Share via


Deleting Azure AD Tenant - Unable to delete all Enterprise Applications

Hi All,

This is a quick guide on deleting an Azure AD Tenant, especially when there is some stubborn enterprise applications that refuse to go away.

Few weeks ago, I was trying to delete an Azure AD that I created as a test account for my customer. I happily go to portal.azure.com, changed to the relevant directory, in this case it was ronelx.onmicrosoft.com, and try to delete it using the "delete" button. Unfortunately, it came to a pause when Azure AD complaints that I have an enterprise application that needed to be removed. Normally you can click on the button "Delete all enterprise applications" as shown in the screenshot and you can delete them manually:

However, as you can see from the following screenshot, when I try to delete, it refuses to go away with the "delete" button greyed out.

WHAT DO WE DO?! First of all, you will need to create a new Global Admin OrgID (Work or School account) in the directory you are trying to delete (assuming you have removed all your users, as this is the first thing Azure AD checks for as shown above when you try to delete Azure AD tenant). Make sure you copy the temporary password:
Go to https://www.powershellgallery.com/packages/AzureAD/ to get the latest powershell Azure AD module

Start Powershell and run:

Install-Module -Name AzureAD

Once done run

Connect-AzureAD

You will be prompted to login, login with the user you created and will be asked to change your password:

You should now be able to list all the current application SPs in a directory:

Get-AzureADServicePrincipal

Now, delete all non-required apps in the tenant directory, for me it was the Microsoft Visual Studio Team Services.
Remove-AzureADServicePrincipal -objectid [enter object id here]Now that you are done, you will have to delete your user in AAD first, before deleting the Directory, or you will get a message saying you cannot delete the directory, because you have one or more users.

Try deleting the Azure AD again, and this time it should pass all the checks:


Hope this helps.

Reference: https://blogs.msdn.microsoft.com/ericgolpe/2015/04/30/walkthrough-of-deleting-an-azure-ad-tenant/ (this blog was written in 2015, I have updated some powershell scripts, as you can now install powershell modules through PowerShell Gallery)

Comments

  • Anonymous
    October 04, 2017
    WHERE exactly is the last step (delete the Azure AD)in the ARM portal?
    • Anonymous
      October 04, 2017
      To delete your azure ad, go to azure ad blade, you should see "delete" button. I'll post a screenshot if you can't find it.
  • Anonymous
    November 18, 2017
    Thank you so much for this... saved me a lot of frustration. Would you define this as a bug in the Azure Portal? Why should admins be able to delete the offending apps via the UI if they can do it through powershell?
    • Anonymous
      November 19, 2017
      Hey Gzidar,Glad it helped. I am not sure whether product group is aware, but I will definitely drop them a note. The UI is very helpful for new admins who are not very familiar with PowerShell, or new to Azure AD. PowerShell definitely is the go-to tool for a lot of people though.