Skip to main content
Back to the Azure Footguns Database
CostMediumOccasionalAZF-0024

A resource quietly settles into a new, higher cost baseline and the step-up becomes the new normal

A resource's spend steps up to a permanently higher level and stays there. Unlike a spike it never comes back down, so it's easy to accept as the new normal.

Footgun ID
AZF-0024 (Azure Footgun No. 24)
Azure service
Azure Cost Management
Resource type
Microsoft.CostManagement/query
Updated
July 1, 2026

What it is

A durable, sustained increase in a resource's spend, a step-change to a new higher steady-state rather than a transient burst. A tier was bumped, replication was turned on, retention was extended, an autoscale floor was raised, and the resource simply costs more from that day forward. Because the new level is stable, it looks like normal operation and rarely gets questioned.

Impact (cost)
The step-up in daily cost, paid every day indefinitely because the new higher level never trips a threshold twice
Basis: Azure behavior (authored assessment). Figures are estimates, not measurements.

Why it happens

A spike is loud because it goes back down; a pattern shift is quiet because it doesn't. The cost moves to a new plateau and stays there, so after a week or two the higher number looks like the baseline. Anyone glancing at a cost chart sees a flat line at the new level and moves on.

Static budget alerts make this worse. A step-up nudges the monthly total up once; if that crosses the cap you raise the cap, and now the elevated spend is baked into the budget forever with no further alerts. Threshold tooling has no concept of "this resource used to cost X and now costs Y with no return," which is exactly the pattern that a permanent step-up creates. Detecting it means recognizing a sustained change in a resource's own level, not a momentary excursion and not a subscription total drifting up.

What it costs / blast radius

Because the shift is permanent, the cost is the daily step-up paid every single day from the change onward, so a modest-looking increase compounds into a large annual figure the longer it goes unnoticed. A spike costs you the days until it's caught; a pattern shift costs you until someone actively decides to roll it back. (Authored assessment of Azure alerting behavior, not a measured figure; the dollars depend on the resource and how long the new level persists.)

See it

Naive guardrail: a threshold that a step-up quietly resets
resource budget 'Microsoft.Consumption/budgets@2023-05-01' = {
  name: 'monthly-cap'
  properties: {
    category: 'Cost'
    timeGrain: 'Monthly'
    amount: 50000            // bumped last quarter after spend stepped up
    notifications: {
      over90: {
        enabled: true
        operator: 'GreaterThan'
        threshold: 90
        contactEmails: [ 'finops@example.com' ]
      }
    }
    // A permanent step-up trips this once. You raise the cap, and the
    // higher spend is now the accepted normal, forever, no more alerts.
  }
}
Better model (conceptual): detect a sustained shift in a resource's own level
// What a static budget can't express: a resource that moved to a new plateau.
//
//   for each resource:
//     before = its typical daily cost in the earlier part of the window
//     after  = its typical daily cost in the recent part of the window
//     if 'after' sits durably above 'before' (not a one-day blip)
//        -> flag a pattern shift, not a spike
//
// The tell is *persistence at a new level*, which a single threshold,
// reset each time the cap is raised, is structurally unable to see.

How StratoLens helps

StratoLens tracks each resource's spend over time and distinguishes a permanent step-up from a passing spike, flagging resources that have moved to a durably higher level, per resource, across every subscription, so a quiet plateau doesn't get absorbed into "the new normal." The analysis runs continuously in your own tenant, so a step-up gets a second look instead of a raised budget cap.

Start Your 28-Day Free Trial

Every feature unlocked. Deploys to your Azure tenant. No data leaves your tenant.

Available now on the Azure Marketplace.

Built for Azure infrastructure teams who need complete visibility across their entire estate.