Today when logging in, I had a message about trying Azure Advisor recommendations. Normally, I dismiss login messages, but one thing caught my eye: free. Azure Advisor is a free set of recommendations the provide personalized, best practice information. The message is shown here:

This showed up on my Azure portal login today (with multi-factor authentication of course!)

I had to see if Azure Advisor is worthwhile given that it is free, so let’s see if it was worthwhile.

Azure Advisor is personalized based on your Azure usage, so it is fair to say that each individual experience may vary. But there are four main benefits of Azure Advisor (quoted from here):

  • Best practices to optimize your Azure workloads
  • Personalized recommendations—prioritized and customizable based on your business needs
  • Simple, step-by-step guidance and quick links
  • One place to review and act on recommendations from across Azure

I found it worthwhile to read the page about Azure Advisor first to get a rough set of expectations on what I may find as a benefit from this offering, including some security advice. I have been looking at Advanced Threat Protection for Azure Storage (and will review soon), but this free offering appealed. Note that ATP for Azure Storage is not free. Note also some of the recommendations may include additional Azure costs. Microsoft has also provided a nice video as an overview of Azure Advisor:

14 minutes and you will get the gist of Azure Advisor

So, after reading a bit and watching the video, I was curious what Azure Advisor would have to say about my account. If you have had this message on login, you can go right away into Azure Advisor or simply search for “Advisor” in the main portal navigation, or the icon that seems to have always been there:

Advisor is there for you

My recommendations in the Azure Advisor were relatively simple and easy to interpret. The performance and cost sections were all good, and only the high availability and security areas had impacted resources that should be investigated (this was across all services used in Azure – note the first drop down above High Availability allows you to select services for Azure Advisor analysis):

My account did “OK” – though that red in security needs sorted right away.

I decided to take a look at the security recommendation as one was listed as High Impact. The recommendation is that “Secure transfer to storage accounts should be enabled” for one of my storage accounts. The good thing is that it is not the storage account that I outlined the encryption with in a previous post, but a different account that hasn’t been used in a while. In can see this viewed below:

One storage account needs some attention.

What is good is that while there was one storage account with this characteristic identified as a high risk resource; it also shows you the rest of the resources that are listed as healthy. This is shown here comparing the one problem account and the other healthy accounts:

One account needs some attention, the ones I have been working on securing are clean.

Those with a keen eye will recognize that the storage account I have been working with on encryption is listed as healthy for this particular risk (rwv0blob0backupdata). I simply click on the impacted account and change the option to require secure transfer, and this issue should be sorted:

Click on the account in Azure Advisor takes you right to where the solution can be configured.

The first immediate task should be to ensure that any service that accesses that storage account is not impacted, ideally through a test configuration of the same storage account with the same type of usage. This will ensure that services that consume that account will not be impacted.

This is the start of many major or minor configurations to security, resource usage, availability and more. I found the recommendations useful, in fact, very useful as a free analysis. This is important as some of the services in Azure I am using may have been in place for a while and the services may have changed – but I may not have changed their configuration.

My only hesitation to giving Azure Advisor a complete endorsement is that it takes a while for the recommendations to update. For the change example I made took quite a while to remove that red entry, a high priority recommendation. I also had another situation where I had a test App Service with all default configuration, those alerts stayed displayed well after the service was completely removed. This is the type of thing that may make some administrators hastily go back and re-configure things, possibly unrelated things, causing unexpected results. You can look and see when a specific recommendation has been updated, but I found that this was not always in sync with when I entered Azure Advisor:

Don’t freak out if it takes a while to clear the high impact or other results that you have changed.

For the root of the question and this post, “Is Azure Advisor Useful?” I say absolutely. I recommend administrators visit Advisor often and assess what is discovered and either resolve or postpone the alerts to keep visibility high in Azure environments.

Do you use Azure Advisor? If so, what have you learned from it? Share your comments below.