Studies estimate roughly 30% of cloud spend is wasted on idle or oversized resources. This playbook helps CIOs navigate Azure service models (IaaS/PaaS/SaaS), licensing agreements (EA/CSP/MCA), and implement proven cost optimisation strategies โ from Azure Hybrid Benefit and Reserved Instances to rightsizing, FinOps governance, and service-specific techniques across compute, storage, network, and database.
Understanding how IaaS, PaaS, and SaaS differ in cost structure and licensing is foundational to Azure optimisation. Each model shifts different responsibilities โ and cost drivers โ between you and Microsoft.
VMs, Storage, Virtual Networks โ you manage OS, middleware, and applications. OS licence cost is included in pay-as-you-go rate unless you apply BYOL (Azure Hybrid Benefit). Most control and flexibility, but also most management. Inefficiencies (oversized VMs, idle time) directly increase costs. Optimise by rightsizing, scheduling shutdowns, and applying licence entitlements.
Azure SQL Database, App Services, Azure Functions โ Microsoft manages infrastructure and platform software. Licence is bundled into service price (e.g., Azure SQL includes SQL Server licence). Some PaaS services still allow BYOL (Azure SQL Managed Instance supports AHB). More cost-effective for many scenarios via auto-scaling and managed optimisation. Still requires rightsizing โ choosing the correct service tier is critical.
Microsoft 365, Dynamics 365, third-party SaaS. Per-user or subscription-based pricing purchased through EA/CSP/MCA rather than Azure consumption. No infrastructure to optimise. Cost control focuses on managing licence counts, choosing the right plan tier, and avoiding shelfware. Integrating SaaS with Azure services may incur indirect Azure consumption costs.
How you buy Azure impacts pricing, flexibility, and cost governance. For a detailed comparison, see EA vs CSP vs MCA: Choosing the Right Agreement.
Volume discounts locked for term. Annual monetary commitment (pre-purchased Azure credits) or true-up for overage. Price protection against increases. Includes Software Assurance. Pitfall: underutilising commitment = wasted budget. Limited mid-year adjustment. Ideal for large, stable organisations with predictable demand. See Negotiating Azure Commitments in Your EA.
No fixed term, no upfront commitment. Monthly pay-as-you-go through partner. Partner handles billing and often bundles support/advisory. Partner sets pricing (may include margin). NCE monthly subscriptions carry ~20% premium over annual for seat-based products; Azure consumption is pure pay-go. Ideal for agility-focused or smaller organisations.
No minimum, no fixed term. Direct agreement with Microsoft (or via partner). Unified billing across Azure, M365, D365. Pay-as-you-go. Discounts only via custom deals for large spend (no built-in tiers). No included Software Assurance for standalone licences. Ideal for companies transitioning off EA or wanting direct flexibility without a reseller.
| Aspect | EA | CSP | MCA |
|---|---|---|---|
| Term | 3-year fixed | Evergreen (no fixed term) | Evergreen (no fixed term) |
| Commitment | Annual $ commit or seat count | None required | None required |
| Pricing | Volume discounts locked for term | Partner-set; pay only for use | List price; custom deals for large spend |
| Billing | Annual + overage true-up | Monthly through partner | Monthly/annual direct from Microsoft |
| Support | Not included (buy separately) | Included via partner | Not included (buy separately) |
| Software Assurance | Included | Not available | Not included |
| Flexibility | Rigid during year (adjust at anniversary) | Highly flexible | Highly flexible |
| Best For | Large enterprises, predictable demand | Agile orgs, partner value-add | Direct purchasing, EA transitions |
Negotiating or renewing your Azure EA? We benchmark your commitment and identify savings before you sign.
Microsoft Contract Negotiation โDeploying expensive VM SKUs "just in case" then running at 5% CPU. Using Premium SSD when Standard suffices. Oversizing PaaS tiers. Every excess resource is pure cost without benefit in the cloud.
Dev/test VMs running 24/7 including weekends. Disks left after VM deletion. Unattached public IPs, load balancers, and network gateways. These "forgotten" resources silently accumulate bills. Run monthly audits using Azure Advisor to catch them.
Enterprises with on-prem Windows Server or SQL Server licences failing to enable AHB โ paying for software twice. Every eligible VM without AHB enabled represents ~40% unnecessary cost on Windows workloads.
No budgets or alerts in Azure Cost Management. No tagging standards. No chargeback/showback reporting. Without visibility, costs spiral until the bill arrives. Implement budgets, alerts, and mandatory tagging from day one.
Relying entirely on pay-as-you-go for steady-state production workloads. By not committing to RIs or Savings Plans, you forfeit up to 72% discounts on predictable resources. Even 1-year terms yield ~40% savings.
