Azure Costs: Service Types and Categories

Today we’re very excited, to announce the release of our revised service types and service categories for azure costs. In the early days azure costs just supported the Service Type attribute. Together with our customers we identified the need of having a more efficient way to understand cost drives and spending spikes.
The Service Type property now shows a more detailed type of the Azure Service. Virtual Machines report the selected pricing tier or size in that property . SQL databases are also shown now with the size of the chosen Azure SQL instance.
In contrast to the Service Type, the Service Category property describes the service class in Azure, e.g. Azure App Services, Data Management which includes BigData and SQL Services or the classical Cloud Services.
The clear differentiation between this two properties should help to identify cost spikes faster and more reliable.

Interested in the new feature?
Try the new feature today by simply logging into your azure costs account. The feature is part of any plan.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to


Azure Costs: Available as white-label solution

Today we are very excited to announce that Azure Costs can now be offered as a white-label solution for Cloud Solution Providers.


Using Azure Costs as a white-label solution includes the following features:

Service Provider Specific Top-Level-Domain incl. SSL Certificate:
Offering Azure Costs as white-label solution is delivered under your own service provider specific domain, e.g. It’s possible to bind a service provider specific SSL certificate to this domain as well.

Dedicated Storage Backend incl. support for the Azure Cloud Germany:
Every service provider is able to connect a dedicated Azure Storage Account. This ensures that all the customer data are stored and processed only in a service which is under control and management of the service provider.

Custom Identity Provider:
Servicer Provider often offer their customers account and identity infrastructure. Azure Costs as a white-label solution allows to connect custom identity providers based on the oAuth2 protocol. This allows your customers to stay with their existing accounts for the server providers infrastructure.

Interested in offering Azure Costs as a white-label solution?
Try Azure Costs as white-label solution, just contact as via a support request or drop a mail to We will guide you through the signup procedure.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to


Azure Costs: Support for Azure Tag based grouping

Azure Tags are an efficient way for employees with access to the Azure Management Portal to organize and categorize Azure Services. Besides the Resource Groups, Azure Tags are the second important organisation feature in the Azure Management Portal.


Azure Costs now imports the Azure Tag definitions and the associated values automatically during the nightly sync. Every Azure Tag is offered as an additional group option for the given spending data. The import works for all contract types including Pay-as-you-Go, Cloud Solution Provider and Enterprise Agreements.

Interested in the new feature?
Try the new feature today by simply logging into your azure costs account. The feature is part of any plan.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to

Azure Costs: Support for Azure Cloud Germany available

A couple of weeks ago Microsoft announced the availability of the Azure Cloud Germany. This gives all customers with strong requirements regarding data privacy and who are not able to rely on Privacy Shield the option, to use Azure in two dedicated data centers located in Germany. The most  important detail is that Microsoft chose T-Systems, a daughter company of the German Telecom as the trustee for the German Cloud operations.


Azure Costs becomes part of the Azure Cloud Germany and is available under the new url

We are excited to announce that we offer our service in the same quality and with the same performance in the Azure Cloud Germany. Additional information related to the Azure Cloud Germany is available here.

Interested in the new feature?
Try the new feature today by simply logging into your azure costs account with our new german url. All plans are available in Germany as well.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to

Azure Costs: Advanced Alerting and Burn Rate Reports

Just two weeks ago we announced the release of our revised notification service for azure costs. This version provided advanced options to configure daily reports and alerts more granularly. This week we are very excited to announce more advanced features regarding our notification services which will help you to keep your cloud spendings under control.

Advanced Alert Dimensions:
Azure Costs now supports more alert dimensions to define more powerful alert policies to support your business needs optimally.


The following dimension are now available in azure costs:

  • Costs: Triggers an alert when the monthly costs become higher than defined in the limit.
  • Daily Burn Rate (absolute): This dimension triggers an alert when the daily burn rate of that day we send the mail becomes higher than defined in the limit.
  • Daily Burn Rate (relative): The relative difference of the daily burn rate triggers an alert when the change of the daily burn rate between two days becomes higher than defined in the limit. The relative difference calculates all values in percentages.
  • Daily Burn Rate Difference: The absolute difference of the daily burn rate follows the same rules as the relative difference but calculates all values in the currency the contract is managed for.
  • Daily Burn Rate Maximum: The maximum burn rate validates the burn rate of every day in the current month and triggers an alert when one value of a single day becomes higher than the limit.

If you expect more dimensions for your business needs, just let us know. We would happily extend this feature with the help of our customers. Just drop us an e-mail or open a support ticket.

Mail Based Burn Rate Report:
The best indication of costs spikes and unusual behaviour of different users and administrators in your Azure subscriptions is the daily burn rate report. A couple of month ago we introduced this report as part of our improved dashboard. Today we are announcing the integration of the burn rate report as part of our mail report.


This gives every cost- and spending manager the fastest way to get an overview and generates a call for action only when it’s really required.

Manage Alerts & Notifications for your Team-Mates:
Ensure that all of your team mates are informed on your finger tips. The team management area allows you to define notification and alert policies for every single team member, so that your co-workers will never miss an important information.


Interested in the new feature?
Try the new feature today by simply logging into your azure costs account. The feature is part of any plan.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to

Azure Costs: Revised Notification Services

We’re very excited today, to announce the release of our revised notification service for azure costs. This new version gives you advanced options to configure daily reports and alerts more granularly.

