Operations Runbook

Quick Reference

Item	Value
Management Group	smb-rf (SMB Ready Foundation)
Primary Region	swedencentral
Resource Groups	rg-hub, rg-spoke, rg-monitor, rg-backup, rg-migrate, rg-security
MG Policy Count	See Policy Catalog
Sub Policy Count	Subscription-scoped policies (backup, defender, budget)

Critical Resources

Resource	Name	Resource Group	Criticality
Azure Firewall	fw-hub-smb-swc	rg-hub-smb-swc	High
VPN Gateway	vpng-hub-smb-swc	rg-hub-smb-swc	High
Key Vault	kv-smbrf-swc-*	rg-security-smb-swc	High
Log Analytics	log-smbrf-smb-swc	rg-monitor-smb-swc	Medium
Recovery Vault	rsv-smbrf-smb-swc	rg-backup-smb-swc	Medium

Daily Health Checks

Morning check (~5 minutes):

1. Verify Azure Service Health — no active incidents in swedencentral
2. Check Firewall status — running and healthy (if deployed)
3. Check VPN Gateway — connected (if deployed)
4. Review Log Analytics ingestion — data flowing
5. Check budget alerts — no overspend notifications

KQL — System Health Overview:

AzureDiagnostics
| where TimeGenerated > ago(24h)
| where Level == "Error"
| summarize ErrorCount = count() by ResourceType, Resource
| order by ErrorCount desc
| take 10

Incident Response

Severity Levels

Severity	Definition	Response Time	Escalation
P1	Complete service outage, no workaround	15 minutes	Immediate
P2	Major feature unavailable, workaround exists	1 hour	Within 2 hrs
P3	Minor issue, service functional	4 hours	Next day
P4	Cosmetic/documentation issue	Best effort	None

Common Error Codes

Error Code	Meaning	Resolution
AnotherOperationInProgress	Resource locked by concurrent operation	Wait 5–10 min, retry
InternalServerError	Azure platform issue	Check Service Health, retry
QuotaExceeded	Subscription limit reached	Request quota increase

Common Procedures

Restart Azure Firewall

Azure Firewall cannot be restarted directly. To recover:

# Option 1: Force re-provisioning (5–10 min downtime)
$fw = Get-AzFirewall -Name "fw-hub-smb-swc" -ResourceGroupName "rg-hub-smb-swc"
Set-AzFirewall -AzureFirewall $fw

# Option 2: Stop and Start (10–15 min downtime)
$fw = Get-AzFirewall -Name "fw-hub-smb-swc" -ResourceGroupName "rg-hub-smb-swc"
$fw.Deallocate()
Set-AzFirewall -AzureFirewall $fw
# Wait for deallocation, then re-allocate
$fw.Allocate($vnet, $pip, $mgmtPip)
Set-AzFirewall -AzureFirewall $fw

VPN Gateway Troubleshooting

# Check status
Get-AzVirtualNetworkGateway -Name "vpng-hub-smb-swc" -ResourceGroupName "rg-hub-smb-swc"

# Check connections
Get-AzVirtualNetworkGatewayConnection -ResourceGroupName "rg-hub-smb-swc"

# Reset gateway (15–30 min recovery)
Reset-AzVirtualNetworkGateway -VirtualNetworkGateway $gw

Log Analytics Cap Adjustment

If the 500 MB/day cap is hitting limits:

az monitor log-analytics workspace update \
  --resource-group rg-monitor-smb-swc \
  --workspace-name log-smbrf-smb-swc \
  --quota 1

Caution

Increasing the daily cap increases costs. Each additional GB costs ~$2.30/month in swedencentral.

Budget Alert Response

1. Check current spend: Cost Management → Cost analysis in the Azure Portal
2. Identify the top cost contributor (usually Firewall or VPN Gateway)
3. If approaching the $500 cap, consider downgrading the scenario (e.g., full → firewall)
4. For VM workload costs, review VM SKUs against the allowed list (B, D/E v5/v6)

Maintenance Windows

Task	Frequency	Impact	Duration
Policy compliance review	Monthly	None	30 min
Backup verification	Weekly	None	15 min
AVM module updates	Quarterly	Redeploy	1–2 hours
Firewall rule review	Monthly	None	30 min