Enabling AHB without sufficient licences. Using a licence in Azure and on-prem beyond the 180-day dual-use window. Misconfigured licensing creates audit risk. Track AHB usage against your licence inventory.
"Set and forget" infrastructure on older VM series (A-series, Dv2) that are now overpriced relative to newer options (Dv4, Dv5). Not periodically reviewing whether newer VM types offer better price-performance.
Azure Hybrid Benefit (AHB) is one of Azure's most powerful cost-saving levers. It lets you apply existing on-prem Microsoft licences to Azure resources, avoiding double-paying for licences you already own. For related strategies, see Microsoft Licensing for Cloud Migration.
With Windows Server licences + active Software Assurance, enabling AHB on Azure VMs charges only the base compute rate (equivalent to Linux VM pricing). One licence covers two VMs with up to 8 cores each or one VM up to 16 cores. Automate: use Azure Policy to default AHB to "On" for all Windows VMs if licences are available.
SQL Server core licences with SA apply to Azure SQL Database, Managed Instance, and SQL on VMs. The licence portion of SQL is substantial โ AHB yields massive savings. Azure SQL Managed Instance and Database (vCore model) both support AHB. Always apply for SQL workloads if entitled.
Software Assurance allows simultaneous use on-prem and Azure for 180 days during migration. Use this window to test and transition fully, then decommission on-prem to free the licence. Beyond 180 days, the licence can only be used in one place.
If you enable AHB on dozens of VMs, you need an equal number of licences allocated. Over-provisioning AHB beyond what you own creates audit risk. Tag AHB-enabled resources (e.g., License=BYOL). Run quarterly reports to verify AHB count against licence inventory. Microsoft can audit Azure usage for AHB compliance.
Commit to a specific VM type in a specific region for 1 or 3 years. Discounts: 1-year ~40% off; 3-year up to 72% off pay-as-you-go. Instance-size flexibility lets the reservation apply across the same VM family (e.g., a reserved D8s_v3 covers two D4s_v3). Exchange to different RI; cancel with 12% fee. Also available for Azure SQL, Cosmos DB, Blob Storage, Synapse.
Commit to a fixed $/hour spend on compute for 1 or 3 years. Not tied to specific instance or region โ applies to any compute usage (VMs, Functions, App Services, Container Instances). Slightly lower discount than RIs but much more flexible. If usage falls below commitment, you still pay the full amount. Azure applies RIs first, then Savings Plan automatically.
| Factor | Reserved Instances | Savings Plans |
|---|---|---|
| Discount | Up to 72% (3-year) | Up to ~65% (3-year) |
| Scope | Specific VM type + region | Any compute, any region |
| Flexibility | Instance-size flex within family; exchange possible | Fully flexible across instance types and regions |
| Risk | Wasted if specific resource no longer needed | Wasted only if total compute spend drops below commitment |
| Best For | Known, stable 24/7 workloads (production DBs, core VMs) | Variable workloads, mixed instance types, uncertain future |
| Non-VM Coverage | Yes (SQL, Cosmos, Blob Storage separately) | Compute services only |
Not sure if your Azure commitments are right-sized? We analyse utilisation and recommend optimal RI/SP mix.
Microsoft Optimisation โRightsizing aligns cloud resources with actual workload needs. In Azure, every excess CPU core, GB of RAM, or premium disk tier is pure waste. This is an ongoing practice, not a one-time exercise.
Azure Advisor flags underutilised VMs (e.g., <5% CPU average over weeks) and suggests smaller SKUs. Azure Monitor provides detailed metrics. If a VM averages 5% CPU and 20% memory, downsize to a smaller SKU โ moving from an 8-core to 2-core VM cuts costs dramatically.
Multiple half-empty VMs? Consolidate onto fewer, fully-utilised instances. Or containerise workloads using AKS with auto-scaling to run only what's needed. Each eliminated idle VM is pure savings.
Dev/test VMs don't need to run 24/7. Use Azure Automation to shut down outside working hours. A stopped VM costs nothing in compute (only pennies for disk storage). Scheduling nights and weekends off for non-critical systems is an easy win โ saves ~65% on those VMs.
Not just VMs: App Service Plans, Azure SQL Database tiers, Cosmos DB throughput, and storage tiers all benefit from rightsizing. Check if your Premium P2v2 App Service could run on Standard S1. Scale down SQL DTUs/vCores if performance metrics show low utilisation. Use Azure SQL elastic pools for multiple small databases sharing compute.
Create an approved list of VM sizes for typical use cases. Use Azure Policy to restrict deployment of very large (expensive) instances without approval. This prevents oversizing from the start rather than correcting it after the fact.
