How avoid Azure Subscription suspension?
Two weeks ago, all our Azure production systems went down, and we received an e-mail from them saying
We’ve disabled your Azure subscription
To protect the security and privacy of your account, we perform routine audits of all Azure subscriptions. During one of these audits, we identified suspicious activity in your subscription that violates the Microsoft Acceptable Use Policy. We’ve disabled your subscription until the issue can be resolved.
If you believe this is an error, please contact Azure support.
We knew of no problem, and had received no previous warnings, so we contacted support. (We have a Standard support plan, which gets us a fairly quick response, but not necessarily a resolution.) After 11 hours (and many e-mails) everything turned on again and we received a message saying simply
You subscription is enabled.
Microsoft have not answered queries for an explanation as to what this "suspicious activity" was, nor how they resolved the situation and were able to enable our account again. They have not explained why they could provide no information about the cause of the problem for the duration of the problem.
Has anyone else experienced this? How can we avoid it in future?
Edit
Microsoft have now responded and said
...we identified that suspicious activity was on the IP that was originally mapped to the service that was deployed on your subscription. IP was hosting a phishing page that was attributed to Azure. Hence our system tracked the subscription and tagged as Terms Of Use Violation. Hence the subscription got suspended.
They have also accepted that it took longer than should have. They gave us a credit for one month's use on that subscription.
Having your account suspended or terminated without notice is one of the risks of using a public cloud. It is likely a very low risk (for most organizations) but it won't feel that way when it happens to you!
You mitigate this risk the same way as any other single point of failure. You host your applications across multiple cloud providers, so that the loss of one does not completely stop production.
You probably should also have part of your production environment on premise. This design has its own buzzword, hybrid cloud, and each cloud provider has its own idea of a hybrid cloud solution. You should evaluate these to see which meet your needs or whether you need to build something all your own.
Never heard of it happening, but all you really can do is to keep asking them what the activity was.
I would also go through all of your services and think what it could be. Maybe a mail relay service somewhere that could have sent spam. Or if you use a crawler bot. Things like that is not allowed to run in Azure.