🛡️ Azure Virtual Machine is idle🟢

• Contextual name: 🛡️ Virtual Machine is idle🟢
• ID: /ce/ca/azure/virtual-machine/virtual-machine-idle
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: COST, PERFORMANCE

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 Azure Virtual Machine
  • 🔌 Azure Virtual Machine - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

Identify Azure Virtual Machines with minimal activity over the past 14 days and address them to reduce unnecessary costs. When a linked New Relic host is available, this policy combines Azure Monitor CPU and network metrics with New Relic memory, disk read utilization, and disk write utilization. Otherwise, it falls back to Azure Monitor CPU and network metrics only. VMs are classified as idle if they meet the applicable criteria:

• Average CPU utilization below 5%
• Maximum CPU utilization below 15%
• Average network I/O less than 100 MB

Additionally, when New Relic data is available:

• Memory utilization below 20%
• Disk read utilization below 5%
• Disk write utilization below 5%

Rationale

Idle Azure VMs continue to consume compute and network resources, resulting in unnecessary operational expenses. Incorporating a threshold for maximum CPU utilization ensures that VMs with brief, transient workloads are not misclassified as idle. This enhanced detection methodology balances cost efficiency with service continuity, enabling more precise identification of optimization opportunities. Proactively managing idle VMs contributes to reduced waste and improved overall performance of the Azure infrastructure.

... see more

Remediation

Open File

Remediation

Decommissioning Idle Virtual Machines

If a VM is no longer required or its workload has been migrated, consider the following actions to eliminate unnecessary resource costs:

Stopping (Deallocating) the VM

This action stops the VM and releases compute resources. Billing for compute is paused, but charges for persistent resources (e.g., OS and data disks, reserved IPs) continue.

Azure CLI

az vm deallocate --resource-group {{resource-group-name}} --name {{vm-name}}

PowerShell

Stop-AzVM -ResourceGroupName "{{resource-group-name}}" -Name "{{vm-name}}"

Terminating (Deleting) the VM

This permanently deletes the VM. Use caution—ensure data has been fully migrated or backed up prior to deletion.

To preserve the disk for future reuse, configure the OS disk's delete option to "detach":

az resource update 
    --resource-group {{resource-group-name}} \
    --name {{vm-name}} \
    --resource-type virtualMachines \
    --namespace Microsoft.Compute \
    --set properties.storageProfile.osDisk.deleteOption=detach

... [see more](remediation.md)

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 Cloudaware Framework → 💼 Waste Reduction			25		no data
💼 Cloudaware Framework → 💼 Workload Efficiency			24		no data