The Problem with Scattered Cost Visibility
In most organizations, Azure cost data lives in silos. The infrastructure team checks one subscription’s Cost Analysis page. The application team reviews a different subscription. Finance logs into the billing portal and sees totals that nobody on the engineering side recognizes. When someone asks “how much are we spending on Azure?” the answer depends entirely on who you ask and which scope they are looking at.
A centralized cost reporting solution eliminates these inconsistencies by pulling cost data from every subscription, management group, and billing scope into a single platform. Whether you build it with the Microsoft FinOps toolkit, a custom Azure Data Explorer pipeline, or Power BI connected to centralized exports, the goal is the same: one source of truth that every team trusts and every decision references.
This guide walks through the architecture options for centralized cost reporting, the data collection strategies that feed them, the access controls that keep the right people informed, and the practical trade-offs between different implementation approaches.
Understanding the Azure Cost Scope Hierarchy
Before centralizing anything, you need to understand how Azure organizes cost data. Two parallel hierarchies exist, each offering a different lens into the same spending.
Billing Scopes
The billing hierarchy flows from the top-level billing account through intermediate levels down to subscriptions:
- Billing account — The EA enrollment or MCA billing account. Contains all charges including usage, purchases, reservations, and marketplace transactions.
- Department (EA) / Billing profile (MCA) — Organizational subdivisions within the billing account.
- Enrollment account (EA) / Invoice section (MCA) — Sub-groupings that typically map to teams or projects.
- Subscription — The Azure subscription where resources are deployed.
Azure RBAC Scopes
The resource management hierarchy provides a separate access path:
- Management group — Can contain up to 3,000 subscriptions, with up to 6 levels of depth. Provides aggregated usage-based cost views but excludes purchase charges.
- Subscription — Individual subscription costs.
- Resource group — Costs for resources within a specific group.
The critical distinction: billing scopes include all charge types (usage, purchases, reservations, marketplace). Management group scopes include only usage-based charges. For a truly complete centralized view, querying at the billing account scope captures everything.
Architecture Options for Centralized Reporting
Three main approaches exist, each trading simplicity for scalability and flexibility.
Option 1: Billing Account Cost Analysis
The simplest approach uses Cost Analysis directly at the billing account scope. Navigate to Cost Management + Billing, select your billing account, and open Cost Analysis. This immediately shows aggregated costs across all subscriptions with the same grouping, filtering, and view options available at lower scopes.
This option requires no infrastructure setup and works immediately. It is limited by the 13-month data retention in the portal and does not support custom analysis beyond what the built-in views provide. For small-to-medium organizations with a single billing account and straightforward reporting needs, this may be sufficient.
Option 2: Centralized Exports with Azure Data Explorer
For organizations that need long-term history, cross-tenant aggregation, or advanced analytical queries, exporting cost data to a centralized storage account and ingesting it into Azure Data Explorer provides the most flexible platform.
The architecture is straightforward:
- Configure scheduled exports from each billing scope or subscription, targeting a shared storage account
- Azure Data Explorer ingests the exported files automatically through a data connection
- KQL queries run against the centralized dataset, covering months or years of data across all subscriptions
- Dashboards (ADX native dashboards, Power BI, or Azure workbooks) visualize the results
Azure Data Explorer starts at approximately $120 per month for a single-node cluster and scales to handle unlimited data volumes. For every $1 million in monitored cloud spend, expect roughly $10 per month in additional Data Explorer costs for storage and compute.
Option 3: FinOps Hubs (Microsoft FinOps Toolkit)
The FinOps toolkit from Microsoft provides a pre-built centralized reporting architecture that deploys via Bicep templates. The hub architecture includes:
- Azure Data Lake Storage Gen2 as the staging area for exported cost data
- Azure Data Factory for ingestion and transformation pipelines
- Azure Data Explorer (or Microsoft Fabric Real-Time Intelligence) as the scalable analytical engine
- Azure Key Vault for credential management
- Pre-built Power BI reports connected to the hub’s data store
The key advantage of FinOps hubs over a custom pipeline is that they handle the normalization into FOCUS format automatically, support reporting across multiple billing accounts and separate tenants, and include pre-built reports for common FinOps scenarios like commitment discount savings and cost allocation.
