Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Remove Unattached Virtual Machine Disk Volumes

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: VirtualMachines-011

Identify any unattached (unused) Microsoft Azure virtual machine disk volumes available within your Azure cloud account and delete them in order to lower the cost of your monthly bill and reduce the risk of sensitive data leakage.

This rule resolution is part of the Conformity Security & Compliance tool for Azure.

Security
Cost
optimisation

Each virtual machine disk volume provisioned in your Azure cloud account is adding charges to your monthly bill, regardless whether the resource is being used or not. Removing unattached/orphaned data disk volumes can help you avoid unexpected charges on your Azure bill and halt unwarranted access to any confidential data available on these volumes.

Audit

To determine if there are any unattached data disk volumes available in your Azure account, perform the following actions:

Using Azure Console

01 Sign in to Azure Management Console.

02 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.

03 Choose the Azure subscription that you want to access from the Subscription filter box.

04 From the Type filter box, select Disk to list the virtual machine (VM) disk volumes provisioned in the selected subscription.

05 Click on the name of the VM disk volume that you want to examine.

06 In the navigation panel, select Overview to view the configuration details available for the selected volume.

07 On the Overview page, check the Disk state configuration attribute value. If the attribute value is set to Unattached, the selected disk volume is not attached to a Microsoft Azure virtual machine. If the unattached volume is not used anymore, the resource can be safely removed from the selected subscription.

08 If required, repeat steps no. 5 – 7 for each detached Azure VM disk volume available in the selected subscription.

09 Repeat steps no. 3 – 8 for each subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run disk list command (Windows/macOS/Linux) using custom query filters to list the ID of each virtual machine (VM) disk volume provisioned within the current Azure subscription: 

az disk list
    --query '[*].id'

02 The command output should return the requested VM disk volume identifiers (IDs): 

[
"/subscriptions/abcdabcd-1234-abcd-1234-abcd1234abcd/resourceGroups/CLOUD-SHELL-STORAGE-WESTEUROPE/providers/Microsoft.Compute/disks/cc-data-disk1",
"/subscriptions/abcdabcd-1234-abcd-1234-abcd1234abcd/resourceGroups/CLOUD-SHELL-STORAGE-WESTEUROPE/providers/Microsoft.Compute/disks/cc-data-disk2",

...

"/subscriptions/abcdabcd-1234-abcd-1234-abcd1234abcd/resourceGroups/CLOUD-SHELL-STORAGE-WESTEUROPE/providers/Microsoft.Compute/disks/cc-OsDisk-app",
"/subscriptions/abcdabcd-1234-abcd-1234-abcd1234abcd/resourceGroups/CLOUD-SHELL-STORAGE-WESTEUROPE/providers/Microsoft.Compute/disks/cc-OsDisk-web"
]

03 Run disk show command (Windows/macOS/Linux) using the ID of the VM disk volume that you want to examine as identifier parameter to obtain the disk state/status for the selected Azure VM resource: 

az disk show
    --ids "/subscriptions/abcdabcd-1234-abcd-1234-abcd1234abcd/resourceGroups/CLOUD-SHELL-STORAGE-WESTEUROPE/providers/Microsoft.Compute/disks/cc-data-disk1"
    --query 'diskState'

04 The command output should return the requested configuration status: 

"Unattached"

If the disk show command output returns "Unattached", as shown in the example above, the selected disk volume is not attached to a Microsoft Azure virtual machine. If the unattached volume is not used anymore, the Azure resource can be safely deleted.

05 If required, repeat step no. 3 and 4 for each detached Azure VM disk volume created within the current subscription.

06 Repeat steps no. 1 – 5 for each subscription available in your Microsoft Azure cloud account.

Remediation / Resolution

To remove any unattached and unwanted Azure virtual machine disk volumes from your Azure cloud account, perform the following actions:

Note: Backup your data – once a disk volume is deleted, all the data available on the disk will be lost. Since the volume snapshots are much more cost-effective, it is recommended to create snapshots before deleting your unattached disk volumes.

