Subscription Janitor Bot — Copilot CLI Ideas

$ copilot --idea "Subscription Janitor Bot"

intermediate ⏱ 30-60 minutes Azure Projects

→ Audit Azure subscriptions for waste, orphaned resources, and missing tags

The Problem

Azure subscriptions accumulate cruft like attics accumulate junk. Developers spin up resources for testing and forget to delete them. Public IPs sit unattached, burning money. Storage accounts from three projects ago still exist with no tags and no owner.

What You'll Build

An automated subscription hygiene workflow that:

- Finds every orphaned resource costing money

- Identifies resources with missing or inconsistent tags

- Checks for expiring secrets and certificates

- Generates a remediation script with safety confirmations

- Produces a CSV report for management

Step-by-Step Walkthrough

Phase 1: Find the Waste

$ "Scan my Azure subscription for orphaned resources:

- Unattached managed disks

- Unallocated public IPs

- Empty resource groups

- Network interfaces not attached to any VM

- Load balancers with no backend pools

Show the monthly cost for each."

Phase 2: Tag Audit

$ "List every resource that's missing these required tags:

Environment, Owner, CostCenter, Project.

Group by resource group and show the count per group.

Suggest tags based on the resource group name and resource type."

Phase 3: Security Expiry Check

$ "Check all Key Vault secrets and certificates across the subscription.

Flag anything expiring in the next 30 days.

For expired items, identify which applications depend on them."

Phase 4: Idle Resource Detection

$ "Find App Service plans with 0% average CPU over the last 14 days.

Find SQL databases below 5 DTU usage for the same period.

Find VMs with under 2% CPU for 30 days.

Calculate potential savings if we downsize or delete these."

Phase 5: Generate Remediation

$ "Generate an Azure CLI script that:

1. Deletes all orphaned disks and public IPs (with confirmation prompts)

2. Applies suggested tags to untagged resources

3. Downsizes idle resources to minimum SKUs

Make it idempotent and add --what-if dry-run mode."

Pro Tips

• Use the azure-cost skill for accurate cost breakdowns

• The azure-compliance skill runs azqr for best-practice scanning

• Schedule this as a monthly review — automate the scan, review the results manually

• Export the CSV to a Teams channel for visibility

What You'll Learn

• Azure Resource Graph queries for cross-subscription analysis

• FinOps practices and cost management

• Tagging strategies and governance patterns

• Scripting with safety patterns (dry-run, confirmation, idempotency)