Skip to main content
Back to the Azure Footguns Database
CostLowOccasionalAZF-0021

An idle Container Registry with zero pulls and pushes bills its tier's daily rate

Azure Container Registry bills a fixed daily rate for its tier regardless of use. A registry with zero pulls and pushes keeps charging as if it were in active service.

Footgun ID
AZF-0021 (Azure Footgun No. 21)
Azure service
Azure Container Registry
Resource type
Microsoft.ContainerRegistry/registries
Updated
July 1, 2026

What it is

An Azure Container Registry (Microsoft.ContainerRegistry/registries) with no pull or push activity over an extended window. ACR bills a fixed daily rate for its tier (Basic, Standard, or Premium), independent of whether any image is pushed or pulled. A registry nobody uses costs exactly the same as one serving a production pipeline.

Impact (cost)
~$5/month Basic, ~$20 Standard, ~$50 Premium at list price while idle
Basis: Azure list price. Figures are estimates, not measurements.

Why it happens

A container registry is provisioned for a project, a proof of concept, or a pipeline that later moved to a different registry or a different platform entirely. The images it holds stop being pulled and no new ones are pushed, but the registry stays: deleting it feels risky when nobody is sure whether some forgotten deployment still references it.

ARM exposes no repository count or last-used timestamp on the registry, so idleness is invisible from configuration alone. You have to look at the activity metrics (SuccessfulPullCount and SuccessfulPushCount) over time to see that both have been flat at zero. Nothing in the portal nudges you, and the tier's daily charge is small enough per registry that it never trips a budget alert.

What it costs / blast radius

At list price a Basic registry is roughly $5/month, Standard about $20/month, and Premium about $50/month, billed every day whether or not a single image moves. (List price; your contract may differ.) A stray idle Basic registry is a rounding error. A Premium registry left behind after a project wound down, often provisioned for geo-replication or private-link features nobody uses anymore, is $600/year for storage nothing reads. The waste scales with the tier, and Premiums are exactly the ones people forget to downgrade or delete.

See it

Find them: inventory every registry, then check pull/push metrics
// Azure Resource Graph lists the registries and their tiers; ARM has no
// usage property, so idleness has to be confirmed against activity metrics.
Resources
| where type =~ 'microsoft.containerregistry/registries'
| project name, resourceGroup, subscriptionId,
          tier = sku.tier, id
// Then, per registry, read SuccessfulPullCount + SuccessfulPushCount in
// Azure Monitor Metrics over the last 30-90 days — both flat at zero = idle.
Fix: confirm nothing references it, then downgrade the tier or delete it
# Check recent activity before acting.
az monitor metrics list --resource <registry-id> \
  --metric SuccessfulPullCount SuccessfulPushCount \
  --interval P1D --start-time 2026-04-01T00:00:00Z

# If genuinely idle: drop to Basic to stop paying Premium, or delete it.
az acr update  --name corpregistry --sku Basic
az acr delete  --name corpregistry --resource-group rg-shared --yes

How StratoLens helps

StratoLens tracks pull and push activity for every registry across every subscription and flags the ones sitting idle, with the tier's monthly cost attached and the last-active date so you can judge whether it is safe to downgrade or delete. The "is anyone still using this registry" question gets an answer instead of a guess, and the check runs continuously.

Start Your 28-Day Free Trial

Every feature unlocked. Deploys to your Azure tenant. No data leaves your tenant.

Available now on the Azure Marketplace.

Built for Azure infrastructure teams who need complete visibility across their entire estate.