This chapter covers Azure Advisor, a free, built-in service that provides personalized recommendations to help you follow Azure best practices. For the AZ-305 exam, understanding how to interpret, prioritize, and act on Advisor recommendations is critical, especially in the 'Design for cost optimization' and 'Design for operational excellence' domains. Approximately 5-10% of exam questions touch on Advisor, often requiring you to identify the correct recommendation category or explain how to use Advisor to improve a solution's reliability or security posture.
Jump to a section
Imagine you own a large house with many rooms, appliances, and systems (your Azure subscription). You want to keep it running efficiently, securely, and cost-effectively, but you don't have time to inspect every corner daily. You hire a home inspector (Azure Advisor) who walks through the entire house periodically. The inspector checks each appliance (resource), measures energy usage (cost), tests smoke detectors (security), checks for leaks (reliability), and examines wiring (performance). For each issue found, the inspector writes a recommendation: 'Replace the 20-year-old furnace with a high-efficiency model to save $200/year' or 'Install a carbon monoxide detector in the basement.' The inspector prioritizes recommendations by impact (high, medium, low) and gives you a report. You can choose to act on a recommendation (implement) or dismiss it if you have a reason (snooze). Critically, the inspector does not force you to make changes—you decide. The inspector also learns over time: if you ignore a recommendation repeatedly, it might suggest a different approach or escalate. Azure Advisor works exactly like this: it continuously analyzes your deployed resources against best practices in five categories (Cost, Security, Reliability, Operational Excellence, Performance) and produces actionable recommendations. It uses Azure Resource Graph and telemetry to assess configurations, usage patterns, and security baselines. It does not automatically implement changes unless you explicitly approve. Each recommendation includes a description, estimated impact, and steps to remediate. You can configure alerts to be notified when new high-impact recommendations appear, and you can export the report for compliance audits.
What is Azure Advisor?
Azure Advisor is a cloud-based advisory service that analyzes your deployed Azure resources and provides recommendations to optimize them across five pillars: Cost, Security, Reliability, Operational Excellence, and Performance. It is part of Azure's well-architected framework and is available to all Azure subscribers at no additional cost. Advisor continuously evaluates your resources against best practices and generates recommendations that can help you reduce costs, improve security posture, increase reliability, and enhance performance.
How Azure Advisor Works Internally
Advisor operates by collecting telemetry and configuration data from your Azure resources through Azure Resource Manager (ARM) and Azure Monitor. It uses a set of built-in rules and machine learning models to assess each resource against known best practices. For example, it checks whether a virtual machine is underutilized (CPU utilization below 5% for 7 days) or whether a storage account has geo-redundancy enabled. The evaluation occurs periodically (typically every 24 hours) and results are stored in the Advisor service. When you open the Advisor blade in the Azure portal, it queries these results and displays them as a dashboard. The recommendations are categorized by impact: High, Medium, and Low. High-impact recommendations are those that have a significant effect on cost, security, or reliability.
Key Components and Defaults
Recommendation Categories: Cost, Security, Reliability, Operational Excellence, Performance.
Impact Levels: High, Medium, Low.
Refresh Cycle: Advisor data is refreshed every 24 hours. However, some recommendations may update more frequently based on resource changes.
Snooze Duration: You can snooze a recommendation for 1 week, 2 weeks, 1 month, or custom. Snoozed recommendations are hidden from the default view.
Alerts: You can configure Advisor alerts to notify you via email, SMS, or webhook when new recommendations are generated in a specific category or impact level.
Export: Recommendations can be exported to CSV or accessed via REST API.
Configuration and Verification
Advisor requires no initial configuration; it is automatically enabled for all subscriptions. However, you can configure alerts and notifications:
# Using Azure CLI to list Advisor recommendations
az advisor recommendation list --category Cost --query "[?impact=='High']"
# Using PowerShell to get Advisor recommendations
Get-AzAdvisorRecommendation -Category Cost | Where-Object {$_.Impact -eq 'High'}To set up an alert for high-impact recommendations:
az monitor metrics alert create --name "HighCostAlert" --resource-group myResourceGroup --scopes /subscriptions/{subscription-id} --condition "avg Percentage CPU > 90" --description "Alert when CPU high"Note: The above is a general metric alert example; Advisor-specific alerts are configured via the Advisor blade under 'Alerts'.
