When you first set up Azure SRE Agent, it’s tempting to give it everything. Connect all your alert sources, route every severity, set up scheduled tasks to poll your channels every 30 seconds. The agent can handle all of it.

But a few simple configuration choices can help you get more value from every token the agent uses. Each investigation creates a conversation thread, and each thread consumes tokens. With the right setup, you can make sure the agent is spending those tokens on the work that has the highest impact.

The pattern that works best: start focused, see results, and expand from there. Here are three ways to do that.

1. Start with the incidents that matter most

It's natural to want full coverage from day one. But in practice, starting narrow and expanding works better. When you route only high-severity or high-impact incidents to the agent first, you get to see the quality of its investigations on the work that matters most. Once you trust the output, expanding to broader coverage is a confident decision, not a leap of faith.

The mechanism for this is your **incident response plan**. Instead of relying on a default handler that routes everything, create a targeted response plan with filters that match the incidents you want the agent to investigate.

Incident response plan filters: severity, title keywords, and exclusions.

Getting started:

• Go to Response plan configuration and create a new incident response plan.
• Set the Severity filter. A good starting point is Sev0 through Sev2. These are the incidents where deep investigation has the highest impact.
• Use Title contains to focus on specific incident patterns, or Title does not contain to exclude known noisy alerts.
• Preview the filter results to see which past incidents would have matched.

As you see results and get comfortable, widen the filters. Add Sev3. Remove title exclusions. Bring in more incident sources. The agent will handle the volume, and you'll know what the cost looks like because you've been watching it grow incrementally.

If you already have an agent running with broad filters, it's worth reviewing your response plan. A quick check on your severity and title filters can make sure the agent is spending its time on the incidents you care about.

2. Replace high-frequency polling with smarter patterns

Scheduled tasks are one of the most powerful features of the agent, but they're also where cost can quietly balloon. The reason is simple: a scheduled task runs on a timer whether there's anything to find. An incident investigation fires once per incident. A task polling every 2 minutes fires 720 times a day, and most of those runs may find nothing new.

High-frequency polling is generally a weak engineering pattern regardless of cost. It wastes compute, creates unnecessary load, and in the case of an AI agent, burns tokens checking for changes that haven't happened. Better patterns exist.

Prefer push over poll. If the source system can send a signal (an alert, a webhook, a ticket), use that to trigger the agent. Push-based workflows fire only when something happens. This is cheaper and faster than polling.

When polling is the right fit, batch it. Instead of checking every 2 minutes, run a thorough check every hour. One consolidated report from 24 daily runs is more useful than 720 micro-checks that mostly say "nothing changed." The hourly report shows trends. The 2-minute poll shows snapshots.

Consider HTTP triggers. If you have an external system that knows when work is needed (a deployment pipeline, a CI/CD tool, a monitoring platform), use an HTTP trigger to invoke the agent on demand. The agent only runs when there's actually something to do.

Match frequency to the operational cadence. A Teams channel monitor works fine at 5-minute intervals. Humans don't type that fast. A health summary runs once a day. A shift-handoff report runs once per shift. Ask: how quickly do I actually need to detect this change? The answer is almost always slower than the timer you first set.

3. Keep threads fresh

Here's a detail that's easy to miss: every time a scheduled task runs, it adds to the same conversation thread. The agent reads the full thread history before responding. So a task that runs hourly accumulates 24 conversations a day in the same thread. After a week, the agent is reading through hundreds of prior exchanges before it even starts on the new work.

The work stays the same. The cost per run keeps climbing. It's the equivalent of reopening a document and reading the entire thing from page one every time you want to add a sentence at the end.

The fix is one setting. When creating or editing a scheduled task, set "Message grouping for updates" to "New chat thread for each run."

That gives the agent a clean context on every execution. No accumulated history, no growing cost. One dropdown, predictable token usage on every run.

The pattern

Start small with incident routing, expand as you see results. Replace high-frequency polling with push signals, batching, and HTTP triggers. Keep scheduled task threads fresh with "New chat thread for each run."

The agent is built to handle whatever you throw at it. These patterns just make sure you're getting the most value for what you spend.

