Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Enable Auto-Shutdown

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Low (generally tolerable level of risk)
Rule ID: VirtualMachines-017

Ensure that your Microsoft Azure virtual machines (VMs) are configured to use Auto-Shutdown feature in order to minimize waste and control VM costs. For example, Azure VM Auto-Shutdown can be successfully used to stop all virtual machines across your Dev/Test cloud environments when you leave work in the evening, and start them in the morning when you are back in the office.

This rule resolution is part of the Conformity Security & Compliance tool for Azure.

Cost
optimisation

The Auto-Shutdown feature represents an efficient, automated solution for Azure cloud users who want to optimize their virtual machine service costs.


Audit

To determine if your Microsoft Azure virtual machines are configured to use Auto-Shutdown, perform the following actions:

Using Azure Portal

01 Sign in to Azure Management Console.

02 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.

03 Choose the Azure subscription that you want to access from the Subscription filter box.

04 From the Type filter box, select Virtual machine to show only the virtual machines (VMs) deployed in the selected subscription.

05 Click on the name of the virtual machine that you want to examine.

06 In the navigation panel, under Operations, select Auto-shutdown to access the feature configuration settings available for the selected Azure VM.

07 On the Auto-shutdown page, check the Enabled setting status. If Enabled is set to Off, the Auto-Shutdown feature is not enabled for the selected Microsoft Azure virtual machine.

08 Repeat steps no. 5 – 7 for each Azure virtual machine that you want to examine, available in the selected subscription.

09 Repeat steps no. 3 – 8 for each subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run Get-AzureRmVM PowerShell command using custom query filters to list the ID of each virtual machine (VM) provisioned within the specified resource group, available in the current Azure subscription:

Get-AzureRmVM -ResourceGroupName "cloud-shell-storage-westeurope" | Select-Object -Property Id | Format-Table

02 The command output should return the requested virtual machine identifiers (IDs):

Id
--
/subscriptions/abcdabcd-abcd-1234-abcd-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Compute/virtualMachines/cc-development-server

/subscriptions/abcdabcd-abcd-1234-abcd-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Compute/virtualMachines/cc-app-worker-server

/subscriptions/abcdabcd-abcd-1234-abcd-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Compute/virtualMachines/cc-staging-server

03 Run Get-AzureRmResource PowerShell cmdlet using the name of the selected Azure resource group as identifier parameter and custom query filters, to describe the Auto-Shutdown feature status set for the virtual machines available in the specified resource group:

(Get-AzureRmResource -ResourceGroupName "cloud-shell-storage-westeurope" -ResourceType Microsoft.DevTestLab/schedules -Expandproperties).Properties | Select-Object -Property targetResourceId, status| Format-List

04 The command output should return the Auto-Shutdown configuration status for the requested resources:

targetResourceId : /subscriptions/abcdabcd-abcd-1234-abcd-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Compute/virtualMachines/cc-development-server
status           : Disabled

targetResourceId : /subscriptions/abcdabcd-abcd-1234-abcd-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Compute/virtualMachines/cc-app-worker-server
status           : Enabled

If Get-AzureRmResource command output returns Disabled as value for the status attribute, the Auto-Shutdown feature is not enabled for the specified Microsoft Azure virtual machine. Also, the virtual machines that are listed at step no. 2 but are not reported at step no. 4, don't use the Auto-Shutdown feature.

05 Repeat steps no. 1 – 4 for each Azure resource group deployed in the current subscription.

06 Repeat steps no. 1 – 5 for each subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

Auto-Shutdown can help you optimize your Azure VM service costs by stopping non-critical virtual machines during off-hours. To enable this feature for your virtual machines, perform the following actions:

Note: Enabling Auto-Shutdown feature for Azure virtual machines using Microsoft Azure CLI and/or Azure PowerShell is not currently supported.

Using Azure Portal

01 Sign in to Azure Management Console.

02 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.

03 Choose the Azure subscription that you want to access from the Subscription filter box.

04 From the Type filter box, select Virtual machine to list only the virtual machines (VMs) available in the selected subscription.

05 Click on the name of the virtual machine that you want to reconfigure (see Audit section part I to identify the right Azure resource).

06 In the navigation panel, under Operations, select Auto-shutdown to access the Auto-Shutdown feature configuration settings.

07 On the Auto-shutdown configuration page, perform the following commands:

  1. Under Enable, select On to begin the setup process.
  2. Set the daily auto-shutdown time using the Scheduled shutdown box.
  3. Select the necessary auto-shutdown time zone from the Time zone dropdown list.
  4. Select Yes under Send notification before auto-shutdown? and provide at least one webhook URL and/or one email address to get notifications on the specified webhook endpoint and/or email address when the auto-shutdown for the selected VM is about to happen.
  5. Click Save to apply the configuration changes and enable Auto-Shutdown for the selected virtual machine.

08 Repeat steps no. 5 – 8 to enable Auto-Shutdown feature for other Azure virtual machines (VMs) deployed in the selected subscription.

09 Repeat steps no. 3 – 9 for each subscription created in your Microsoft Azure cloud account.

References

Publication date Nov 28, 2019

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Enable Auto-Shutdown

Risk Level: Low