We have audited a lot of Azure bills. Mid-market environments — 50 to 500 employees, three or four engineers on the platform team, a single subscription that grew by accretion — repeat the same five cost mistakes with depressing regularity. Each one is fixable in days, not quarters. Each one stays fixed only if you bake the fix into Azure Policy.
Here are the five, in the order we find them.
1. Idle resources nobody owns
The most common single source of waste. A developer spins up a Standard_D8s_v5 to test an idea, demos it on Friday, leaves the company in March. The VM keeps running. The disk keeps incurring storage. Nobody notices because nobody is the explicit owner of the subscription it lives in.
The plug: require an owner tag (and a cost-center tag) at resource creation time via Azure Policy. Resources without both tags get blocked. Then run a weekly Logic App that emails owners of resources with zero CPU activity in the prior 14 days. Most owners say "delete it" within a day. The rest at least take responsibility.
2. Non-prod compute running 24/7
Dev and staging environments are the same SKU as production, running the same hours, costing the same money — even though no one touches them after 6pm or on weekends. We have seen mid-market teams paying thousands a month for SQL elastic pools that idle 75% of the time.
The plug: auto-shutdown for VMs (built into Azure, free to enable), DevTest Labs scheduling for tagged dev resources, and Azure Automation runbooks for SQL elastic pools that scale down to a smaller tier at night. The savings are usually 40 to 60 percent of non-prod spend without touching a single workload.
3. Storage tiers nobody touched after upload
Blob storage defaults to Hot tier. Hot tier is right when you read data daily. It is wildly overpriced when you are storing six-year-old log files because compliance requires it. We routinely find terabytes of archive-eligible data sitting in Hot tier, costing 7x what it should.
The plug: lifecycle management policies on every storage account. Move blobs untouched for 30 days to Cool, untouched for 90 to Cold, untouched for 365 to Archive. Set them at the account level so new containers inherit. The savings on a multi-terabyte account routinely cross five figures monthly.
4. Reservations that never got bought (or never got renewed)
Pay-as-you-go pricing is the most expensive way to run anything Azure. Reserved instances cut compute and SQL costs by 30 to 70 percent. Most mid-market teams either have not bought any (they "did not have time to model it") or bought some three years ago and never renewed (the renewal email got missed).
The plug: run a reservation analysis quarterly. Azure's own Cost Management surface gives you the recommendation; just act on it. For workloads with stable usage (most production), commit to 3-year reservations on the high-confidence resources. Set a calendar reminder for renewal — Azure does not auto-renew.
5. Premium SKUs on workloads that do not need them
Premium tier App Service, Premium SSD disks, P1V3 SQL — chosen at deployment time because someone clicked the recommended option and never revisited. The workload runs at 12% utilization. You are paying double for headroom that is never used.
The plug: monthly right-sizing review using Azure Advisor recommendations. The list is automatic. The hard part is having someone whose job it is to act on it. We do this for clients as part of a Cost & Governance engagement; if you are doing it in-house, put it on a senior engineer's recurring calendar and protect the time.
Pulling it all together
None of these are clever. None require a third-party tool. All five are fixable using features built into Azure that are turned off by default.
The real reason mid-market Azure bills creep up is not technical. It is organizational: nobody owns Azure cost as a deliverable, so nobody acts on the signals Azure is already sending. Fix the ownership question and the rest follows.
If your bill has gotten away from you and you want a structured 6-week engagement to map it, plug the leaks, and put guardrails in place that keep them plugged — book a discovery call. We have done this enough times to have a playbook.