Skip to main content
Back to the Azure Footguns Database
CostMediumCommonAZF-0013

A storage account with zero transactions still bills for every GB it holds

A storage account with zero transactions still bills for the data sitting in it. The charge is the stored bytes, not the activity, so an untouched account keeps costing money.

Footgun ID
AZF-0013 (Azure Footgun No. 13)
Azure service
Azure Storage
Resource type
Microsoft.Storage/storageAccounts
Updated
July 1, 2026

What it is

A storage account that no one reads from or writes to, but that still holds data. Its transaction count is effectively zero over the measurement window, yet it keeps billing for the capacity it stores because Azure charges for bytes at rest, not for activity.

Impact (cost)
~$0.02/GB/month at list price for stored data — an idle 1 TiB account is ~$20/month for bytes nobody reads
Basis: Azure list price. Figures are estimates, not measurements.

Why it happens

Storage accounts are cheap and easy to create, so they pile up: old backups, log dumps, staging containers, a "temporary" export from a project that shipped two years ago. Nothing about an idle account looks broken, so it survives every cleanup.

The subtle part is the billing model. Azure bills storage on stored capacity and tier, independent of whether anyone touches the data. An account can have zero transactions for months and still bill every day for the GB it holds. Transactions being zero is the signal that it is orphaned; the capacity charge is what you keep paying regardless.

What it costs / blast radius

Hot LRS block blob storage is roughly $0.02/GB/month at list price, so a 1 TiB idle account is about $20/month, or $240/year, for data nobody has read in months. (List price; access tier, redundancy, and your contract all change the number.) One account is a rounding error. Storage accounts are usually the highest-count orphan in a tenant, so a few dozen forgotten ones across a handful of subscriptions add up to real money for data that serves no one.

See it

Find them: list storage accounts, then confirm zero transactions via metrics
// Resource Graph lists accounts and their tier, but NOT transaction counts.
// Use this to enumerate candidates, then confirm each is idle with metrics.
Resources
| where type =~ 'microsoft.storage/storageaccounts'
| project name, resourceGroup, subscriptionId, location,
          sku = sku.name, tier = properties.accessTier,
          created = properties.creationTime

// Then confirm zero activity per account (last 30 days):
// az monitor metrics list --resource <accountId> \
//   --metric Transactions --aggregation Total --interval PT24H
Fix: verify the data is safe to lose (or lifecycle it), then delete
// Zero transactions does NOT mean zero data. Check what's inside and
// whether a DR/compliance policy expects it before deleting anything.
az storage account show --name mystorageacct --resource-group rg-prod \
  --query "{tier:accessTier, kind:kind, sku:sku.name}"

// If it holds nothing you need, move it to a cold/archive tier or delete it.
az storage account delete --name mystorageacct --resource-group rg-prod --yes

How StratoLens helps

StratoLens flags idle storage accounts automatically, continuously, across every subscription in your own tenant, with the stored capacity and monthly cost attached so you can tell a $240/year archive apart from a genuine DR copy. You don't have to remember to run a transaction check; it runs on every scan.

Start Your 28-Day Free Trial

Every feature unlocked. Deploys to your Azure tenant. No data leaves your tenant.

Available now on the Azure Marketplace.

Built for Azure infrastructure teams who need complete visibility across their entire estate.