⭐ Repository → 📁 Compliance Engine → 📁 CloudAware → 📁 Azure → 📁 Virtual Machine

🛡️ Azure Managed Disk is not attached to any Virtual Machine🟢

• Contextual name: 🛡️ Managed Disk is not attached to any Virtual Machine🟢
• ID: /ce/ca/azure/virtual-machine/unattached-managed-disk
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: COST

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 Azure Managed Disk
  • 🔌 Azure Managed Disk - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

Ensure that Azure Managed Disks not currently attached to any Virtual Machine are either deleted or transitioned to an appropriate archival state.

Rationale

Unattached Managed Disks continue to accrue storage costs, resulting in avoidable cloud expenditure. Proactively identifying and managing these resources is essential for cost optimization and operational efficiency.

Moreover, the presence of unattached disks introduces unnecessary clutter within the Azure environment, complicating resource tracking and increasing administrative overhead.

Audit

This policy flags an Azure Managed Disk as INCOMPLIANT if the Disk State is set to Unattached.

Remediation

Open File

Remediation

If the data stored on an unattached Managed Disk is no longer required, it is recommended to delete the disk to eliminate unnecessary costs. If the data must be preserved for archival or future use, consider creating a snapshot or image prior to deletion.

Delete the Unattached Managed Disk

Azure CLI

az disk delete --name {{disk-name}} \
--resource-group {{resource-group-name}}

PowerShell

Remove-AzDisk -DiskName "{{disk-name}}" `
    -ResourceGroupName "{{resource-group-name}}" -Force

Archive the Disk via Snapshot

Azure CLI

az snapshot create \
--resource-group {{resource-group-name}} \
--source {{resource-id-of-source-disk}} \
--name {{snapshot-name}} \
--sku {{Standard_LRS / Standard_ZRS}} \
--location {{snapshot-location}}

PowerShell

$resourceGroup = "{{resource-group-name}}"
$sourceResourceId = "{{resource-id-of-source-disk}}"
$newSnapshotName = "{{snapshot-name}}"
$location = "{{snapshot-location}}"

### Create snapshot configuration
$snapshotConfig = New-AzSnapshotConfig 

... [see more](remediation.md)

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 Cloudaware Framework → 💼 Waste Reduction			25		no data