Unable to delete network profile due to "NetworkProfileAlreadyInUseWithContainerNics"

Question

In my personal account, I followed the documentation to create a Cloud Shell environment connected to my VNet. I then decided to destroy all the resources in that environment to stop incurring costs. I'm, however, unable to delete on of the subnets, which keeps complaining about being used by a network profile. When I try to delete the network profile, it complains about being used by NICs. The problem is, those NICs have already been deleted and no longer exist. I've verified this by explicitly querying those resources. I tried deleting the network profile using the portal, CLI and even the REST API, but it still gives me the same error: {"error":{"code":"NetworkProfileAlreadyInUseWithContainerNics","message":"Network profile /subscriptions/redacted/resourceGroups/ARG-VNet/providers/Microsoft.Network/networkProfiles/aci-networkProfile-australiaeast is already in use with container nics 0a012b12-f89e-4a0e-ab73-78fae8059d96_eth-snet-cont-cloudshell-aueast; cannot update or delete" Trying to delete the container NICs fails with an error: Operation returned an invalid status 'Not Found' It's a vicious loop and, unfortunately, because it's my personal account and I'm on basic support, I can't raise a ticket.

Answer 1

Hello @Tarek Nabil,

Thank you for reaching out on the Microsoft Q&A forum.

I understand that you attempted to delete all Azure resources created as part of a Cloud Shell environment integrated with your Virtual Network (VNet). However, when trying to remove one of the subnets, you encountered "NetworkProfileAlreadyInUseWithContainerNics" error.

The network profile (e.g., aci-networkProfile-australiaeast) cannot be deleted because Azure still detects container network interfaces (container NICs) associated with it — even though the corresponding container instances or NICs were already deleted.

This behaviour indicates orphaned metadata in the Azure Resource Manager (ARM) backend. Essentially, the system still believes these NICs exist, even though they are no longer visible to the user.

This scenario typically occurs when:

• Azure Cloud Shell or Azure Container Instances (ACI) were deployed using a delegated subnet along with an associated Network Profile (a hidden dependency created for container networking).
• After deleting the ACI or Cloud Shell container, the container NICs linked to the network profile sometimes remain in the backend.
• The Network Profile remains “in use,” preventing the deletion of both the profile itself and the subnet it is attached to.

This is a known behaviour in Cloud Shell-managed VNets or ACI deployments when resource cleanup is incomplete. (Microsoft Docs – Cannot delete VNet/Subnet used by ACI)

Normally, you can check for hidden container NICs using Azure CLI

1.Check and Delete Hidden Container NICs via Azure CLI

List all container NICs in your subscription/resource group:

az resource list --resource-type "Microsoft.Network/containerNetworkInterfaces" --output table

If any entries exist, delete them explicitly:

az resource delete --ids <resource-id>

After removing any hidden container NICs, retry deleting the network profile and subnet:

az network profile delete --name <profile-name> --resource-group <resource-group-name>

Have you already tried this step to ensure there are no hidden NICs remaining?

• If you haven’t checked for hidden container NICs, please try the above commands and let us know the results.
• If you’ve already done this and the NICs still do not appear, it confirms that the resources are orphaned in the Azure backend. In that case we need to contact backend team for support.

Kindly let us know if the above helps or else we will reach out to backend team for support.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.