New images of the Earth have been captured on an iPhone! AMD & Nvidia eGPU's can work on Apple Silicon Macs! It hasn't been officially announced yet, but the rumored Foldable iPhone could be facing shipment delays. And Apple's App Store saw a 84% jump in new apps this past quarter thanks to vibe coding.

• Timeline of every iPhone model in chronological order.
• NASA just gave Apple the best Shot on iPhone ad ever.
• iPhone 17 Pro Max isn't the only Apple product being used in space recently.
• Apple AirPods Max 2 review: Better late than never.
• AMD or Nvidia eGPUs can work on Apple Silicon Macs, but not for graphic acceleration.
• Foldable iPhone hits engineering snags, shipment delays possible.
• New AirPods Pro are coming this year: Here are three rumored upgrades.
• Developer behind controversial AI apps sues Apple over App Store takedowns.
• Jack Dorsey's decentralized Bitchat app removed from China App Store.
• The vibe coding effect? Apple's App Store saw 84% jump in new apps in quarter.
• Paul McCartney rocks Apple HQ with lengthy set of classic tunes.
• Epic Earth: 3D Adventure Films app.
• How the Vision Pro rollout inflamed tensions at Apple.
• AR tech prepares patients for endometriosis surgery.

Picks of the Week

• Leo's Picks: Artemis Wallpapers, Gemma for iPhone, and apfel.
• Christina's Pick: Hannah Montana Linux Reborn
• Andy's Pick: Heynote
• Jason's Pick: Dropzone 5

Hosts: Leo Laporte, Andy Ihnatko, Jason Snell, and Christina Warren

Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit

Sponsor:

• spaceship.com/twit

Joe Dluzen joins me to discuss, in depth, distributed computing and Docker.

The podcast is here and the video is here.

It feels later in the week than Tuesday. But Google Cloud Next is officially sold out, and much of our team is working towards delivering the best tech event possible for you all. And I had a few minutes to code up an agent today, so no complaints.

[article] Components of A Coding Agent. Fantastic. We suddenly start throwing terms like “harness” around and assume we’re all talking about the same thing. Sebastian offers up a terrific definition and deep dive into coding harnesses.

[article] Nobody Is Coming to Save Your Career. No one ever was. If you have a strong manager and a supportive org, fantastic. But you still own your career plan.

[article] Burnout Looks Different Across the Org Chart. Watch for These Signs. I haven’t seen it framed like this before. Early-career signals are different than mid or late career. Most of us probably recognize these!

[blog] Get more done with new vertical tabs and immersive reading mode in Chrome. I’m not sold on switching to vertical tabs. But maybe!

[article] Microsoft’s Agent Stack Confuses Developers While Rivals Simplify. Platforms are hard. Hyperscalers don’t always find the right abstractions, or focus.

[blog] I Still Prefer MCP Over Skills. These points resonate with me. I don’t personally want to write giant skill files that I have to store, share, and maintain. MCP does a lot of good things for me.

[blog] AI Code Reviews with Gemini CLI on GitHub Enterprise Server. A lightweight CLI can be added to a lot of environments. Here, Karl uses it to do code reviews with GitHub Actions.

[paper] Effective Strategies for Asynchronous Software Engineering Agents. Teams of coding agents can step on each other’s code and cause merge issues. This work proposes a model of central control and isolation using git worktrees.

[article] Google Open Sources Experimental Multi-Agent Orchestration Testbed Scion. I got this up and running over the weekend. It’s an interesting take on harness-agnostic orchestration.

[article] 27 questions to ask when choosing an LLM. Solid list. Tailor to whatever you actually care about, however.

[blog] TorchTPU: Running PyTorch Natively on TPUs at Google Scale. TPUs are hot, and we’re making the PyTorch experience on TPUs easier.

[article] Anthropic says its most powerful AI cyber model is too dangerous to release publicly — so it built Project Glasswing. This is that model rumored to get released. Here’s Anthropic’s take. We’ve also got it available in private preview on Google Cloud.

[blog] Good APIs Age Slowly. Useful reminders about how to shape an API, keep it decoupled from a frontend, and identify boundaries.

Want to get this update sent to you every day? Subscribe to my RSS feed or subscribe via email below: