Solution Atlas
EverydayUser storyConsultative playbook

The cloud bill jumped 40% and no one can explain why

A CFO has flagged an unexpected 40% rise in Azure spend over two months. The platform team can see the totals but cannot allocate cost to teams or workloads — tags are inconsistent, subscriptions are mixed, and forecasting is missing. Finance wants accountability and a reliable forecast within the quarter.

Trigger
CFO escalation; cost spike with no clear cause.
Good outcome
Tagged cost allocation per team, forecast model live, quarterly FinOps cadence established.
Diagnostic discovery

Signals this story fits

Observable cues that confirm the conversation belongs here.

  • ·CFO escalation on unexpected cloud bill spike
  • ·30%+ cost rise with no clear attribution
  • ·Tags inconsistent or absent
  • ·No team-level allocation
  • ·No FinOps practitioner in role

Questions to ask

Open-ended, SPIN-style — each one has a reason it matters.

  1. 1.What's driving the recent cost spike — usage, pricing, migrations, or all three?

    WhyThree different fixes. Without diagnosis, optimisation is a guess.

  2. 2.How do you allocate cost to teams today?

    WhyAllocation maturity drives every other FinOps lever.

    Listen for: “by subscription only” · “we don't really” · “inconsistent tags”

  3. 3.What's your tag taxonomy — documented, enforced, neither?

    WhyTagging discipline is the foundation. Without it, allocation is fiction.

  4. 4.Who owns the FinOps function today?

    WhyNo owner = no programme. Surfaces the headcount or rotation decision.

  5. 5.What's your cloud-cost forecasting cadence?

    WhyForecast cadence is the maturity threshold — without it, surprises continue.

  6. 6.When the bill spikes, how many days does it take to know why?

    WhyAnchors the visibility business case.

Baseline → target architecture

TOGAF-style gap framing — what we typically see today, and what the proposed end state looks like. The gap between them is the engagement.

Baseline architecture

Cost visibility limited to subscription-level. Tags inconsistent. Team-level allocation manual or absent. No forecast. No FinOps practitioner. Cost Management on by default but underused. Defender for Cloud surfacing idle resources but no remediation cadence.

Typical concerns

  • ·Cost variance without explanation
  • ·No team accountability for spend
  • ·Forecast confidence low
  • ·Idle and orphaned resources accumulating
  • ·Procurement reactive, not anticipatory

Capability gaps

  • ·Tag taxonomy enforced
  • ·Team-level cost allocation
  • ·Forecast model and cadence
  • ·FinOps cadence with platform + finance
  • ·Anomaly detection
Target architecture

Tag taxonomy enforced via Azure Policy. Cost Management with team-level allocation and named owners. Monthly forecast model. FinOps cadence with platform and finance present. Anomaly detection alerts on cost spikes. Defender for Cloud feeds idle-resource cleanup into the platform-team backlog.

Key capabilities

  • Tag taxonomy enforcement
  • Team-level cost allocation
  • Monthly forecast
  • FinOps cadence with platform + finance
  • Anomaly detection

Enabling SKUs

Resolved in the ‘Recommended cards’ section below.

Architecture decisions

Each decision is offered as explicit options with trade-offs — Hohpe's “selling options” principle. A safe default is noted where one exists.

  1. Decision 1.Tag enforcement — Azure Policy denial vs audit

    Policy denial

    When it fitsGreenfield or appetite for friction; auditor pressure.

    Trade-offsInitial team friction during transition.

    Policy audit only

    When it fitsBrownfield with significant existing non-compliant resources.

    Trade-offsCompliance slow to follow.

    Default recommendationAudit for the first 60 days; denial from day 61 on new resources.

  2. Decision 2.FinOps role — dedicated practitioner vs platform-team responsibility

    Dedicated FinOps practitioner

    When it fitsCloud spend above €5M annually; CFO sponsorship.

    Trade-offsHeadcount cost.

    Platform-team responsibility

    When it fitsSmaller estate; platform team has capacity.

    Trade-offsRisk of FinOps becoming the platform team's backlog tail.

    Default recommendationPlatform-team responsibility for estates below €5M annual; dedicated practitioner above.

  3. Decision 3.Tooling — Cost Management only vs third-party (Apptio, CloudHealth)

    Cost Management only

    When it fitsAzure-only estate; free tier is enough.

    Trade-offsMulti-cloud cost view requires Cost Management+ paid AWS/GCP connectors.

    Third-party

    When it fitsHeavy multi-cloud; need cross-cloud allocation; existing tooling investment.

    Trade-offsPer-spend licensing; tool sprawl.

    Default recommendationCost Management for Azure; third-party only when multi-cloud cost is a board priority.

Low-risk trial — proof of value

30-day FinOps foundation — tag taxonomy + first forecast

4 weeks

Tag taxonomy defined and applied via Azure Policy (audit mode). Cost Management dashboard published with team-level allocation. Monthly forecast model produced. Idle and orphaned resources flagged via Defender for Cloud. First FinOps cadence run with platform and finance.

Success criteria

  • Tag coverage above 90% on the active estate
  • Cost allocation by team published
  • Forecast accuracy within 10% of actual for the trial month
  • Idle-resource cleanup backlog established

InvestmentCost Management free for Azure. Advisory engagement + platform-team time. No new SKUs.

Proof metrics

  • ·Tagged spend coverage above 90%
  • ·Forecast accuracy within 10%
  • ·Time-to-anomaly-detection under 48 hours
  • ·Idle-resource backlog actioned at >50% per quarter

Recommended cards

The SKUs and capabilities most likely to be part of the solution, with the editorial rationale for each in the context of this story. Add the ones that fit your situation.

Why for this story

The Azure-native cost visibility plane. Tags and scopes drive team allocation. Free, included with Azure.

Why for this story

Usage and resource telemetry feeds cost attribution. Logs and metrics enable anomaly detection.

Why for this story

Surfaces idle and orphaned resources via security posture — a complementary cost-reduction lever.

Back to Cost visibility