Azure waste concentrates in a handful of predictable places. If you work them in the right order — biggest, safest savings first — most teams cut 20–35% off the monthly invoice without touching a single production workload. Here is the order we use.
1. Deallocate, don't just stop, idle VMs
An Azure VM that is stopped from inside the OS keeps billing for compute. Only a deallocated VM stops the meter (you still pay for its disks). Audit every VM in a stopped state and deallocate it explicitly — then decide whether it should exist at all. Dev and test machines that run nights and weekends for nobody are the classic offenders; an auto-shutdown schedule usually pays for itself in the first week.
2. Delete unattached managed disks
When a VM is deleted, its data disks often survive. Every unattached managed disk bills its full monthly rate for zero value. List disks with diskState = Unattached, snapshot anything you might conceivably need, and delete the rest. Premium SSD orphans are the expensive ones — a single forgotten P30 costs more than most teams' entire log bill.
3. Right-size with real metrics, not instinct
Azure Monitor gives you the CPU and memory series to prove a VM is over-provisioned. Anything averaging under 20% CPU for two weeks is a resize candidate — typically one SKU size down, sometimes two. The B-series burstable SKUs are ideal for spiky, low-average workloads: they bank credits while idle and burst when needed.
4. Reservations and savings plans — after cleanup
Commit after you have removed the waste, never before, or you lock in the wrong baseline. For steady workloads, a 1-year reserved instance saves roughly 28–40% versus pay-as-you-go and a 3-year commitment roughly 45–60%. Azure's savings plans are more flexible across instance families and regions at a slightly lower discount. A good default: reserve the stable core, leave the variable edge on-demand.
5. Storage account hygiene
Move cold blobs to the Cool or Archive tiers with lifecycle management rules, and check every storage account for two settings while you're in there: Allow blob public access (off unless explicitly required) and Secure transfer required (on). Cost review and security review are the same walk through the same accounts.
6. Budgets and anomaly alerts
Set a monthly budget per subscription with alerts at 80% and 100% of forecast. Azure's cost data lags, so pair budgets with anomaly detection on daily spend — a runaway resource shows up as a daily spike days before it shows up in an invoice.
Do it across every subscription at once
None of this is hard for one subscription — the pain is doing it continuously across many. CloudMonitor connects to Azure with a read-only Reader service principal, inventories every VM, disk and storage account, flags the idle and unattached ones with the dollar impact, and tracks your spend against budgets — right next to your AWS and GCP accounts in the same multi-cloud inventory. The same playbook for AWS lives in our AWS cost-reduction guide.