Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

subscriptions

Summary

RecommendationImpactCategoryAutomation AvailablePG Verified
Do not create more than 2000 Citrix VDA servers per subscriptionHighGovernanceYesVerified
Subscriptions should not be placed under the Tenant Root Management GroupMediumGovernanceYesVerified

Details

Do not create more than 2000 Citrix VDA servers per subscription

Impact:  High Category:  Governance PG Verified:  Verified

APRL GUID:  c041d596-6c97-4c5f-b4b3-9cd37628f2e2

Description:

A Citrix Managed Azure subscription supports VMs with VDA for app/desktop delivery, excluding other machines like Cloud Connectors. When close to the limit, signaled by a dashboard notification, and with sufficient licenses, request another subscription. Can't exceed the given limits for catalogs.

Potential Benefits:

Avoids hitting limit, ensures reliability
Learn More:
Citrix Limits

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Count VM instances with a tag that contains "Citrix VDA" and create output if that count is >2000 for each subscription.
// The Citrix published limit is 2500. This query runs an 80% check.

resources
| where type == 'microsoft.compute/virtualmachines'
| where tags contains 'Citrix VDA'
| summarize VMs=count() by subscriptionId
| where VMs > 2000
| join (resourcecontainers| where type =='microsoft.resources/subscriptions' | project subname=name, subscriptionId) on subscriptionId
| project recommendationId='c041d596-6c97-4c5f-b4b3-9cd37628f2e2', name= subname, id = subscriptionId, param1='Too many instances.', param2= VMs

Subscriptions should not be placed under the Tenant Root Management Group

Impact:  Medium Category:  Governance PG Verified:  Verified

APRL GUID:  5ada5ffa-7149-4e49-9fbf-e67be7c2594c

Description:

The root management group in Azure is designed for organizational hierarchy, allowing for all management groups and subscriptions to fold into it.

Potential Benefits:

Enhanced security, compliance, and management
Learn More:
Management group recommendations
Root management group for each directory

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Provides a list of Azure Subscriptions that are placed under the Tenant Root Management Group
resourcecontainers
| where type == 'microsoft.resources/subscriptions'
| extend mgParentSize = array_length(properties.managementGroupAncestorsChain)
| where mgParentSize == 1
| project recommendationId="5ada5ffa-7149-4e49-9fbf-e67be7c2594c", name, id, tags