Troubleshooting Additional Cost incurred over Failing Transactions

Question

Troubleshooting Additional Cost incurred over Failing Transactions

Gerald Tan 0

Hi All,

Noticed that we have a very high cost on an Azure Storage account that is typically unused. Access to this Storage Account is via IP whitelisting

User's image

Storage Account Metrics

Based on the metrics it seems like there are some services that is trying to authenticate but is failing

User's image

Our investigation found a NSG Flow Logs with a failed provisioned status.

Actions taken:

Turned on Logging - didn't help as these failed transactions did not show up
Deleted NSG Flow Logs - Seemed to have helped but took quite awhile before it happened
Switched Storage Tier to Hot

We are still incurring $8 a day in costs despite not using the storage account. I would like to seek advice and get help on

Identifying the root cost of these failures so that we can resolve this
For the failed NSG flow Logs, is this something that Azure can help verify if it has contributed to the cost spike, and if so are we able to get credits for this

2 answers

Your answer

Answer 1

Hello Gerald Tan

Thank you for your question!

I understand that You're experiencing a persistent $8/day cost on an Azure Storage account that should be largely unused, with evidence pointing to failed authentication attempts and "failed provisioned" NSG Flow Logs. Let's get to the bottom of this.

Please be informed that Storage accounts incur costs for operations like read, write, list, and other API calls, even if they fail due to IP whitelisting or authentication issues. Failed authentication attempts (e.g., from unauthorized IPs) can still generate billable transactions.

navigate to Cost Management > Cost Analysis for the storage account and break down costs by:
Operation type (e.g., CreateBlockBlob, GetBlob, ListBlobs).
API name to identify specific calls.
Response type (e.g., ClientOtherError or AuthorizationError for failed requests).
Look for spikes in transaction counts, especially for failed operations, as these may indicate repeated unauthorized access attempts.

If failed operations were somehow attempting data transfer that partially succeeded before failing, or if the failure itself involved some amount of data processing or networking, minimal egress charges could apply, but this is less likely to be the primary driver of $8/day on an unused account.

Verify Log Volume: In the storage account,

navigate to Containers > insights-logs-networksecuritygroupflowevent and check the size of stored blobs. Large volumes of flow log data could explain the cost spike.
NSG Flow Logs have a retention policy (default is 0, meaning indefinite storage). If logs were written before deletion, they may still reside in the account, incurring storage costs. Set a retention period (e.g., 30 days) or manually delete old logs to reduce costs.

Recommendations:

If data is rarely accessed, switch back to Cool or Archive tiers to reduce storage costs. Use Lifecycle Management policies to automatically transition old data to cheaper tiers.
Delete any residual flow log data in the insights-logs-networksecuritygroupflowevent container and set a short retention period to prevent future buildup.
Monitor Costs Daily: Use Cost Management > Budgets to set alerts for unexpected cost spikes and track progress after implementing changes.

References:

You may utilize the Pricing Calculator to determine the areas where costs are rising:

https://azure.microsoft.com/en-in/pricing/calculator/?msockid=2fc42ae332836ffe36b63f1b336b6e5a

Hope the above answer helps! Please let us know do you have any further queries.

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members. User's image

Answer 2

Gerald Tan 0

Hi @Nandamuri Pranay Teja

Can you confirm that Cool Write Operations and Hot Write Operations costs can incur from Non-Whitelisted IP addresses attempts to authenticate?

If so, how will we be able to protect ourselves?

There is no data on the Storage account itself.

User's image

Nandamuri Pranay Teja 3,700 Reputation points Microsoft External Staff Moderator

2025-06-10T06:37:57.9633333+00:00
Hello Gerald Tan

Thank you for the response!

Please be informed that Cool Write Operations and Hot Write Operations costs are incurred based on the number of write transactions performed on blobs in the respective access tiers (Cool or Hot).

These operations include actions like PutBlob, PutBlock, PutBlockList, AppendBlock, SnapshotBlob, CopyBlob, and SetBlobTier (when moving blobs between tiers). However, these costs are tied to the operations themselves, not directly to the authentication status of the request, such as whether the request originates from a non-whitelisted IP address.

Can Non-Whitelisted IP Addresses Incur Write Operation Costs?

