17 Microsoft Azure Workflows You Should be Automating

Check out the most downloaded Microsoft Azure workflows to kickstart your automation strategy. Get ideas on what to automate – everything from compliance checks to cost optimization.

Ashlyn Eperjesi
Dec 15, 2023
 min read
Share this post

As a modern security practitioner, you’re familiar with the various cloud providers like Microsoft Azure. These cloud computing platforms offer so many solutions, it’s overwhelming to keep up with technical documentation and security best practices for each one. 

Thankfully, with an AI copilot like Blink, automating Azure workflows doesn’t require hours of coding or reading API documentation. With prompt-based automation, you can generate any workflows just by typing a prompt. It’s easier than ever.

So what workflows should you be automating within Azure? 

Let’s look at some of the top Azure workflows that every security team should consider automating to streamline their operations.

1. Check if All Azure Users Have MFA Enabled

Determining if Azure users have MFA enabled can be a tiresome and time-consuming task, particularly for larger organizations with numerous users. Even after compiling a list of non-compliant users, the process of individually notifying and ensuring MFA activation remains manual. 

You can simplify this process by running an automation that effortlessly identifies Azure users without MFA and promptly notifies them to update their settings.

Blink automated workflow: Enforce and Enable MFA for Cloud and Tools for All Azure Users

2. Get User Activity From Your Azure Logs

Having the ability to easily audit user activity in Azure is crucial, whether you're addressing a security incident or simply reviewing a user's actions comprehensively. 

In the unfortunate event that one of your developers' accounts is compromised, reviewing their user activity becomes a necessary task to ensure the integrity of your Azure account and resources. It helps verify that no malicious actions have been taken or sensitive data, such as access keys or secrets, has been exfiltrated. 

Manually retrieving user logs and adding them to a ticket can be a burdensome and time-consuming process, especially when your team is responding to a security incident. By implementing automation, you can promptly trigger the aggregation of Azure activity logs and other pertinent information for a compromised user.

Blink automated workflow: Get User Activity from Azure Logs

3. Find and Remove Old Azure Snapshots 

Azure virtual hard disk (VHD) snapshots are crucial for preserving virtual machine states at specific times. They offer reliable recovery options during disasters or for troubleshooting. However, monitoring unnecessary snapshots is important to avoid excessive costs.

Leveraging an automated workflow, like the one below, makes it easily to identify outdated Azure snapshots and schedule their removal. This ensures efficient and cost-effective management of virtual machine resources.

Blink automated workflow: Ensure Old Snapshots are Deleted If Not Required in Azure

4. Validate that All Azure Storage Accounts are Encrypted

To mitigate the risk of security breaches, it is crucial to encrypt your Azure storage accounts when storing data in the cloud. By preventing unauthorized access to exfiltrated data, your organization significantly enhances its security posture. However, regularly validating that all Azure storage accounts are encrypted can be time-consuming.

If your organization has an encryption strategy in place, it is imperative to have tools that enable efficient management at scale. One such approach is to schedule an automation to check your Azure storage accounts and ensure compliance with your encryption standards. This ensures that your data remains protected while minimizing the administrative burden.

Blink automated workflow: Validate that Azure Storage Accounts are Encrypted

5. Check Your Azure Account Against the CIS Benchmarks

As organizations face evolving security threats, it's crucial to continually evaluate and enhance their security policies. The Center for Internet Security (CIS) collaborates with industry leaders to develop and publish comprehensive security configuration benchmarks. These benchmarks help organizations securely configure systems and meet compliance requirements.

With numerous controls across various CIS sections, relying solely on manual checks poses challenges in ensuring active compliance. However, automating the process of checking your Azure account against CIS benchmarks daily provides valuable insights. This information can be compiled into a concise automated report, enabling quick updates and easy collaboration with team members.