Deployment
Deploying a FinOps hub requires these steps:
- Register the
CostManagementExportsandEventGridresource providers in the hosting subscription - Plan network routing (public or private endpoint connectivity)
- Optionally provision Microsoft Fabric Real-Time Intelligence as the analytical backend
- Deploy the hub Bicep template via the provided deployment link
- Create cost exports targeting the hub’s storage account, or grant the hub access to existing exports
- Connect Power BI reports or configure ADX dashboards
The deployment requires Contributor and Role Based Access Control Administrator permissions (or Owner) on the target resource group.
Data Collection Strategy
The foundation of any centralized solution is consistent, comprehensive data collection. Several approaches exist depending on your billing structure.
Billing Account-Level Exports
A single export at the billing account scope captures all subscriptions under that account. This is the most efficient approach for EA enrollments or MCA billing accounts where all subscriptions should be reported centrally.
# Create a billing account-level FOCUS export
$scope = "/providers/Microsoft.Billing/billingAccounts/your-enrollment-id"
$exportName = "centralized-focus-daily"
$token = (Get-AzAccessToken -ResourceUrl https://management.azure.com).Token
$body = @{
properties = @{
format = "Parquet"
compressionMode = "snappy"
partitionData = $true
dataOverwriteBehavior = "OverwritePreviousReport"
definition = @{
type = "FocusCost"
timeframe = "MonthToDate"
dataSet = @{ granularity = "Daily" }
}
deliveryInfo = @{
destination = @{
type = "AzureBlob"
container = "cost-data"
resourceId = "/subscriptions/hub-sub-id/resourceGroups/rg-finops/providers/Microsoft.Storage/storageAccounts/stfinopshub"
rootFolderPath = "billing-account"
}
}
schedule = @{
status = "Active"
recurrence = "Daily"
recurrencePeriod = @{
from = "2026-04-01T00:00:00Z"
to = "2029-04-01T00:00:00Z"
}
}
}
} | ConvertTo-Json -Depth 10
$headers = @{ Authorization = "Bearer $token"; "Content-Type" = "application/json" }
$uri = "https://management.azure.com$scope/providers/Microsoft.CostManagement/exports/${exportName}?api-version=2025-03-01"
Invoke-RestMethod -Uri $uri -Method PUT -Headers $headers -Body $bodyManagement Group-Level Exports
For EA organizations that need to aggregate by organizational structure rather than billing hierarchy, management group exports roll up costs from all child subscriptions. Be aware of the limitations: these exports support only usage-based charges in CSV format without compression, and they do not include reservation purchases, savings plan charges, or marketplace transactions.
Using FOCUS for Standardization
The FinOps Open Cost and Usage Specification (FOCUS) format combines actual and amortized costs into a single export, uses standardized column names, and is supported across Azure, AWS, Google Cloud, Oracle, and several other providers. If your organization runs workloads across multiple cloud providers, FOCUS exports from each provider can be combined into a single analytical dataset without schema translation.
FOCUS exports are available for EA and MCA billing scopes at the subscription, resource group, billing account, billing profile, and invoice section levels. Management group scope does not support FOCUS format.
Access Control for Centralized Reporting
Centralized reporting creates a tension between visibility and data sensitivity. Cost data often reveals organizational priorities, vendor pricing, and team budgets that not everyone should see.
RBAC Roles for Cost Data Access
| Role | View Costs | Manage Budgets | Manage Exports |
|---|---|---|---|
| Cost Management Reader | Yes | View only | View only |
| Cost Management Contributor | Yes | Create/Edit/Delete | Create/Edit/Delete |
| Reader | Yes | View only | View only |
| Contributor | Yes | Create/Edit/Delete | Create/Edit/Delete |
For centralized reporting, assign Cost Management Reader at the management group or billing scope to give the FinOps team view access across all subscriptions. This is the least-privilege role that provides the necessary visibility without granting the ability to modify budgets or exports.
For the team responsible for maintaining the reporting infrastructure (setting up exports, managing budgets), Cost Management Contributor provides the right level of access. Additionally, they need Storage Blob Data Contributor on the target storage account to manage export destinations.
EA-Specific Access Settings
Enterprise Agreement accounts have additional visibility controls. Two settings must be explicitly enabled by the Enterprise Administrator:
- DA view charges — Allows Department Administrators to see cost data for their departments
- AO view charges — Allows Account Owners to see cost data for their enrollment accounts
If these settings are disabled, even users with Cost Management Reader role at lower scopes will see no data. This is a common source of confusion when setting up centralized reporting — all RBAC permissions look correct, but the EA-level settings block the data.
Connecting Dashboards to Centralized Data
Once cost data flows into a central store, multiple visualization options exist.
