Cloud platforms love to promise efficiency. Azure tells you to pay only for what you use. But most organizations are not paying for active usage anymore. They are paying for forgotten infrastructure, abandoned projects, stale environments, orphaned disks, idle virtual machines, and resources nobody remembers creating. The billing meter never stops simply because a sprint ended or a team moved on. That is the real problem with manual governance. Cleanup depends on memory, spare time, and someone eventually noticing the cost report after the spend has already landed. Finance sees rising cloud bills. Engineering starts hunting through old tickets. Teams debate ownership while unused resources continue burning budget in the background. The cloud makes spinning things up incredibly easy, but shutting things down safely and consistently is where most organizations fail. In this episode, Mirko Peters breaks down how to build an automated Azure cleanup engine that removes waste before it scales into chaos. Instead of relying on manual reviews and reactive cost reports, the model combines Azure Policy, intelligent tagging, Resource Graph, and Logic Apps to continuously identify resources that no longer deserve to exist. The result is a governance approach that moves from “someone should clean this up” to a repeatable lifecycle control system that actually works.

WHY CLOUD WASTE NEVER REALLY GOES AWAY

Most cloud waste is not caused by oversized virtual machines or premium database tiers. The deeper issue is lifecycle drift. Projects start quickly, teams deploy temporary resources, proof-of-concept environments get created, and then priorities change. The work disappears, but the infrastructure survives. Over time, these forgotten assets turn into background noise that quietly inflates cloud spend month after month. Weak tagging makes the problem even worse. When resources lack ownership, expiry dates, or cost center alignment, cloud bills lose context. Organizations can see the spend, but they cannot see the story behind it. Accountability becomes blurry, cleanup slows down, and manual governance creates endless delays that protect waste instead of eliminating it. This episode explains why governance fails when it sits outside the delivery process and why the solution is not more reports, but stronger lifecycle enforcement built directly into the platform.

THE GOVERNANCE MODEL BEHIND THE CLEANUP ENGINE

The architecture is intentionally simple:

• Azure Policy becomes the law
• Tags provide the operational context
• Logic Apps execute the cleanup actions
• Resource Graph continuously discovers lifecycle driftMirko walks through how to structure governance correctly using management groups, resource group inheritance, audit-first rollout strategies, and progressive enforcement models that move from Audit to Modify and finally to Deny once the organization is ready. You will learn why governance systems often fail when policies, automation, and tagging become overly complex — and how keeping the model small and explainable dramatically improves adoption and trust across engineering teams.

THE TAGGING STRATEGY THAT MAKES SAFE DELETION POSSIBLE

Tags are not decorative metadata. They are the decision engine behind automated cleanup. This episode explores the exact tag model needed to support safe lifecycle automation, including:

• Owner
• Environment
• CostCenter
• ExpiryDate or TTL
• CleanupAction
• ExceptionReasonYou will hear why strong tagging transforms deletion from a risky guess into a controlled operational decision, and why inheritance through resource groups is far more scalable than forcing manual tagging on every deployment. Mirko also explains how poor taxonomy design destroys automation credibility, why free-text exception handling creates governance drift, and how to build a tagging system teams will actually follow instead of bypassing.

BUILDING THE LOGIC APP CLEANUP FLOW

The cleanup workflow itself lives inside Azure Logic Apps Consumption, keeping operational costs low while allowing the engine to scale dynamically as cleanup demand changes. The episode covers the complete orchestration model: Discovery through Azure Resource Graph, validation paths, dependency checks, lock handling, approval flows, deletion branching by resource type, retry logic, managed identities, audit logging, and dry-run safety modes. Instead of relying on one giant deletion script, the cleanup engine becomes a structured orchestration platform capable of making consistent lifecycle decisions at scale. You will also learn why:

• Deletion order matters in Azure
• Resource locks often break automation
• Soft-delete changes expected behavior
• Governance policies can accidentally block cleanup workflows
• Quarantine flows are safer than immediate deletion in uncertain scenariosMEASURING WHETHER THE ENGINE IS ACTUALLY WORKING

Savings alone are not enough. This episode int...

Stop Paying for Nothing: Build an Automated Azure Cleanup Engine

Listen On

Support On

Featured Episodes

Recent Episodes

Microsoft Data Podcast – Analytics, Fabric & Data Governance Episodes

Microsoft Power Platform Podcast – Governance, Security & Architecture Episodes

Microsoft Security Podcast – Identity, Cloud & Enterprise Protection Episodes

Microsoft Azure Podcast – Cloud Architecture, Security & Operations Episodes

Microsoft Copilot Podcast – AI Architecture, Security & Governance Episodes

Microsoft Dynamics 365 Podcast – Architecture & Integration Episodes

Microsoft Development Podcast – APIs, Identity & Architecture Episodes

Microsoft 365 Podcast – Teams, SharePoint, Office Apps & Productivity Episodes

Browse episodes by category