Blink automated workflow: CIS V1.5.0 Compliance Report for Azure

6. Rotate Access Keys for Your Azure Storage Account

When you create an Azure storage account, two access keys are generated. These keys provide access through Shared Key Authorization. To mitigate this risk of compromised access keys, it’s important to rotate them regularly. If you haven't set up a rotation policy yet in Azure Key Vault, manually rotate your access keys and establish an expiration policy to track the next rotation.

However, manual rotation is time-consuming and requires frequent context-switching. Streamline the process by automatically rotating access keys for your Azure storage account every 90 days. This approach saves time and maintains account security.

Blink automated workflow: Ensure Storage Account Access Keys are Periodically Regenerated in Azure

7. Pause Your AKS Clusters Nightly

If you have non-production clusters for testing or QA purposes, they may not need to be available 24/7. If your team follows predictable work hours, you can establish a process to pause your AKS clusters nightly and resume them in the morning, effectively reducing costs.

To consistently lower expenses, it's important that pausing clusters is not a time-consuming or manual task. If the process is too cumbersome, it may not become a habit and fail to consistently save costs. One way to streamline this is by creating an automation that schedules the scale-down, sends notifications, and waits for approvals. This will help optimize cost management while maintaining efficiency.

Blink automated workflow: Stop AKS Cluster

8. Find and Remove Unused Azure Virtual Network Gateways

To maintain optimal security and reduce cloud costs, it is crucial to clean up any unused Azure gateways within your organization. While manually finding and removing unused Azure virtual network gateways is possible, it can be a time-consuming process, especially considering the scale of your operations. 

However, implementing automated solutions can make this task routine and efficient. By creating an automation that identifies gateways with no connections and queues them for removal, you can regularly and effectively run checks for unused gateways at scale.

Blink automated workflow: Ensure Unused Virtual Network Gateways are Removed in Azure

9. Optimize Costs for Long Running Azure VMs with Reserved Instances

If your Azure virtual machines (VMs) consistently take a long time to complete tasks, it can be costly. However, you can reduce expenses by up to 72% by switching to a different instance type based on predictable usage. Before deciding how to handle these instances, gather information, analyze usage data, and understand the business impacts. 

Simplify the process by leveraging automation to identify and gather details on long running instances in Azure.

Blink automated workflow: Ensure Long Running Virtual Machines are Reviewed in Azure

10. Find and Resize Azure Virtual Machines with Low CPU Usage

Virtual machines with low usage can quickly drive up your cloud computing costs. However, you have the opportunity to save substantial money by identifying these underutilized virtual machines and downsizing them accordingly. Azure offers a range of instance types tailored to different workload requirements and resource types. By strategically allocating virtual machines based on their specialized purposes and workload needs, you can avoid idle or unused resources, resulting in significant savings on your cloud computing expenses.

Leveraging automation, you can regularly find Azure virtual machines with low CPU usage and gather detailed information about them. This allows you to make informed decisions and optimize your cloud computing resources effectively.

Blink automated workflow: Ensure Compute Virtual Machines with Low CPU Utilization are Reviewed in Azure

11. Detect and Remove Unattached Azure Public IP Addresses

Just like other Cloud platforms, Microsoft Azure lets you assign public IP addresses to virtual machines (VMs) so that you can access these computing resources publicly. But here's the thing: each public IP address comes with a cost, and it's calculated on an hourly basis. So, if you don't want to pay for unused or unnecessary IP addresses, it's a good idea for your organization to avoid them.

Now, if you often need to check for unattached Azure public IP addresses, there's a smarter way than going through all the steps manually. You can use automation to effortlessly find unassociated IP addresses in Azure and quickly queue them for removal. This not only makes the process smoother but also ensures optimal utilization of your resources.

Blink automated workflow: Detect Unattached Azure External IP Addresses and Remove Them Upon Approval

12. Find and Delete Unattached Disks with the Azure CLI

Deleting a virtual machine in Azure won't delete the attached disks, thankfully preventing data loss. However, you'll still be charged for any remaining disks, even if they're unattached. To avoid unnecessary fees, regularly clean up unattached disks. 