Interaction with Related Technologies
Azure Cost Management: Advisor cost recommendations integrate with Cost Management to show estimated savings.
Azure Security Center (now Microsoft Defender for Cloud): Security recommendations from Advisor are also surfaced in Defender for Cloud.
Azure Resource Graph: Advisor uses Resource Graph to query resource configurations efficiently.
Azure Policy: Advisor can be used to identify resources that violate policies, though Policy itself is separate.
Common Recommendation Examples
Cost: 'Right-size or shut down underutilized virtual machines' – identifies VMs with average CPU <= 5% and network <= 7 MB for 7 days.
Security: 'Enable Azure Defender for App Service' – recommends enabling threat protection.
Reliability: 'Configure disaster recovery for virtual machines' – suggests enabling Azure Site Recovery.
Operational Excellence: 'Enable autoscale for App Service plans' – recommends scaling rules.
Performance: 'Upgrade your ExpressRoute circuit bandwidth' – suggests increasing bandwidth if utilization is high.
How to Prioritize Recommendations
Advisor automatically sorts recommendations by impact. As a best practice, you should:
Address High-impact recommendations first.
Use the estimated cost savings or risk reduction to prioritize.
Group recommendations by category to address a specific pillar (e.g., all cost recommendations in one sprint).
Limitations
Advisor does not automatically implement recommendations; you must manually apply changes.
Recommendations are based on Azure best practices, which may not apply to all scenarios (e.g., a development VM might be intentionally underutilized).
Some recommendations require additional permissions (e.g., Contributor role) to implement.
Advisor does not cover third-party resources or non-Azure services.
Enable Advisor for your subscription
Azure Advisor is enabled by default for all Azure subscriptions. No action is required to turn it on. However, to receive recommendations, your resources must be deployed and running. Advisor begins analyzing resources within 24 hours of their creation. Ensure that the Azure Resource Provider 'Microsoft.Advisor' is registered (it usually is). You can verify registration in the portal under Subscriptions > Resource providers.
View recommendations in the portal
Navigate to the Azure portal (portal.azure.com) and select 'Advisor' from the left-hand menu or search for it. The Advisor dashboard shows a summary of recommendations by category. You can click on each category to see detailed recommendations. Each recommendation card includes the resource name, estimated impact, description, and recommended action. The dashboard also shows the number of high, medium, and low impact recommendations.
Filter and search recommendations
Use the filters at the top of the Advisor blade to narrow down recommendations by subscription, resource group, impact level, category, or status (active, snoozed, resolved). You can also search for specific resources or recommendation titles. This helps you focus on the most critical issues for your environment. For example, you can filter to see only high-impact security recommendations for production subscriptions.
Implement a recommendation
Click on a recommendation to open its detail pane. The pane provides a description of the issue, the recommended action, and a 'Quick Fix' button if available. Quick Fix allows you to apply the recommended change directly from the portal without manual configuration. For example, for a recommendation to 'Enable autoscale on an App Service plan', clicking Quick Fix will open the autoscale configuration page with pre-filled values. After implementing, the recommendation status changes to 'Resolved' after the next refresh cycle.
Snooze or dismiss recommendations
If a recommendation is not applicable (e.g., a development VM intentionally left idle), you can snooze it for a period (1 week, 2 weeks, 1 month, or custom) or dismiss it permanently. Snoozing hides the recommendation from the default view but does not prevent it from reappearing after the snooze period ends. Dismissing removes it permanently unless the underlying resource changes significantly. Use these options to manage noise and focus on actionable items.
Set up alerts for new recommendations
To proactively receive notifications when high-impact recommendations are generated, configure Advisor alerts. In the Advisor blade, go to 'Alerts' and create a new alert rule. Specify the category (e.g., Cost), impact level (e.g., High), and action group (email, SMS, webhook). Alerts are evaluated every 24 hours when Advisor refreshes. This ensures you are notified promptly without manually checking the portal.
Export recommendations for reporting
Advisor allows you to export the list of recommendations to CSV format for offline analysis or compliance reporting. Click 'Download as CSV' on the Advisor dashboard. The CSV includes columns: Recommendation ID, Category, Impact, Resource Name, Resource Type, Subscription ID, Description, and more. You can also use the Azure REST API to programmatically retrieve recommendations for integration with monitoring tools.