Azure Data Explorer Dashboards
ADX includes native dashboard capabilities that query the centralized cost database directly. These dashboards support KQL queries, interactive filtering, and sharing via URL links. For technical teams comfortable with KQL, ADX dashboards are the fastest path from raw data to visualization.
Power BI Reports
Power BI connects to centalized data through several paths. The FinOps toolkit includes pre-built Power BI starter kits with reports covering cost trends, commitment utilization, and resource-level breakdowns. For custom reports, Power BI can connect directly to Azure Data Explorer via the ADX connector (DirectQuery mode avoids data import limits) or to the storage account where exports land.
A data source comparison from the FinOps toolkit helps guide the choice:
| Data Source | Monthly Cost | Max Data | Cross-Tenant | KQL Support |
|---|---|---|---|---|
| CM Connector | $0 | ~$2M in cost data | No | No |
| Storage Account | ~$3-5 per $1M | ~$2M/month | Via hubs | No |
| Data Explorer | $120 + $10/$1M | Unlimited | Yes | Yes |
| Fabric RTI | $300 + $10/$1M | Unlimited | Yes | Yes |
For organizations monitoring less than $2 million in monthly Azure spend with a single tenant, the Cost Management Power BI connector is free and sufficient. For larger environments, Data Explorer provides unlimited scale and advanced query capabilities.
Azure Workbooks
Azure Monitor workbooks can query Cost Management data and present it alongside operational metrics. This is particularly useful for teams that want to see cost data in the same context as performance and availability metrics, without switching between tools.
Cross-Tenant and Multi-Cloud Considerations
Organizations that span multiple Azure tenants — through mergers, partnerships, or organizational structure — face additional complexity. Standard Cost Management scopes do not cross tenant boundaries.
The FinOps hub architecture explicitly addresses this by accepting cost exports from multiple tenants into a single storage account. Each tenant configures exports to the hub’s storage endpoint, and the hub’s Data Factory pipelines ingest and normalize the data regardless of its source tenant.
For multi-cloud scenarios, the same storage account can receive FOCUS-formatted cost exports from AWS (via CUR 2.0 in FOCUS format) and Google Cloud (via BigQuery FOCUS exports), creating a truly unified cost dataset. KQL queries against this combined dataset can compare cloud-to-cloud spending without manual data reconciliation.
Scaling the Solution
Centralized cost reporting tends to grow in two dimensions: more data (more subscriptions, longer history) and more consumers (more teams wanting dashboards and reports).
Data Growth Management
Parquet format exports are critical for controlling storage costs at scale. They are typically 70 to 80 percent smaller than equivalent CSV exports and perform dramatically better in analytical queries. Enable Snappy compression on all Parquet exports.
In Azure Data Explorer, configure retention policies and caching policies to balance query performance against storage costs. Hot cache (SSD) for the last 90 days of data provides fast interactive queries, while cold storage handles the multi-year archive at lower cost.
Consumer Growth Management
As more teams request access to cost data, role-based access at the Power BI workspace level or ADX database level controls who sees what. Row-level security in Power BI can restrict dashboard views by subscription or resource group, ensuring that teams see only their own costs even though the underlying dataset contains everything.
Getting Started Incrementally
You do not need to build the entire architecture at once. A practical progression looks like this:
Week 1: Set up billing account-level cost exports to a centralized storage account. Use FOCUS format with Parquet and Snappy compression. This starts your historical data collection immediately, even if you do not analyze it yet.
Week 2: Assign Cost Management Reader at the billing account or management group scope to your FinOps team. Start using the built-in Cost Analysis views at the billing scope for cross-subscription visibility.
Month 2: Deploy Azure Data Explorer (a dev/test SKU is sufficient initially) and create a data connection to the export storage account. Start running KQL queries against the accumulated data. Build your first custom dashboards.
Month 3: Evaluate the FinOps toolkit. If the pre-built reports cover your needs, deploy a FinOps hub alongside or replacing the manual ADX setup. Connect Power BI and share dashboards with finance and engineering leadership.
Each step delivers incremental value and creates the foundation for the next. The worst approach is waiting until you have the perfect architecture designed before collecting any data — because the data you did not collect today is the data you cannot analyze tomorrow.
A centralized cost reporting solution is not a technology project. It is a visibility project that happens to use technology. The architecture matters less than the outcome: every team seeing the same numbers, trusting those numbers, and making decisions based on them. Start simple, collect data early, and build sophistication as your organization’s FinOps maturity grows.
For more details, refer to the official documentation: What is Microsoft Cost Management.