User Based Notification Settings:
Many Team Administrator would like to give their team mates and co-workers the freedom to configure their daily spending report. The new User Based Notification Settings allow administrators and team members to define personal notification settings independently.


Administrators are now able to recommend corporate standards which can be used or extended from the team members.

Policy Based Alerts:
There are several conditions which trigger an alert. The new policy based alert service allows to define required business rules in azure costs to trigger spending alerts at the right time in the right context.

Airmail 2016-10-09 19-33-48.png

How to get started?
The User Based Notification Settings feature can be used right now as part of every paid plan. Policy Based Alerts are part of every professional plan or higher. Try the new features today by simply logging into your azure costs portal.

Any questions, wishes or ideas? Try our feedback portal or drop a mail to


Hey ISVs, build your own oAuth2 service :-)

Are you a SaaS Software Vendor? Do you have the idea of providing your customers an API first approach? Do you want to offer a scalable solution in the cloud? Why the h… do you need an oAuth2 server?

Many successful SaaS vendors offer an identity infrastructure based on oAuth2. Good examples are Digital Oceans, Microsoft, Amazon or Matrix42 with MyWorkspace. This article intends to explain the reasons why you should offer your own oAuth2 infrastructure when you publish a SaaS application to the world.

Five reasons to offer an oAuth2 service

  • Adapt the Micro-Service-Architecture
    SaaS applications today are different to Web applications 10 years ago. The most vendors are following the micro services architecture pattern. Let’s re-cap what Micro-Services intend to be. At the end this architecture pattern means that a vendor offers many different web services independent from each other for a specific offering. Have a look on the big ones like Microsoft Azure: They offer the Azure Resource Manager, the Storage API or the Office 365 Graph API as independent services. Compared to that public ones, Matrix42 with MyWorkspace offers services for handling identity, files, workflows and BI dashboards. Azure Costs, the service the author is also working on, is divided in separate small services for processing spending information, handling trend analytics or managing teams. All these are good examples for Micro Service and they have something together.jwt
    A session cookie based approach would not work, because this means every web service needs to take care of the session. A token based approach for authorization is a better option and the best option to provide a token is the JWT (LINK to Blog) token.

    How to get the JWT:
    Just use an oAuth2 service you provide for your micro service infrastructure. Check out different offerings in the IDaaS market or write your own.

  • State of the art Single Sign On (SSO) and federated security
    Today customers expect single sign on for their workforce. This means every SaaS application needs to support various flavours of federated security and single sign on. A better approach is to totally rely on JWT tokens and delegate the complex identity work to your oAuth2 service. The oAuth2 service should talk to the different company directories like Active Directory, Azure Active Directory or SAML2. This keeps your micro service infrastructure simple, clean and scalable again and you can drive them with just one concept and not multiple.

    How to connect to other directories:
    There are solutions in the market like Matrix42 MyWorkspace acting as identity bridge. Integrating these solutions reduces the work in your oAuth2 service to mitigate between the different identity providers.

  • Customer requires API First approach
    When talking with customers and the customer likes your solution often the second or third question is “How can I integrate …”. Translated into the language of developers this means “Do you have an API we can easily adapt?”.

    { REST }

    Because of that API first is an approach every SaaS vendor should follow. Remind the first bullet point in this article and assume your API relies totally on JWT tokens. You need to deliver a special JWT token to your customers for integration. Normally this tokens are called app-only tokens and can be used with a client credentials against an oAuth2 service. Azure Costs, as a simple example, explains how to deal with app-only tokens in the this article.

    How to issue customer integration API tokens:
    Provide a separate oAuth2 service that supports the client credentials flow incl. app-only tokens.

  • Support for mobile, web and fat clients required
    Today’s market is not focused on a special operating system or platform anymore. Even Microsoft changed their mind dramatically and now they offer with Azure one of the best cloud platforms for all kind of devices including IOT devices. Mostly every SaaS application has sooner or later the requirement to integrate different clients. The compelling event for this is normally the requirement for a mobile app but also the requirement to support a browser extension or just the integration in an embedded device. oAuth2 delivers different permission grant flows to support any kind of device and use case. This means offering an oAuth2 service gives you the freedom to support any new device because your identity infrastructure is decoupled from your micro services infrastructure.

    How to connect a mobile app to my service:
    Provide a separate oAuth2 service which support, the so called indirect flow. Normally you should not use the code flow but you need to provide some kind of device management.

  • Stay scalable for your access
    Last but not least, scalability or better the option to be ready for growing your company is a key success criteria every SaaS vendor should have an eye on. The micro-service architecture and the decoupled identity infrastructure gives you the freedom the split and combine services on different services in different clouds and in different locations.

    How to stay scalable:
    Decouple identity from resource services and enjoy the freedom to let the infrastructure grow by business needs.

Yes we can! Get your own oAuth2 service

When you think about building an oAuth2 service for your application you can start by building your own stuff. This is a great option when you need to stay under control of everything. There are also IDaaS providers on the market like Matrix42 with MyWorkspace, Auth0 or Azure Active Directory. These providers are a good starting point for your identity management project.

A hybrid approach is often the most practical. This means your engineers will provide a home grown oAuth2 service to support existing user accounts. This service should act as identity proxy to an IDaaS provider to open up the world of federated security and Single Sign On for your enterprise customers. Never waste time and budget on building an infrastructure for federated security by your own.

This article covered many technical topics on a very high level perspective. If you like it, let me know, as I think about creating a series out of it, to cover topics in more technical depth. Feel free to follow this blog to never miss an update about the upcoming series.