Use B-series burstable VMs for dev/test and low-CPU workloads (cheaper, accrue credits during low usage). Avoid premium series unless workload demands it. Periodically evaluate if newer VM types (Dv5, Ev5) offer better price-performance than older generations.
For non-critical, interruptible workloads (batch processing, QA, dev testing). Spot VMs use surplus capacity at deep discounts but can be evicted. Significant savings for workloads that handle restarts gracefully.
Azure Functions for infrequent tasks (pay per execution, not per hour). Container Instances for on-demand workloads. Logic Apps for integrations. Sometimes the cheapest VM is no VM โ you pay only when work is done.
Azure Dev/Test pricing waives Windows licence costs on VMs and offers discounts on other services. Ensure all non-production resources are in Dev/Test designated subscriptions.
Hot โ Cool โ Archive based on access frequency. Implement lifecycle management rules: e.g., logs older than 30 days โ Cool; older than 180 days โ Archive. Archive storage is extremely cheap but slow to retrieve. Automate to avoid paying premium rates for untouched data.
Find and delete unattached disks (common after VM deletion). Review snapshot retention โ keep 30 days of daily backups, not every backup forever. Orphaned disks incur monthly costs silently.
Don't use Premium SSD where Standard HDD suffices. Dev/test and backup VMs rarely need premium disks. Choose LRS over GRS unless business truly requires geo-redundancy โ GRS costs roughly 2x.
Azure charges for egress (data leaving Azure) but not ingress. Keep frequently communicating resources in the same region/VNET. Use CDN to cache content near users, reducing repeated egress from origin. For large regular transfers, ExpressRoute's fixed port fee may be cheaper than metered egress.
Each public IP and standard load balancer has a cost. Deallocate unused public IPs. Use Basic load balancers for simple dev/test (free). Architect hub-and-spoke with shared gateways rather than multiple per-VNET gateways.
Azure SQL Database serverless for intermittent use (auto-pauses during inactivity). Elastic pools for multiple small databases sharing compute. SQL on VM with BYOL for large estates with existing licences. Cosmos DB autoscale instead of fixed throughput if usage is spikey. Always apply AHB to SQL PaaS services.
Large databases cost more in storage and may require higher performance tiers. Implement data retention policies: purge or archive old records to cheaper storage. Export historical data to Data Lake Storage. Keep operational datasets lean.
Slice costs by subscription, resource group, resource type, tags. Review monthly reports showing spend by department/project. Set budgets with alerts at 75% and 90% thresholds. Integrate Azure Advisor cost recommendations into operational workflows.
Make resource tagging mandatory via Azure Policy (e.g., every resource must have CostCenter and Owner tags). This enables showback/chargeback reporting โ when teams see their bill, they become more mindful. Audit untagged resources monthly.
Hold monthly reviews with IT, finance, and application owners. Highlight anomalies. Discuss optimisations done and planned. Publish a Cloud Cost Scorecard: spend vs budget per department, top 5 savings actions taken, top 5 recommendations not yet acted on.
Restrict deployment of very large VM sizes without approval. Require Owner tag on all resources. Block unmanaged disk creation. Deny public IPs on sensitive resources. Policies prevent costly mistakes technically rather than relying on manual discipline.
Audit current on-prem utilisation (CPU, memory, storage, I/O). Use Azure Migrate to right-size target resources rather than lifting and shifting exact specs. A lightly used 16-core on-prem server may only need a 4-core Azure VM.
Rehosting (IaaS) is quickest but carries forward technical debt and higher licence costs. Refactoring to PaaS (e.g., Azure App Service instead of a Windows VM) reduces management and potentially eliminates separate OS licensing. Make choices with long-term cost in mind.
Maintain SA on Windows Server and SQL Server licences so you can use AHB post-migration. If you currently lack SA, factor in the cost to acquire it โ or choose Azure services that don't require it. Sometimes renewing an on-prem EA purely for AHB rights in Azure makes economic sense. See Windows Server & SQL Server Licensing Guide.
Schedule reviews at 30, 60, and 90 days post-migration. Compare actual costs to business case projections. Validate AHB and RI savings are being realised. If costs exceed plan, investigate and remediate. Transition to quarterly FinOps reviews after stabilisation. See Microsoft True-Ups: Avoiding Costly Mistakes.
Planning an Azure migration or already running in Azure? We identify licensing savings and negotiation opportunities.
EA Optimisation โWhether you're migrating to Azure, renegotiating your EA, right-sizing an existing deployment, or building a FinOps programme, Redress Compliance delivers vendor-independent advisory that saves Fortune 500 enterprises millions on Microsoft licensing and cloud costs.
Also managing Oracle, SAP, IBM, or Salesforce contracts? We cover all major enterprise vendors.
All Advisory Services โ