Find Orphaned Azure Resources

Often when you are looking to delete virtual machine (VM) resources within the Azure Portal, it is common to end up with some orphaned resources, mostly disks and network adapters (NIC).

When an Azure VM has been deleted, the disks and NICs are not deleted.  This is in case you want to rebuild your virtual machine using the disk.

However, if you aren't going to repurpose the disk, then you can end up paying for storage costs, and let's face it, no one wants to do that!

You can use Azure Resource Graph and Kusto queries to find orphaned resources.  Azure Resource Graph is a free service.

Find orphaned disks

This Kusto query can help search for disks that are either not managed by anything, or their state is unattached.

Resources
| where type has "microsoft.compute/disks"
| extend diskState = tostring(properties.diskState)
| where managedBy == ""
or diskState == 'Unattached'
| project id, diskState, resourceGroup, location, subscriptionId

Find Orphaned NICs

This Kusto query will search for NICs that don't have a private endpoint listed and don't have a virtual machine listed under it.

Resources
| where type has "microsoft.network/networkinterfaces"
| where "{nicWithPrivateEndpoints}" !has id
| where properties !has 'virtualmachine'
| project id, resourceGroup, location, subscriptionId

I've created a video that walks you through using these queries and shows you them in action if you'd like to see them in use.

What Kusto queries have you found helpful?

Let me know what Kusto queries you have that are worth sharing with others; I would love to hear how you are using Azure Resource Graph to improve your Azure management.