While this can be done through the portal, it’s often cumbersome to find, review, and delete a large number of unattached disks using the browser interface. Instead, automate the scanning of your Azure account for unattached disks and receive a report via email for a streamlined and efficient process.

Blink automated workflow: Ensure Unused Disks are Removed in Azure

13. Enforce Mandatory Tags Across Your Azure Resources

When implemented correctly, tags serve as a way to label resources and track their monthly expenses. Establishing a tagging strategy early on within your organization minimizes the need for future cleanup.

Instead of manually enforcing mandatory tags across your Azure resources or writing code to execute specific searches, streamline the process by utilizing automation. With just a few clicks, an automation can scan your Azure account for disks lacking mandatory tags and generate a report sent to a designated email address. This not only saves time but also ensures efficient resource management.

Blink automated workflow: Ensure Compute Disks Have Mandatory Tags in Azure

14. Run a Prohibited Tags Report for Azure

Sensitive, confidential, or unwanted data may be present in prohibited tags, necessitating their removal. However, manually searching for and reporting on these tags is a time-consuming and labor-intensive process. 

Instead, consider leveraging a pre-built automated workflow that integrates with Azure to generate a report on prohibited tags. This solution streamlines the task and ensures efficiency while maintaining data integrity.

Blink automated workflow: Prohibited Tags Report for Azure
Blink automated workflow: Prohibited Tags Report for Azure

15. Detect Stopped Virtual Machines in Azure and Send Info to Slack

Having visibility into the performance of your Azure virtual machines (VMs) is crucial. When a VM stops, it can take considerable time to gather information about the shutdown time and duration, and then report it to your security team. Manual handling of this task also increases the risk of VMs remaining stopped for extended periods before being detected.

Elevate your security measures to a proactive state by automating a workflow that detects stopped VMs in Azure and promptly sends the relevant information to Slack.

Detect Stopped Virtual Machines in Azure and Send Info to Slack
Blink automated workflow: Detect Stopped Virtual Machines in Azure and Send Info to Slack

16. Detect Unused Azure Virtual Hard Drives (VHD) and Delete Them After Approval

Companies are constantly seeking ways to streamline costs and resources, particularly in the realm of IT and security. A simple and efficient method to achieve this is by identifying and eliminating any unused Azure virtual hard drives (VHDs).

By implementing an automated workflow, unused Azure VHDs can be easily detected and subsequently deleted with proper approval. This process involves generating a comprehensive list of unattached Azure disks and sending a detailed report via Slack for review. Once approval is obtained, the identified disks can be promptly deleted.

This streamlined approach ensures optimal resource allocation and cost optimization while maintaining the desired level of security and efficiency.

Detect Unused Azure Virtual Hard Drives (VHD) and Delete Them After Approval
Blink automated workflow: Detect Unused Azure Virtual Hard Drives (VHD) and Delete Them After Approval

17. Run a HIPAA HITRUST 9.2 Regulatory Compliance Report for Azure

In Azure, the HIPAA HITRUST 9.2 framework offers a comprehensive set of predefined compliance and security checks for the Health Insurance Portability and Accountability Act. These checks encompass various domains and controls, including administrator and operator logs, audit logging, privilege management, and more. 

With the pre-built workflow below, you can generate 20 reports simultaneously, and have the results conveniently delivered via email.

Blink automated workflow: HIPAA HITRUST 9.2 Compliance Report for Azure
Blink automated workflow: HIPAA HITRUST 9.2 Compliance Report for Azure

An AI Copilot for Your Azure Workflows

Automating workflows within Microsoft Azure can greatly benefit security teams by reducing errors, increasing efficiency, and freeing up time for higher-level tasks. By using an AI copilot, like Blink Copilot, security practitioners can easily automate tasks and streamline their operations – simply by typing a prompt. 

Schedule a demo today to see how Blink can boost your security productivity and automate any azure workflow. 

Automate your security operations everywhere.

Blink is secure, decentralized, and cloud-native. 
Get modern cloud and security operations today.

Get a Demo