CF-AZ-NW-04Networking

How to detect unused public ips.

Unused Public IPs can quietly add recurring Azure cost when resource state, utilization, or lifecycle policy no longer matches real usage. This guide explains why it costs money, how to find it manually, and how Costframe detects it read-only.

CF-AZ-NW-04 • DETECTOR TYPE

Unused Public IPs

Impact: Low
Resource: bastion-ip-address-temp
+€14.50/mo
Utilization Telemetry
0 IOPS / Low utilization detected
Audit Rationale

Orphaned unused public ips found in billing records with zero active workload associations over a rolling 30-day window.

Operational Description

Static and dynamic public IP addresses are allocated by Azure to facilitate public external ingress. When network interfaces or load balancers are deleted, these IP addresses often remain reserved, incurring static hourly holding fees.

Primary Root Cause

Deleting active network interfaces or load balancers without explicitly cleaning up or disassociating the corresponding public IP address resource.

How Costframe Detects & Verifies This

We query public IP resources of type Microsoft.Network/publicIPAddresses and identify those where the ipConfiguration reference is empty.

Evidence:IP association: None • Network throughput: 0 bytes/sec.

Continuous cloud audits, automated

Run this detector and dozens of other cloud-waste rules across all your Azure subscriptions continuously.