Enterprise Scenario 1: Cost Optimization for a Large E-commerce Platform
A global e-commerce company runs hundreds of virtual machines across multiple subscriptions. The finance team noticed that Azure costs were increasing month over month. They used Azure Advisor to identify underutilized VMs. Advisor flagged 45 VMs with average CPU utilization below 5% for 7 days. The team created a process to right-size these VMs using Advisor's Quick Fix feature, which changed the VM size to a lower-cost tier. They also set up Advisor alerts for high-impact cost recommendations. Over three months, they saved $12,000 per month. However, they initially dismissed recommendations for VMs that were part of a load testing environment, which was a mistake—those VMs were left running 24/7. They later learned to use tags to exclude non-production resources from Advisor analysis (via Azure Policy).
Enterprise Scenario 2: Security Posture Improvement for a Financial Services Firm
A financial services firm needed to comply with PCI DSS and required continuous security monitoring. They used Azure Advisor's security recommendations to identify missing security controls. Advisor recommended enabling Azure Defender for all App Services, enabling encryption at rest for storage accounts, and enabling network security groups (NSGs) on subnets. The security team implemented these recommendations using Quick Fix and Azure Policy to enforce them going forward. They also configured Advisor alerts to notify the SecOps team whenever a high-severity security recommendation was generated. One issue they faced was that Advisor flagged resources that were already protected by a parent policy, causing duplicate effort. They learned to cross-reference Advisor recommendations with Azure Policy compliance results.
Common Pitfalls in Production
Ignoring low-impact recommendations: Low-impact recommendations can accumulate and become significant over time (e.g., many small cost savings).
Not reviewing recommendations regularly: Advisor data refreshes daily; if you don't check, you miss new opportunities.
Misinterpreting the 'Resolved' status: A recommendation shows as resolved only after the next refresh cycle (up to 24 hours).
Assuming Advisor applies changes automatically: It does not; you must manually implement or use Quick Fix.
What AZ-305 Tests on Azure Advisor
The AZ-305 exam focuses on the 'Design for cost optimization' and 'Design for operational excellence' domains. Specific objective codes include:
COST-01: Recommend cost management and optimization solutions
OPE-01: Design for operational excellence
SEC-01 (indirectly): Security recommendations
You must know the five categories (Cost, Security, Reliability, Operational Excellence, Performance) and be able to identify which category a given recommendation falls into. The exam also tests your ability to interpret recommendation impact levels (High, Medium, Low) and the correct actions to take.
Common Wrong Answers and Why Candidates Choose Them
'Azure Advisor automatically implements recommendations.' – Wrong. Advisor only recommends; you must manually apply changes. Candidates confuse Advisor with Azure Policy or Automanage.
'Advisor recommendations appear instantly after deploying a resource.' – Wrong. There is a 24-hour refresh cycle. Candidates think it's real-time like Azure Monitor metrics.
'You can use Advisor to enforce compliance.' – Wrong. Advisor is advisory; use Azure Policy for enforcement. Candidates mix up advisory vs. enforcement.
'Advisor covers all Azure services equally.' – Wrong. Some services have more recommendations than others; not all resources are evaluated. Candidates assume full coverage.
Specific Numbers and Terms on the Exam
Underutilized VM threshold: average CPU <= 5% and network <= 7 MB for 7 days.
Refresh cycle: 24 hours.
Impact levels: High, Medium, Low.
Snooze options: 1 week, 2 weeks, 1 month, custom.
Categories: Cost, Security, Reliability, Operational Excellence, Performance.
Edge Cases and Exceptions
A resource that is part of a managed service (e.g., Azure SQL Database managed instance) may have limited recommendations.
Recommendations can be suppressed by Azure Policy (if policy enforces a setting, Advisor may not recommend it).
If a recommendation is dismissed, it will not reappear unless the resource configuration changes.
How to Eliminate Wrong Answers
Ask yourself: 'Does this action require manual intervention?' If the answer choice says 'automatically', it's likely wrong for Advisor. Also, consider the time factor: if a question implies instant recommendation after resource creation, it's wrong. Focus on the advisory nature of the service.
Azure Advisor provides personalized recommendations in five categories: Cost, Security, Reliability, Operational Excellence, Performance.
Advisor data refreshes every 24 hours; recommendations are not real-time.
High-impact recommendations should be addressed first; use filters to prioritize.
Advisor does not automatically implement recommendations; you must manually apply changes.
