How to Identify and Remove Unused Azure Private Endpoints for Cost Optimization

Question

I need assistance with the following:

1. Identification: What is an effective way to determine which Azure Private Endpoints are not in use or duplicated across all subscriptions or within a specific subscription?
2. Removal: After identifying them, what is the best and safest approach to remove these unused or duplicate private endpoints to prevent disruption of any services or dependencies?

Any assistance or guidance on completing this through Azure SDK or REST API would be appreciated.

Answer 1

@Navin Prasad Kumar ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to list the Private EndPoints wrt usage.

1.Can you please define what do you mean by "unused" wrt Private EndPoint?

• Because, Azure private endpoint created for a PaaS Resource gets deleted if the PaaS Service is deleted.
• This means, a Private EndPoint is never "abandoned" as some user/service in the VNET or OnPrem can always use it to access the PaaS Service.
• If this based on metrics, Azure Private EndPoint has two metrics available.
  • Bytes In
  • Bytes Out
• Depending on your PaaS Service, and user traffic - you can use the above to filter and check if a particular Private EndPoint is expecting traffic or not.
• While it is possible to check the above using REST APIs, I suggest you use Portal so that you can visualize the graph
• See :
  • Supported metrics for Microsoft.Network/privateEndpoints
  • A detailed walkthrough on how to form a REST API query for Azure Monitoring

2.For Deleting/Removing the resource,

• You can use the Powershell command : Remove-AzPrivateEndpoint
• Or using Az CLI : az network private-endpoint delete

Hope this helps.

Cheers,

Kapil