|   Trend Micro Cloud One™
Open menu

Enable Auto-Shutdown

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial Product features
Last updated: 04 August 2020
Risk level: Low (generally tolerable level of risk)
Rule ID: VirtualMachines-017

Ensure that your Microsoft Azure virtual machines (VMs) are configured to use Auto-Shutdown feature in order to minimize waste and control VM costs. For example, Azure VM Auto-Shutdown can be successfully used to stop all virtual machines across your Dev/Test cloud environments when you leave work in the evening, and start them in the morning when you are back in the office.

This rule resolution is part of the Cloud Conformity Security & Compliance tool for Azure

Cost
optimisation

The Auto-Shutdown feature represents an efficient, automated solution for Azure cloud users who want to optimize their virtual machine service costs.

Audit

To determine if your Microsoft Azure virtual machines are configured to use Auto-Shutdown, perform the following actions:

Using Azure Portal

01 Sign in to Azure Management Console.

02 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.

03 Choose the Azure subscription that you want to access from the Subscription filter box.

04 From the Type filter box, select Virtual machine to show only the virtual machines (VMs) deployed in the selected subscription.

05 Click on the name of the virtual machine that you want to examine.

06 In the navigation panel, under Operations, select Auto-shutdown to access the feature configuration settings available for the selected Azure VM.

07 On the Auto-shutdown page, check the Enabled setting status. If Enabled is set to Off, the Auto-Shutdown feature is not enabled for the selected Microsoft Azure virtual machine.

08 Repeat steps no. 5 – 7 for each Azure virtual machine that you want to examine, available in the selected subscription.

09 Repeat steps no. 3 – 8 for each subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run Get-AzureRmVM PowerShell command using custom query filters to list the ID of each virtual machine (VM) provisioned within the specified resource group, available in the current Azure subscription:

Get-AzureRmVM -ResourceGroupName "cloud-shell-storage-westeurope" | Select-Object -Property Id | Format-Table

02 The command output should return the requested virtual machine identifiers (IDs):

Id
--
/subscriptions/abcdabcd-abcd-1234-abcd-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Compute/virtualMachines/cc-development-server

/subscriptions/abcdabcd-abcd-1234-abcd-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Compute/virtualMachines/cc-app-worker-server

/subscriptions/abcdabcd-abcd-1234-abcd-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Compute/virtualMachines/cc-staging-server

03 Run Get-AzureRmResource PowerShell cmdlet using the name of the selected Azure resource group as identifier parameter and custom query filters, to describe the Auto-Shutdown feature status set for the virtual machines available in the specified resource group:

(Get-AzureRmResource -ResourceGroupName "cloud-shell-storage-westeurope" -ResourceType Microsoft.DevTestLab/schedules -Expandproperties).Properties | Select-Object -Property targetResourceId, status| Format-List

04 The command output should return the Auto-Shutdown configuration status for the requested resources:

targetResourceId : /subscriptions/abcdabcd-abcd-1234-abcd-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Compute/virtualMachines/cc-development-server
status           : Disabled

targetResourceId : /subscriptions/abcdabcd-abcd-1234-abcd-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Compute/virtualMachines/cc-app-worker-server
status           : Enabled

If Get-AzureRmResource command output returns Disabled as value for the status attribute, the Auto-Shutdown feature is not enabled for the specified Microsoft Azure virtual machine. Also, the virtual machines that are listed at step no. 2 but are not reported at step no. 4, don't use the Auto-Shutdown feature.

05 Repeat steps no. 1 – 4 for each Azure resource group deployed in the current subscription.

06 Repeat steps no. 1 – 5 for each subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

Auto-Shutdown can help you optimize your Azure VM service costs by stopping non-critical virtual machines during off-hours. To enable this feature for your virtual machines, perform the following actions:

Note: Enabling Auto-Shutdown feature for Azure virtual machines using Microsoft Azure CLI and/or Azure PowerShell is not currently supported.

Using Azure Portal

01 Sign in to Azure Management Console.

02 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.

03 Choose the Azure subscription that you want to access from the Subscription filter box.

04 From the Type filter box, select Virtual machine to list only the virtual machines (VMs) available in the selected subscription.

05 Click on the name of the virtual machine that you want to reconfigure (see Audit section part I to identify the right Azure resource).

06 In the navigation panel, under Operations, select Auto-shutdown to access the Auto-Shutdown feature configuration settings.

07 On the Auto-shutdown configuration page, perform the following commands:

  1. Under Enable, select On to begin the setup process.
  2. Set the daily auto-shutdown time using the Scheduled shutdown box.
  3. Select the necessary auto-shutdown time zone from the Time zone dropdown list.
  4. Select Yes under Send notification before auto-shutdown? and provide at least one webhook URL and/or one email address to get notifications on the specified webhook endpoint and/or email address when the auto-shutdown for the selected VM is about to happen.
  5. Click Save to apply the configuration changes and enable Auto-Shutdown for the selected virtual machine.

08 Repeat steps no. 5 – 8 to enable Auto-Shutdown feature for other Azure virtual machines (VMs) deployed in the selected subscription.

09 Repeat steps no. 3 – 9 for each subscription created in your Microsoft Azure cloud account.

References

Publication date Nov 28, 2019

Unlock the Remediation Steps

Gain free unlimited access to our full Knowledge Base


Over 600 rules & best practices for and

Get started for FREE

A verification email will be sent to this address
We keep your information private. Learn more.

Thank you!

Please click the link in the confirmation email sent to

You are auditing:

Enable Auto-Shutdown

Risk level: Low