How to Detect and Remove Unattached Azure Public IP Addresses

For each Azure public IP address your organization uses, there is a small hourly cost. In this guide, we'll show you how to find and remove unused public IP addresses.

Patrick Londa
Jul 21, 2022
 min read
Share this post

Like many Cloud platforms, Microsoft Azure offers the service of assigning public IP addresses to their virtual machines (VMs), so that these computing resources can be accessed publicly.

For each public IP address your organization uses, there is a cost metered at an hourly rate. Instance level public IP addresses for example are charged at a rate of $.004/hr. You can compare IP pricing options here, but in principle, the recurring nature of these charges means that your organization should try not to pay for IP addresses that it does not need or is not using.

In this guide, we’ll show you how you can look for public IP addresses that have become unattached from their assigned resource so you can clean them up and reduce your cloud costs.

Why Abandoned Public IP Addresses in Azure Matter

When developers retire virtual resources from the network, they sometimes fail to remove the IP address. For example, if the developer assigned the IP in static mode, the system does not relinquish the address when the virtual device associated with it is no longer active.

At this point, the IP address is no longer available to the pool of addresses Azure has available to assign, but it also isn’t actively providing an interface for a virtual device on the internet either. It just sits idle.

There are two main reasons why an unattached public IP addresses in Azure should immediately garner your attention:

  1. Your company pays for each allocated IP address assigned to your virtual machine whether or not it's in use.
  2. Unattended public IP addresses can present inviting security holes for cyber criminals.

Because of these two points, it's good practice to regularly search for unattached public IP addresses and remove them.

Blink Automation: Detect and Remove Unattached Azure External IP Addresses
Azure + Slack
Try This Automation

Locating and Handling Unattached Public IP Addresses

You can use the following steps in the Azure console to locate and remove unassociated public IP addresses.

Finding the Unassociated IP Addresses

  1. Open the Azure Portal.
  2. Perform a search for Public IP addresses.
  3. Click on the +Add filter option.
  4. From the drop-down for Operator, select “==”.
  5. Select “” for Value.
  6. Click Apply.

After you complete these steps, you’ll have a list of unattached Azure public IP addresses. The next phase of the operation involves selecting and deleting the addresses that the system isn't using for any resources. 

Removing the Unused Public IP Addresses

Before you delete any of the IP addresses you’ve identified, you’ll want to verify again that each address is not associated with active devices. You can verify this with these two steps in the console:

  1. Select the Public IP that you want to delete.
  2. Check that Dissociate is grayed out in the properties listed in the management window.

A disabled Dissociate property indicates that the IP address is not currently associated with any devices and is safe to delete. You can also verify the state of the IP address by looking at its Associated value. For example, a public IP that shows Associated to: – is okay to remove.

  1. Once you've determined that the IP address is unattached, click Delete and then Yes to finalize the action.
  2. Click the Notification button to receive verification that the IP address has been removed.

Designing practical implementations of application security controls during an application’s delivery life cycle while balancing priorities with the organization’s business needs requires development teams to conform to a system of best practices. At the very least, security compliance requires the frequent plugging of apparent holes. The cost savings of doing so provide an additional and immediately measurable benefit to what should be a part of regular maintenance.

Catching Unassociated IP Addresses with Blink Automation

If you want to run this type of check for unattached public IP addresses often, there’s a better way than manually running through these steps.

With Blink, you can use this automation to identify unassociated IP addresses in Azure and queues them for removal.

Blink Automation: Detect Unattached Azure External IP Addresses and Remove Them Upon Approval
Blink Automation: Detect Unattached Azure External IP Addresses and Remove Them Upon Approval

When this automation runs, it executes the following steps:

  1. Gets unattached Azure external IP addresses.
  2. Asks for approval to delete the unattached IPs.
  3. If approved, deletes the unattached Azure public IPs.

There are over 5K automations in the Blink library you can use right away, or you can build new automations from scratch with drag-and-drop actions to fit your unique use case.

Get started with Blink today to see how easy automation can be.

Automate your security operations everywhere.

Blink is secure, decentralized, and cloud-native. 
Get modern cloud and security operations today.

Get a Demo