Azure Capacity & Enablement Toolkit
A reusable, read-only-by-default toolkit for validating regional / zonal SKU enablement, quota, capacity, zonal resilience and AKS / database footprint in any Azure tenant — the analysis side uses nothing more than Reader access (Spot placement is the one exception — it needs the read-only Compute Recommendations Role). It shows you, in concrete numbers, what is actually enabled in a region when you hit regional capacity or availability-zone constraints. One opt-in tool can also provision quota groups (see Commands reference and the quota-groups guide).
What it answers
- Is SKU X enabled regionally? In which availability zones?
- Which of my subscriptions are missing enablement?
- How much quota / headroom do I have per VM family, and where is it stranded?
- How do logical zones (1/2/3) map to physical zones for each subscription?
- How many AKS clusters do we have, where, and on what node SKUs?
- Which regions do we run in today, and is region X a viable alternative to deploy/move to?
- Do we have quota groups, how are they designed, and is there pooled headroom?
- Am I about to hit a non-compute limit — public IPs, NICs, load balancers, storage accounts, App Service plans, SQL/Cosmos throughput, resource groups, role assignments?
- Do we hold guaranteed (reserved) capacity, and is it actually being used?
- Is there actually Spot capacity to place SKU X in region/zone Y right now (placement score)?
- Draft me the support request to get SKU X enabled regionally and in AZ01/AZ02/AZ03.
Documentation map
| Page | What’s in it |
|---|---|
| Getting started | Prerequisites, access, install, your first run |
| Concepts | Capacity vs quota, regional vs zonal, zone mapping, quota groups, region readiness |
| Commands reference | Every script, its parameters and outputs, plus raw az one-liners |
| Dashboard guide | The HTML dashboard tabs and how to read them |
| Troubleshooting & FAQ | Common questions, platform gotchas, best practices |
| Sharing & security | Read-only-by-default guarantees and how to sanitize before sharing |
Automating it with an AI agent?
AGENTS.mdtells GitHub Copilot CLI (or any agent) how to drive the toolkit safely against a tenant.
At a glance
- Read-only by default. Every analysis script only reads; nothing is created, modified or
deleted, and the only writes are local CSV / HTML / JSON files under
output/. The one exception is the opt-inDeploy-QuotaGroups.ps1rollout tool (see the quota-groups guide). - Reader access is enough for everything except quota-group reads (management-group read),
Spot placement scores (the read-only Compute Recommendations Role) and
kubectlinspection (Cluster User/Admin — out of scope). - Self-contained output. CSVs and a single interactive HTML dashboard that opens offline.
See the repository README for a one-minute overview and the LICENSE (MIT).