Microsoft Azure - Create Pie Charts For Orphaned Resources using KQL
Last Updated :
23 Jul, 2025
When using Microsoft Azure, it is easy to end up with resources that are no longer needed, like a disk without a virtual machine or a public IP that is not being used. These are called orphaned resources, and while they might seem harmless, they can increase your cloud bills and make your setup messy. So, how can you find them quickly?
When working in Microsoft Azure, it is easy to end up with leftover resources you don’t need anymore, like a disk without a virtual machine or a public IP address that isn’t being used. These are called orphaned resources.
Even though they seem harmless, orphaned resources can increase your cloud bills, make your setup messy, harder to manage, and cause security risks if left unchecked
Let’s see how you can use KQL (Kusto Query Language) and Azure Workbooks to find and visualize these resources using simple pie charts.
What are Orphaned Resources?
In Azure, orphaned resources are components that are no longer actively used or associated with any running services but still exist within your environment. These resources can accumulate over time, leading to unnecessary costs and potential security risks.
Common Types of Orphaned Resources
Here are some typical examples:
- Unattached Disks: When a virtual machine (VM) is deleted, its associated disks might not be removed automatically. These unattached disks continue to incur storage costs.
- Unused Public IP Addresses: Reserved IP addresses that are not linked to any active resource still generate charges.
- Network Security Groups (NSGs) Without Associations: NSGs not connected to any network interface or subnet serve no purpose but can complicate network configurations.
- Idle App Service Plans: App Service Plans without any hosted applications still accrue costs.
- Empty Resource Groups: Resource groups without any resources can clutter your Azure environment, making management more challenging.
What is KQL?
Kusto Query Language (KQL) is a read-only query language developed by Microsoft. It is designed to retrieve and analyze large volumes of data, particularly logs and telemetry data. KQL is optimized for fast data exploration and is used across various Azure services.
KQL is utilized in several Azure services, including:
- Azure Resource Graph Explorer: To explore and manage Azure resources at scale.
- Azure Log Analytics: For querying and analyzing log data collected from Azure resources.
- Azure Monitor: To monitor applications and infrastructure by analyzing telemetry data.
- Azure Data Explorer: For interactive analytics on large datasets.
These platforms provide interfaces where you can write and run KQL queries to gain insights into your data.
Create Pie Charts to Spot Orphaned Resources
You can use Azure Workbooks to write KQL queries and create pie charts to see how many orphaned resources you have.
Follow the below queries to implement the problem statement:
Note: You can use Workbooks to Save the Graph Queries and You can Pin to Dashboard for Analysis.
1. To get the Count of Azure Orphaned Disks by Subscription Category:
KQL Azure Resource Graph Query:
Resources
| where type has "microsoft.compute/disks"
| extend diskState = tostring(properties.diskState)
| where diskState == 'Unattached' or managedBy == ""
| extend SubscriptionName=case(subscriptionId =~ 'Add Subscription 1 Id here ', 'Add Subscription 1 Name Here',
subscriptionId =~ 'Add Subscription 2 Id here ', 'Add Subscription 2 Name Here'
subscriptionId =~ 'Add Subscription 3 Id here ', 'Add Subscription 3 Name Here'
,subscriptionId) // You can in similar way to add more
| summarize count() by SubscriptionName
Output:
2. To get the Count of Azure Orphaned NICs by Subscription Category:
KQL Azure Resource Graph Query:
Resources
| where type has "microsoft.network/networkinterfaces"
| where properties !has 'virtualmachine'
| extend SubscriptionName=case(subscriptionId =~ 'Add Subscription 1 Id here ', 'Add Subscription 1 Name Here',
subscriptionId =~ 'Add Subscription 2 Id here ', 'Add Subscription 2 Name Here'
subscriptionId =~ 'Add Subscription 3 Id here ', 'Add Subscription 3 Name Here'
,subscriptionId) // You can in similar way to add more
| summarize count() by SubscriptionName
Output:
3. To get the Count of Azure Orphaned NSGs by Subscription Category:
KQL Azure Resource Graph Query:
Resources
| where type =~ 'microsoft.network/networksecuritygroups'
and isnull(properties.networkInterfaces)
and isnull(properties.subnets)
| extend SubscriptionName=case(subscriptionId =~ 'Add Subscription 1 Id here ', 'Add Subscription 1 Name Here',
subscriptionId =~ 'Add Subscription 2 Id here ', 'Add Subscription 2 Name Here'
subscriptionId =~ 'Add Subscription 3 Id here ', 'Add Subscription 3 Name Here'
,subscriptionId) // You can in similar way to add more
| summarize count() by SubscriptionName
Output:
That's it!
Conclusion
Cleaning up unused resources in Azure can be really simple. By running a few KQL queries and using pie charts to see the results, you can easily find things like unused disks, IP addresses, or security groups. Removing these orphaned resources can save you money, make your Azure setup cleaner, and help you manage things better. It’s a quick way to keep your cloud tidy and cost-effective. Give it a try it’s easier than you think!
Similar Reads
DevOps Tutorial DevOps is a combination of two words: "Development" and "Operations." It’s a modern approach where software developers and software operations teams work together throughout the entire software life cycle.The goals of DevOps are:Faster and continuous software releases.Reduces manual errors through a
7 min read
Introduction
What is DevOps ?DevOps is a modern way of working in software development in which the development team (who writes the code and builds the software) and the operations team (which sets up, runs, and manages the software) work together as a single team.Before DevOps, the development and operations teams worked sepa
10 min read
DevOps LifecycleThe DevOps lifecycle is a structured approach that integrates development (Dev) and operations (Ops) teams to streamline software delivery. It focuses on collaboration, automation, and continuous feedback across key phases planning, coding, building, testing, releasing, deploying, operating, and mon
10 min read
The Evolution of DevOps - 3 Major Trends for FutureDevOps is a software engineering culture and practice that aims to unify software development and operations. It is an approach to software development that emphasizes collaboration, communication, and integration between software developers and IT operations. DevOps has come a long way since its in
7 min read
Version Control
Continuous Integration (CI) & Continuous Deployment (CD)
Containerization
Orchestration
Infrastructure as Code (IaC)
Monitoring and Logging
Microsoft Teams vs Slack Both Microsoft Teams and Slack are the communication channels used by organizations to communicate with their employees. Microsoft Teams was developed in 2017 whereas Slack was created in 2013. Microsoft Teams is mainly used in large organizations and is integrated with Office 365 enhancing the feat
4 min read
Security in DevOps