Prevent unexpected growth in Azure spending due to misconfiguration or malicious activity
As a cloud solution provider, it is your responsibility to protect your customer from unexpected growth in Azure spending. However, Microsoft has several tips and checks you can put in place. We have seen cases lately where customers and partners have been surprised by their Azure spend. These cases would have been easily prevented if an Azure customer budget had been set. Azure spending budget allows you to receive early signals of excessive usage of Azure and gives you the opportunity to react swiftly to unexpected customer Azure growth. Another option is to implement a more sophisticated monitoring system with Azure cost manager. See attached article for further insights: “How to prevent a bill shock or how to use Azure cost management in your day-to-day operations”.
In addition to cases caused by misconfiguration, we also see cases of malicious activity because the Azure user was compromised. However, 95% of identity theft cases are easily prevented by using Multi-Factor Authentication (MFA). You should ensure your customers are logging in, via MFA, to their Azure accounts. See attached article for further insights: “Protect your Azure customer: Increase the Azure environment security posture”.
Cloud service providers can also receive notifications on possible malicious activities, such as cryptocurrency mining. To get these notifications, you must subscribe to Azure Fraud Notifications in Partner Center.
If your customer observes an unprecedented growth in their Azure spend, you should suspend any suspicious Azure Resource or Azure subscription and launch an investigation to establish and mitigate the underlying cause of excessive usage. In the event that it is due to malicious activity, we strongly advise that all global admins in your customer's tenant immediately change their passwords. You can review and verify all global admin user password recovery emails and phone numbers within Azure Active Directory and update them if necessary. Finally, follow the Partner Centre security requirements to enable MFA for all users in your cloud solution provider partner tenant.