Using Azure Console

01 Sign in to Azure Management Console.

02 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access all your Microsoft Azure resources.

03 Choose the Azure subscription that you want to access from the Subscription filter box.

04 From the Type filter box, select Disk to list only the virtual machine disk volumes available in the selected subscription.

05 Click on the name of the detached VM disk volume that you want to delete (see Audit section part I to identify the right resource).

06 In the navigation panel, select Overview to access the selected volume configuration.

07 On the Overview page, click Create snapshot to initiate the disk volume backup process.

08 On the Create snapshot panel, provide a name for your new snapshot, select the necessary account type, then click Review + create to finish the snapshot configuration process. Click Create to take the snapshot.

09 Once the disk volume snapshot is created, go back to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll and select the unattached Azure VM disk volume that you want to delete.

10 Click on Delete button from the top menu to initiate the removal process.

11 On the Delete Resources panel, type yes for confirmation in the Confirm delete box, then click Delete to remove the selected Azure virtual machine disk volume.

12 If required, repeat steps no. 5 – 11 for each detached disk volume available within the selected subscription.

13 Repeat steps no. 3 – 12 for each subscription created in your Microsoft Azure cloud account.

Using Azure Console

01 Run snapshot create command (Windows/macOS/Linux) to create a snapshot for the detached disk volume that you want to delete (see Audit section part II to identify the right Azure VM resource): 

az snapshot create
    --name cc-detached-data-disk1
    --resource-group cloud-shell-storage-westeurope
    --source "/subscriptions/abcdabcd-1234-abcd-1234-abcd1234abcd/resourceGroups/CLOUD-SHELL-STORAGE-WESTEUROPE/providers/Microsoft.Compute/disks/cc-data-disk1"

02 The command output should return the volume snapshot configuration metadata: 

{
  "creationData": {
    "createOption": "Copy",
    "imageReference": null,
    "sourceResourceId": "/subscriptions/abcdabcd-1234-abcd-1234-abcd1234abcd/resourceGroups/CLOUD-SHELL-STORAGE-WESTEUROPE/providers/Microsoft.Compute/disks/cc-data-disk1",
    "sourceUniqueId": "abcdabcd-1234-abcd-1234-abcd1234abcd",
    "sourceUri": null,
    "storageAccountId": null,
    "uploadSizeBytes": null
  },
  "diskSizeBytes": 5368709120,
  "diskSizeGb": 5,
  "encryptionSettingsCollection": null,
  "hyperVgeneration": "V1",
  "id": "/subscriptions/abcdabcd-1234-abcd-1234-abcd1234abcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Compute/snapshots/cc-detached-data-disk1",
  "incremental": false,
  "location": "westeurope",
  "managedBy": null,
  "name": "cc-detached-data-disk1",
  "osType": null,
  "provisioningState": "Succeeded",
  "resourceGroup": "cloud-shell-storage-westeurope",
  "sku": {
    "name": "Standard_LRS",
    "tier": "Standard"
  },
  "tags": {},
  "timeCreated": "2018-10-20T18:32:34.902403+00:00",
  "type": "Microsoft.Compute/snapshots",
  "uniqueId": "abcdabcd-1234-abcd-1234-abcd1234abcd"
}

03 Run disk delete command (Windows/macOS/Linux) to remove the unattached Azure virtual machine disk volume that you want to delete (the command does not produce an output): 

az disk delete
    --ids "/subscriptions/abcdabcd-1234-abcd-1234-abcd1234abcd/resourceGroups/CLOUD-SHELL-STORAGE-WESTEUROPE/providers/Microsoft.Compute/disks/cc-data-disk1"

04 Type y (yes), then press Enter to confirm the resource removal, i.e.: 

Are you sure you want to perform this operation? (y/n): y

05 If required, repeat steps no. 1 – 4 for each detached disk volume provisioned in the selected subscription.

06 Repeat steps no. 1 – 5 for each subscription available in your Microsoft Azure cloud account.

References

Publication date Jun 24, 2020

Related VirtualMachines rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Remove Unattached Virtual Machine Disk Volumes

Risk Level: Medium