Non-whitelisted IP addresses attempting to authenticate and perform write operations will not incur costs if the requests are blocked by the storage account's firewall or network rules. Azure Storage firewall rules, when configured, restrict access to specific IP addresses or virtual network subnets. If a request from a non-whitelisted IP is denied due to these rules, the operation is not executed, and therefore, no write operation charges are incurred.

To prevent unauthorized access and potential costs from non-whitelisted IP addresses, you can implement the following security measures for your Azure Storage account:

navigate to your storage account > Networking > Firewalls and virtual networks.

Select Selected networks and add the allowed IP addresses or virtual network subnets.

Enable the Deny default action to block all other traffic.

This ensures that requests from non-whitelisted IPs are blocked before any operations are processed, preventing potential costs.

References: https://azure.microsoft.com/en-us/pricing/details/storage/blobs/?msockid=2fc42ae332836ffe36b63f1b336b6e5a

Hope the above answer helps! Please let us know do you have any further queries.

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Gerald Tan 0 Reputation points

2025-06-10T06:47:01.1966667+00:00

Hi Nandamuri Pranay Teja

In this case, could you guide me on further investigation regarding the write cost for this storage account?
Nandamuri Pranay Teja 3,700 Reputation points Microsoft External Staff Moderator

2025-06-10T07:48:59.7+00:00
Hello Gerald Tan

To understand the extent of write operation costs and their sources:

navigate to Cost Management + Billing > Cost analysis.

Apply the following filters: Subscription: Select your subscription.

Resource: Select your storage account.

Service: Select Storage.

Meter Category: Select Blob Storage and File Storage.

Meter Subcategory: Filter for Write Operations (e.g., “Write operations (Hot)”, “Write operations (Cool)”, “File Write Operations”).

Time Range: Set to the last 30 days to capture recent activity.

Group by Meter or Operation to see specific write operations (e.g., PutBlob, WriteFile, CreateFile).

Note the total cost and number of write operations. For example:

Hot Tier Write Operations: ~$0.01 per 10,000 operations (varies by region, e.g., East US).

File Write Operations: Similar pricing for Azure File Share writes.

If costs are higher than expected (e.g., >$1 for an empty account with minimal sync activity).

If you need further investigation cost Billing on storage account, I request you to File a Support Ticket: Go to "Help + support" in the Azure portal, create a "New support request," select "Billing and Subscription," and choose "Unexpected Charges" or "Cost Anomaly." Clearly present your evidence and request a review and potential credit.

Hope the above answer helps! Please let us know do you have any further queries.

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Nandamuri Pranay Teja 3,700 Reputation points Microsoft External Staff Moderator

2025-06-12T04:37:44.1333333+00:00

Hello Gerald Tan

Just checking in to see if the provided answer helped. If this answers your query, do click "Accept the answer” for the same, which might be beneficial to other community members reading this thread. And, if you have any further queries do let us know.
Gerald Tan 0 Reputation points

2025-06-12T04:47:17.88+00:00

Hi @Nandamuri Pranay Teja

Am waiting for further information to confirm the "issue" before we mark one as an answer and close this ticket so that it is useful for other community members
Nandamuri Pranay Teja 3,700 Reputation points Microsoft External Staff Moderator

2025-06-12T06:47:43.54+00:00

Hello Gerald Tan,

For further investigation cost Billing on storage account, I request you to raise a support request in Azure portal on the "Help + support" page, select Create a support request Choose the subscription related to the billing issue. For Support Type, select Billing. Select the category that best describes your billing problem (e.g., "Unexpected charges) Provide a Summary of your issue ("Unexpected charges on [date/invoice number]").

One of the experts from Microsoft billing team will assist you further on the unexpected charges and next action plan.

Hope the above answer helps! Please let us know do you have any further queries.
Nandamuri Pranay Teja 3,700 Reputation points Microsoft External Staff Moderator

2025-06-13T09:02:50.13+00:00

Hello Gerald Tan,

I would like to follow up to determine whether you have submitted the support request mentioned in the comment above to obtain a detailed investigation of the billing for your storage account. Please let us know if you have any further queries. I’m happy to assist you further.

Share via

Troubleshooting Additional Cost incurred over Failing Transactions

2 answers

Your answer