diff --git a/cns/NetworkContainerContract.go b/cns/NetworkContainerContract.go
index 71e66928a8..d4552a1a59 100644
--- a/cns/NetworkContainerContract.go
+++ b/cns/NetworkContainerContract.go
@@ -516,10 +516,11 @@ type PublishNetworkContainerResponse struct {
 
 // UnpublishNetworkContainerRequest specifies request to unpublish network container via NMAgent.
 type UnpublishNetworkContainerRequest struct {
-	NetworkID                 string
-	NetworkContainerID        string
-	JoinNetworkURL            string
-	DeleteNetworkContainerURL string
+	NetworkID                         string
+	NetworkContainerID                string
+	JoinNetworkURL                    string
+	DeleteNetworkContainerURL         string
+	DeleteNetworkContainerRequestBody []byte
 }
 
 // UnpublishNetworkContainerResponse specifies the response to unpublish network container request.
diff --git a/cns/restserver/api.go b/cns/restserver/api.go
index c6a56e9cd9..9b40542ed4 100644
--- a/cns/restserver/api.go
+++ b/cns/restserver/api.go
@@ -1257,6 +1257,32 @@ func (service *HTTPRestService) publishNetworkContainer(w http.ResponseWriter, r
 	logger.Response(service.Name, response, response.Response.ReturnCode, err)
 }
 
+//nolint:revive // the previous receiver naming "service" is bad, this is correct:
+func (h *HTTPRestService) doUnpublish(ctx context.Context, req cns.UnpublishNetworkContainerRequest, dcr nmagent.DeleteContainerRequest) (string, types.ResponseCode) {
+	innerReqBytes := req.DeleteNetworkContainerRequestBody
+
+	if len(innerReqBytes) != 0 {
+		err := json.Unmarshal(innerReqBytes, &dcr)
+		if err != nil {
+			returnMessage := fmt.Sprintf("Failed to unmarshal NC unpublish request for NC %s, with error: %v", req.NetworkContainerID, err)
+			returnCode := types.NetworkContainerUnpublishFailed
+			logger.Errorf("[Azure-CNS] %s", returnMessage)
+			return returnMessage, returnCode
+		}
+	}
+
+	errDelete := h.nma.DeleteNetworkContainer(ctx, dcr)
+	// nolint:bodyclose // existing code needs refactoring
+	if errDelete != nil {
+		returnMessage := fmt.Sprintf("Failed to unpublish Network Container: %s. Error: %+v", req.NetworkContainerID, errDelete)
+		returnCode := types.NetworkContainerUnpublishFailed
+		logger.Errorf("[Azure-CNS] %s", returnMessage)
+		return returnMessage, returnCode
+	}
+
+	return "", types.Success
+}
+
 // Unpublish Network Container by calling nmagent
 func (service *HTTPRestService) unpublishNetworkContainer(w http.ResponseWriter, r *http.Request) {
 	logger.Printf("[Azure-CNS] UnpublishNetworkContainer")
@@ -1332,18 +1358,13 @@ func (service *HTTPRestService) unpublishNetworkContainer(w http.ResponseWriter,
 		}
 
 		if isNetworkJoined {
-			dcr := nmagent.DeleteContainerRequest{
-				NCID:                req.NetworkContainerID,
-				PrimaryAddress:      ncParameters.AssociatedInterfaceID,
-				AuthenticationToken: ncParameters.AuthToken,
-			}
+			var dcr nmagent.DeleteContainerRequest
+			dcr.NCID = req.NetworkContainerID
+			dcr.PrimaryAddress = ncParameters.AssociatedInterfaceID
+			dcr.AuthenticationToken = ncParameters.AuthToken
 
-			err = service.nma.DeleteNetworkContainer(ctx, dcr)
-			if err != nil {
-				returnMessage = fmt.Sprintf("Failed to unpublish Network Container: %s", req.NetworkContainerID)
-				returnCode = types.NetworkContainerUnpublishFailed
-				logger.Errorf("[Azure-CNS] %s", returnMessage)
-			}
+			// Unpublish Network Container
+			returnMessage, returnCode = service.doUnpublish(ctx, req, dcr)
 		}
 	default:
 		returnMessage = "UnpublishNetworkContainer API expects a POST"
diff --git a/cns/restserver/api_test.go b/cns/restserver/api_test.go
index 021f1f093a..25e253f289 100644
--- a/cns/restserver/api_test.go
+++ b/cns/restserver/api_test.go
@@ -991,10 +991,11 @@ func unpublishNCViaCNS(networkID, networkContainerID, deleteNetworkContainerURL
 	joinNetworkURL := "http://" + nmagentEndpoint + "/dummyVnetURL"
 
 	unpublishNCRequest := &cns.UnpublishNetworkContainerRequest{
-		NetworkID:                 networkID,
-		NetworkContainerID:        networkContainerID,
-		JoinNetworkURL:            joinNetworkURL,
-		DeleteNetworkContainerURL: deleteNetworkContainerURL,
+		NetworkID:                         networkID,
+		NetworkContainerID:                networkContainerID,
+		JoinNetworkURL:                    joinNetworkURL,
+		DeleteNetworkContainerURL:         deleteNetworkContainerURL,
+		DeleteNetworkContainerRequestBody: []byte("{}"),
 	}
 
 	var body bytes.Buffer
diff --git a/nmagent/requests.go b/nmagent/requests.go
index 1103dcd269..5f37093603 100644
--- a/nmagent/requests.go
+++ b/nmagent/requests.go
@@ -266,7 +266,9 @@ var _ Request = DeleteContainerRequest{}
 // DeleteContainerRequest represents all information necessary to request that
 // NMAgent delete a particular network container
 type DeleteContainerRequest struct {
-	NCID string `json:"-"` // the Network Container ID
+	NCID      string `json:"-"`         // the Network Container ID
+	AzID      uint   `json:"azID"`      // home AZ of the Network Container
+	EnableAZR bool   `json:"enableAZR"` // whether AZR is enabled or not
 
 	// PrimaryAddress is the primary customer address of the interface in the
 	// management VNET