VM</li> <li>SA renewal dates</li> <li>Core count calculations</li> </ul> <h2> The Audit Process </h2> <p><strong>Day 1:</strong> Microsoft requests license documentation</p> <p><strong>Day 3:</strong> We scramble to find Volume License agreements</p> <p><strong>Week 2:</strong> Discover 40% of AHB-enabled VMs lack proper coverage</p> <p><strong>Week 4:</strong> $78K bill arrives</p> <h2> How to Do It Right </h2> <h3> Step 1: License Inventory </h3> <p>Before enabling AHB:</p> <ol> <li>Count on-prem Windows Server licenses with active SA</li> <li>Verify SA expiration dates</li> <li>Calculate available Azure core count</li> </ol> <h3> Step 2: Core Math </h3> <p><strong>Formula:</strong> On-prem license cores ÷ 2 = Azure cores covered</p> <p><strong>Example:</strong></p> <ul> <li>100 Windows Server licenses (2-core each) = 200 cores</li> <li>200 ÷ 2 = 100 Azure cores covered</li> <li>Can apply AHB to VMs totaling 100 cores</li> </ul> <h3> Step 3: Documentation </h3> <p>Track in spreadsheet:</p> <ul> <li>Azure VM name</li> <li>VM core count</li> <li>On-prem license ID covering it</li> <li>SA expiration date</li> </ul> <h3> Step 4: Ongoing Monitoring </h3> <ul> <li>Monthly AHB usage report</li> <li>SA renewal tracking</li> <li>New VM AHB approval process</li> </ul> <h2> The 8-Question Checklist </h2> <p>Before enabling AHB on ANY VM:</p> <ol> <li>Do you have Windows Server or SQL Server licenses with active SA?</li> <li>Are those licenses assigned to on-prem servers?</li> <li>Can you shut down those on-prem servers? (Can't use same license twice)</li> <li>Do you have enough license cores for the Azure VM size?</li> <li>Is SA expiration &gt; 6 months away?</li> <li>Is this documented in your tracking spreadsheet?</li> <li>Who approved this AHB usage?</li> <li>Can you produce documentation for a Microsoft audit?</li> </ol> <p>If any answer is "no" or "I'm not sure" → <strong>Don't enable AHB</strong></p> <h2> When AHB Makes Sense </h2> <p>✅ <strong>Good use case:</strong></p> <ul> <li>Migrating 100 on-prem VMs to Azure</li> <li>Those VMs have SA licenses</li> <li>Shutting down on-prem datacenter</li> <li>Clear license mapping</li> </ul> <p>❌ <strong>Bad use case:</strong></p> <ul> <li>Dev/test VMs (use Dev/Test pricing instead)</li> <li>"We think we have SA somewhere"</li> <li>Can't find license documentation</li> <li>On-prem servers staying active</li> </ul> <h2> Full Guide </h2> <p>Complete AHB compliance checklist, core calculation templates, and documentation requirements:</p> <p>👉 <a href="https://azure-noob.com/blog/azure-hybrid-benefit-50k/" rel="noopener noreferrer">Azure Hybrid Benefit Complete Guide</a></p> azure licensing finops compliance David Fri, 12 Dec 2025 14:57:35 +0000 https://forem.com/azurenoob/the-55-question-assessment-that-prevents-azure-migration-failures-5198 https://forem.com/azurenoob/the-55-question-assessment-that-prevents-azure-migration-failures-5198 <h2> The Meeting That Should Scare You </h2> <p><strong>CIO:</strong> "We're migrating to Azure. How much will it cost?"</p> <p><strong>Consultant:</strong> "$800K, 18 months."</p> <p><strong>Reality:</strong> $2.3M, 28 months, half the apps still on-prem.</p> <h2> Why Migrations Fail </h2> <p>Not technical problems. <strong>Organizational problems:</strong></p> <ul> <li>Nobody knows what applications exist</li> <li>Teams can't find installation media</li> <li>License compliance is "figure it out later"</li> <li>Dependencies discovered in month 14</li> </ul> <h2> The 55 Questions </h2> <p>Before touching Azure Migrate, answer these for EVERY application:</p> <h3> Application Basics </h3> <ol> <li>What does this app do? (If nobody knows, retire it)</li> <li>Who owns it? (Name + phone number)</li> <li>Where's the installation media?</li> <li>What's the license model?</li> </ol> <h3> Dependencies </h3> <ol> <li>What databases does it connect to?</li> <li>What APIs does it call?</li> <li>What calls it?