How Microsoft uses Azure Advanced Data Security to Scam You


Okay, time for a real world story of how big corporations in the name of security, scam customers. Microsoft will probably defend themselves by saying you are always responsible for your own cloud cost, but nevertheless judge for yourself if you think their approach is fair or a scam.

A long time ago, I don’t exactly remember when I played with using Azure Storage logs as a cheap and simple way to generate website analytics. The idea is you host a small image in a storage account that you load on your webpages, then you use the access logs from the storage account to see how much traffic you get. To analyze the logs I decided to try to take Azure Synapse for a spin. It was (still is) an serverless data analytics suite, so it fit the bill quite nicely. I don’t look at my traffic numbers very often so when I want to I can just have it scan through the log files and give me the numbers. Cool approach I thought – but as things goes I got distracted with other projects, and never finished the solution, so it has been sitting dormant in my private Azure Subscription since.

Fast forward March 2023, I got an unusual large Azure bill of around 15 USD. I know in the grand scheme of things, penny money, but still normally my cost is 1-2 USD, for mostly crap that I’m too lazy to clean up. So quite a big surge in cost. I didn’t think more of it as I thought it was related to a DNS solution using Frontdoor and Azure Container Apps that I had been building at the time.

Today I then finally had time to look into private Azure my subscriptions and I realize, the cost is still there…

So I start to do a little digging and look at the cost development for the Subscription-1 subscription. To my big surprise I can see the cost skyrocket in March.

When I look at the break down, all the cost is coming from Azure Advanced Data Security on a resource group (synapseworkspace-managedrg-af602226-9588-43e3-937f-76311925e4c9) that I didn’t even make – yes I did kinda make it as I setup Azure Synapse. But 100 DKK (15 USD) for security on some resources that I can’t do anything with, and for something that is supposed to be a serverless solution without any activity going on, to me that is a big scam.

Yes I can afford to pay Microsoft so that is not a big deal. My problem is that Microsoft is not transparent. Don’t sell something as a serverless solution if you automatically incur people a cost even when they don’t use it (then it is not a serverless solution anymore). Also give me the option to disable your shitty security product. In fact that should be the default, especially on resource that YOU manage for me, if you want to enable security on that – you pay for it.

I’m assuming that this was enabled as part of some GA announcement or something similar that I missed. But really what I think is more probable is that Microsoft ran the numbers on their Synapse offering, and realized we are not really making what we want on this serverless product, people are taking advantage of us, how can we make some more money? Some wise guy looked at the number of Synapse workspaces deployed and decided, if we start charging for this “advanced data security” on all those resource groups we provisioned, we will make a lot of money, people wont notice because we just flag it as security, and people dont want to say no to security…

So what can we learn from this incident – have very tight cost control measures in place. I normally put cost alerts on resource group levels, but in this case that wouldn’t have flagged anything as the cost is coming from the azure managed resource group, which you by the way cannot see the cost on. Which then leaves us with the only option to do the alerting on the subscription level. I guess that is another argument for not having too much in the same subscription, because then you wouldn’t notice changes like these – maybe that is also part of the strategy from Microsoft.