Azure Capacity & Enablement Toolkit

A reusable, read-only-by-default toolkit for validating regional / zonal SKU enablement, quota, capacity, zonal resilience and AKS / database footprint in any Azure tenant — the analysis side uses nothing more than Reader access (Spot placement is the one exception — it needs the read-only Compute Recommendations Role). It shows you, in concrete numbers, what is actually enabled in a region when you hit regional capacity or availability-zone constraints. One opt-in tool can also provision quota groups (see Commands reference and the quota-groups guide).

What it answers

  • Is SKU X enabled regionally? In which availability zones?
  • Which of my subscriptions are missing enablement?
  • How much quota / headroom do I have per VM family, and where is it stranded?
  • How do logical zones (1/2/3) map to physical zones for each subscription?
  • How many AKS clusters do we have, where, and on what node SKUs?
  • Which regions do we run in today, and is region X a viable alternative to deploy/move to?
  • Do we have quota groups, how are they designed, and is there pooled headroom?
  • Am I about to hit a non-compute limit — public IPs, NICs, load balancers, storage accounts, App Service plans, SQL/Cosmos throughput, resource groups, role assignments?
  • Do we hold guaranteed (reserved) capacity, and is it actually being used?
  • Is there actually Spot capacity to place SKU X in region/zone Y right now (placement score)?
  • Draft me the support request to get SKU X enabled regionally and in AZ01/AZ02/AZ03.

Documentation map

Page What’s in it
Getting started Prerequisites, access, install, your first run
Concepts Capacity vs quota, regional vs zonal, zone mapping, quota groups, region readiness
Commands reference Every script, its parameters and outputs, plus raw az one-liners
Dashboard guide The HTML dashboard tabs and how to read them
Troubleshooting & FAQ Common questions, platform gotchas, best practices
Sharing & security Read-only-by-default guarantees and how to sanitize before sharing

Automating it with an AI agent? AGENTS.md tells GitHub Copilot CLI (or any agent) how to drive the toolkit safely against a tenant.

At a glance

  • Read-only by default. Every analysis script only reads; nothing is created, modified or deleted, and the only writes are local CSV / HTML / JSON files under output/. The one exception is the opt-in Deploy-QuotaGroups.ps1 rollout tool (see the quota-groups guide).
  • Reader access is enough for everything except quota-group reads (management-group read), Spot placement scores (the read-only Compute Recommendations Role) and kubectl inspection (Cluster User/Admin — out of scope).
  • Self-contained output. CSVs and a single interactive HTML dashboard that opens offline.

See the repository README for a one-minute overview and the LICENSE (MIT).