</li> <li>What shared services does it use?</li> </ol> <h3> Current State </h3> <ol> <li>How many VMs?</li> <li>What OS versions?</li> <li>What's the network topology?</li> <li>What's using public IPs?</li> </ol> <h3> Business Context </h3> <ol> <li>What's the business impact if it's down?</li> <li>When can we migrate it? (Maintenance windows)</li> <li>Who approves changes?</li> </ol> <h2> The Problem </h2> <p><strong>Teams skip this.</strong> They:</p> <ol> <li>Deploy Azure landing zones</li> <li>Start Azure Migrate</li> <li>Discover in month 6 nobody knows what they own</li> </ol> <p><strong>Then:</strong></p> <ul> <li>Budget doubles</li> <li>Timeline extends</li> <li>Political pressure builds</li> <li>Consultants suggest "hybrid strategy" (translation: we failed)</li> </ul> <h2> What Actually Works </h2> <h3> Phase 1: Discovery (Before Azure) </h3> <ul> <li>Application inventory</li> <li>Dependency mapping</li> <li>License audit</li> <li>Owner identification</li> </ul> <p><strong>Timeline:</strong> 2-3 months<br><br> <strong>Cost:</strong> $50K-$150K<br><br> <strong>Value:</strong> Prevents $2M+ overruns</p> <h3> Phase 2: Rationalization </h3> <ul> <li>Retire 20-30% of apps (nobody uses them)</li> <li>Rehost 40-50% (lift-and-shift)</li> <li>Refactor 20-30% (modernize)</li> <li>Retain 10% on-prem (compliance, cost)</li> </ul> <h3> Phase 3: Azure Deployment </h3> <p>Now you can actually use Azure Migrate successfully.</p> <h2> Download the Framework </h2> <p>Complete 55-question assessment with:</p> <ul> <li>Application questionnaire</li> <li>Dependency mapping template</li> <li>License compliance checklist</li> <li>Week-by-week migration timeline</li> </ul> <p>👉 [Download Migration Assessment Framewor</p> azure cloudmigration enterprise architecture David Fri, 12 Dec 2025 14:54:05 +0000 https://forem.com/azurenoob/kql-cheat-sheet-for-azure-resource-graph-4pmn https://forem.com/azurenoob/kql-cheat-sheet-for-azure-resource-graph-4pmn <h2> Why This Matters </h2> <p>No Azure cert teaches operational KQL. AZ-104 shows 2 sample queries. That's it.</p> <p>Here's what you actually need: queries for 31,000+ resource environments.</p> <h2> Essential Queries </h2> <h3> Complete VM Inventory </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | where type == "microsoft.compute/virtualmachines" | extend NetworkInterfaceId = tostring(properties.networkProfile.networkInterfaces[0].id) | join kind=leftouter ( Resources | where type == "microsoft.network/networkinterfaces" | project NetworkInterfaceId = id, PrivateIP = tostring(properties.ipConfigurations[0].properties.privateIPAddress) ) on NetworkInterfaceId | project VMName = name, PrivateIP, resourceGroup, location </code></pre> </div> <h3> Find Untagged Resources </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | where isnull(tags) or array_length(bag_keys(tags)) == 0 | project name, type, resourceGroup | order by type </code></pre> </div> <h3> Public IP Audit </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Resources | where type =~ 'microsoft.network/publicipaddresses' | extend ipAddress = properties.ipAddress, associatedResource = properties.ipConfiguration.id | project name, ipAddress, associatedResource, resourceGroup </code></pre> </div> <h2> Performance Tips </h2> <ol> <li> <strong>Filter early:</strong> <code>| where type == ...</code> before other operations</li> <li> <strong>Project only needed columns:</strong> Reduces memory usage</li> <li> <strong>Use <code>in</code> for multiple conditions:</strong> Faster than <code>or</code> </li> </ol> <h2> Full Guide </h2> <p>45+ queries with performance optimization, SQL translation, and advanced techniques:</p> <p>👉 <a href="https://azure-noob.com/blog/kql-cheat-sheet-complete/" rel="noopener noreferrer">Complete KQL Cheat Sheet</a></p> <p><strong>Questions?</strong> Drop them in comments. Managing Azure at scale? These queries save hours daily.</p> azure kql queries devops