Underutilized VM threshold for cost recommendation is average CPU <= 5% and network <= 7 MB for 7 days.
You can snooze recommendations for 1 week, 2 weeks, 1 month, or custom; dismiss permanently removes them.
Set up Advisor alerts to be notified of new high-impact recommendations via email, SMS, or webhook.
These come up on the exam all the time. Here's how to tell them apart.
Azure Advisor
Provides recommendations based on best practices
Does not enforce any configuration
Covers cost, security, reliability, operational excellence, performance
Data refreshes every 24 hours
Quick Fix allows one-click implementation of recommendations
Azure Policy
Enforces rules and compliance (audit/deny/append)
Can automatically remediate non-compliant resources
Focuses on governance and regulatory compliance
Evaluates resources continuously or on schedule
Requires custom policy definitions or built-in initiatives
Azure Advisor
Covers multiple categories including cost and performance
Security recommendations are a subset
Free for all Azure subscriptions
No integration with regulatory compliance standards
Recommendations are based on general best practices
Azure Security Center (Defender for Cloud)
Focuses exclusively on security and compliance
Provides security alerts and threat protection
Free tier available; advanced features require Azure Defender
Integrates with regulatory compliance standards (e.g., PCI DSS, ISO 27001)
Recommendations are based on security benchmarks and threat intelligence
Mistake
Azure Advisor automatically fixes problems it identifies.
Correct
Advisor only provides recommendations; it never automatically implements changes. You must manually apply them using Quick Fix or manual configuration.
Mistake
Advisor recommendations are updated in real time.
Correct
Advisor data refreshes every 24 hours. Changes to resources may take up to a day to reflect in recommendations.
Mistake
Advisor covers all Azure resources and services.
Correct
Advisor covers many common services (VMs, storage, App Service, SQL, etc.) but not all. Some services have limited or no recommendations.
Mistake
Advisor can enforce compliance with organizational policies.
Correct
Advisor is advisory; it does not enforce anything. Use Azure Policy for enforcement and compliance.
Mistake
Dismissing a recommendation permanently removes it.
Correct
Dismissing removes it from the default view, but if the underlying resource changes, the recommendation may reappear. Snoozing is temporary; permanent dismissal is possible but not recommended for valid issues.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Azure Advisor refreshes its data every 24 hours. This means that after you deploy a new resource or make a change, it may take up to a day for recommendations to appear or update. There is no way to force an immediate refresh. If you implement a recommendation, it will show as 'Resolved' after the next refresh cycle.
No, Azure Advisor does not automatically implement recommendations. It only provides suggestions. However, many recommendations include a 'Quick Fix' button that opens the relevant configuration page with pre-filled values, allowing you to apply the change with a few clicks. You still need to explicitly confirm the action.
Azure Advisor covers multiple categories (Cost, Security, Reliability, Operational Excellence, Performance), while Azure Security Center (now part of Microsoft Defender for Cloud) focuses exclusively on security and compliance. Security recommendations from Advisor are also surfaced in Defender for Cloud, but Defender for Cloud provides additional features like security alerts, threat protection, and regulatory compliance dashboards.
You cannot directly exclude a resource from Advisor. However, you can snooze or dismiss recommendations for that resource. Alternatively, you can use tags and Azure Policy to mark resources as 'exempt' and then filter your Advisor view by tags. Another approach is to use Azure Policy to enforce a configuration that aligns with the recommendation, which may cause Advisor to stop recommending it.
Quick Fix is a feature that allows you to implement a recommendation directly from the Advisor portal without navigating to the resource's configuration blade. When you click 'Quick Fix', a pane opens with the recommended settings pre-filled. You review and confirm the change, and Advisor applies it. Not all recommendations have Quick Fix available.
Yes, you can export the list of recommendations to a CSV file from the Advisor dashboard. The CSV includes details such as recommendation ID, category, impact, resource name, subscription ID, and description. You can also retrieve recommendations programmatically using the Azure REST API or Azure CLI.
No, Azure Advisor only analyzes resources deployed in your Azure subscriptions. It does not cover on-premises resources or other cloud providers. For hybrid environments, consider using Azure Arc to bring non-Azure resources under Azure management, but Advisor's coverage for those resources is limited.
You've just covered Azure Advisor Recommendations — now see how well it sticks with free AZ-305 practice questions. Full explanations included, no account needed.
Done with this chapter?