diff --git a/pkg/api/defaults-apiserver.go b/pkg/api/defaults-apiserver.go
index f70cce047..8cb215c62 100644
--- a/pkg/api/defaults-apiserver.go
+++ b/pkg/api/defaults-apiserver.go
@@ -152,6 +152,14 @@ func (cs *ContainerService) setAPIServerConfig() {
 		delete(o.KubernetesConfig.APIServerConfig, key)
 	}
 
+	if common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.24.0") {
+		// https://github.com/kubernetes/kubernetes/pull/106859
+		removedFlags124 := []string{"--address", "--insecure-bind-address", "--port", "--insecure-port"}
+		for _, key := range removedFlags124 {
+			delete(o.KubernetesConfig.APIServerConfig, key)
+		}
+	}
+
 	if common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.25.0") {
 		// https://github.com/kubernetes/kubernetes/pull/108624
 		removedFlags125 := []string{"--service-account-api-audiences"}
diff --git a/pkg/api/defaults-apiserver_test.go b/pkg/api/defaults-apiserver_test.go
index 5c79c68b1..4f075f90a 100644
--- a/pkg/api/defaults-apiserver_test.go
+++ b/pkg/api/defaults-apiserver_test.go
@@ -658,18 +658,6 @@ func TestAPIServerInsecureFlag(t *testing.T) {
 			version: "1.23.0",
 			found:   false,
 		},
-		{
-			version: "1.24.0",
-			found:   false,
-		},
-		{
-			version: "1.24.0-alpha.0",
-			found:   false,
-		},
-		{
-			version: "1.24.0-alpha.1-24",
-			found:   false,
-		},
 	}
 
 	for _, tt := range apiTests {
@@ -688,6 +676,46 @@ func TestAPIServerInsecureFlag(t *testing.T) {
 		}
 	}
 
+	apiTestsForceDelete := []apiServerTest{
+		{
+			version: "1.23.0",
+			found:   true,
+		},
+		{
+			version: "1.24.0",
+			found:   false,
+		},
+	}
+
+	for _, tt := range apiTestsForceDelete {
+		cs := CreateMockContainerService("testcluster", tt.version, 3, 2, false)
+		cs.Properties.OrchestratorProfile.KubernetesConfig.APIServerConfig = map[string]string{
+			"--address":               "0.0.0.0",
+			"--insecure-bind-address": "0.0.0.0",
+			"--port":                  "443",
+			"--insecure-port":         "0",
+		}
+		cs.setAPIServerConfig()
+		a := cs.Properties.OrchestratorProfile.KubernetesConfig.APIServerConfig
+
+		_, found := a["--address"]
+		if found != tt.found {
+			t.Fatalf("got --address found %t want %t", found, tt.found)
+		}
+		_, found = a["--insecure-bind-address"]
+		if found != tt.found {
+			t.Fatalf("got --insecure-bind-address found %t want %t", found, tt.found)
+		}
+		_, found = a["--port"]
+		if found != tt.found {
+			t.Fatalf("got --port found %t want %t", found, tt.found)
+		}
+		_, found = a["--insecure-port"]
+		if found != tt.found {
+			t.Fatalf("got --insecure-port found %t want %t", found, tt.found)
+		}
+	}
+
 }
 
 func TestAPIServerIPv6Only(t *testing.T) {
diff --git a/pkg/api/defaults-controller-manager.go b/pkg/api/defaults-controller-manager.go
index e582326a8..aa913584f 100644
--- a/pkg/api/defaults-controller-manager.go
+++ b/pkg/api/defaults-controller-manager.go
@@ -81,6 +81,14 @@ func (cs *ContainerService) setControllerManagerConfig() {
 		}
 	}
 
+	if common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.24.0") {
+		// https://github.com/kubernetes/kubernetes/pull/106860
+		removedFlags124 := []string{"--address", "--port"}
+		for _, key := range removedFlags124 {
+			delete(o.KubernetesConfig.ControllerManagerConfig, key)
+		}
+	}
+
 	if common.IsKubernetesVersionGe(o.OrchestratorVersion, "1.25.0") {
 		// https://github.com/kubernetes/kubernetes/pull/109612
 		removedFlags125 := []string{"--deleting-pods-qps", "--deleting-pods-burst", "--register-retry-count"}
diff --git a/pkg/api/defaults-controller-manager_test.go b/pkg/api/defaults-controller-manager_test.go
index 102eb9c1e..2463b6569 100644
--- a/pkg/api/defaults-controller-manager_test.go
+++ b/pkg/api/defaults-controller-manager_test.go
@@ -182,3 +182,41 @@ func TestControllerManagerDefaultConfig(t *testing.T) {
 		t.Fatalf("expected controller-manager to have route-reconciliation-period set to its default value")
 	}
 }
+
+func TestControllerManagerInsecureFlag(t *testing.T) {
+	type controllerManagerTest struct {
+		version string
+		found   bool
+	}
+
+	controllerManagerTestsForceDelete := []controllerManagerTest{
+		{
+			version: "1.23.0",
+			found:   true,
+		},
+		{
+			version: "1.24.0",
+			found:   false,
+		},
+	}
+
+	for _, tt := range controllerManagerTestsForceDelete {
+		cs := CreateMockContainerService("testcluster", tt.version, 3, 2, false)
+		cs.Properties.OrchestratorProfile.KubernetesConfig.ControllerManagerConfig = map[string]string{
+			"--address": "0.0.0.0",
+			"--port":    "443",
+		}
+		cs.setControllerManagerConfig()
+		a := cs.Properties.OrchestratorProfile.KubernetesConfig.ControllerManagerConfig
+
+		_, found := a["--address"]
+		if found != tt.found {
+			t.Fatalf("got --address found %t want %t", found, tt.found)
+		}
+		_, found = a["--port"]
+		if found != tt.found {
+			t.Fatalf("got --port found %t want %t", found, tt.found)
+		}
+	}
+
+}