Muokkaa

Jaa


Restore an enterprise application in Microsoft Entra ID

In this article, you learn how to restore a soft deleted enterprise application in your Microsoft Entra tenant. Soft deleted enterprise applications can be restored from the recycle bin within the first 30 days after their deletion. After the 30-day window, the enterprise application is permanently deleted and can't be restored.

If you deleted an application registration in its home tenant through app registrations in the Microsoft Entra admin center, the enterprise application, which is its corresponding service principal also got deleted.

If you restore the deleted application registration through the Microsoft Entra admin center, its corresponding service principal, is also restored. You'll therefore be able to recover the service principal's previous configurations, except its previous policies such as Conditional Access policies, which aren't restored.

Prerequisites

To restore an enterprise application, you need:

Take the following steps to recover a recently deleted enterprise application. For more information on frequently asked questions about deletion and recovery of applications, see Deleting and recovering applications FAQs.

View restorable enterprise applications using Azure AD PowerShell

Make sure you're using the Azure AD PowerShell module. This is important if you've installed both the Azure AD PowerShell module and the AzureADPreview module.

You need to sign in as at least a Cloud Application Administrator.

  1. Run the following commands.

    Remove-Module AzureADPreview
    Import-Module AzureAD
    
  2. Connect to Azure AD PowerShell.

    Connect-AzureAD
    
  3. Run the following command to view the recently deleted enterprise application.

    Get-AzureADMSDeletedDirectoryObject -Id <id>
    

Replace ID with the object ID of the service principal that you want to restore.

View restorable enterprise applications using Microsoft Graph PowerShell

  1. Run connect-MgGraph -Scopes "Application.ReadWrite.All". You need to sign in as at least a Cloud Application Administrator.

  2. To view the recently deleted enterprise applications, run the following command.

    Get-MgDirectoryDeletedItem -DirectoryObjectId <id>
    

Replace ID with the object ID of the service principal that you want to restore.

View restorable enterprise applications using Microsoft Graph API

View and restore recently deleted enterprise applications using Graph Explorer. You need to sign in as at least a Cloud Application Administrator.

To get the list of deleted enterprise applications in your tenant, run the following query.

GET https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.servicePrincipal

From the list of deleted service principals generated, record the ID of the enterprise application you want to restore.

Alternatively, if you want to get the specific enterprise application that was deleted, fetch the deleted service principal and filter the results by the client's application ID (appId) property using the following syntax:

https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.servicePrincipal?$filter=appId eq '{appId}'. Once you retrieved the object ID of the deleted service principal, proceed to restore it.

Restore an enterprise application using Azure AD PowerShell

  1. To restore the enterprise application, run the following command:

    Restore-AzureADMSDeletedDirectoryObject -Id <id>
    

Replace ID with the object ID of the service principal that you want to restore.

Restore an enterprise application using Microsoft Graph PowerShell

  1. To restore the enterprise application, run the following command:

    Restore-MgDirectoryDeletedItem -DirectoryObjectId <id>
    

Replace ID with the object ID of the service principal that you want to restore.

Restore an enterprise application using Microsoft Graph API

To restore the enterprise application, run the following query:

POST https://graph.microsoft.com/v1.0/directory/deletedItems/{id}/restore

Replace ID with the object ID of the service principal that you want to restore.

Soft-deleted managed identity service principals can be viewed but can't be recovered or permanently deleted by customers.

Warning

Permanently deleting an enterprise application is an irreversible action. Any present configurations on the app will be completely lost. Carefully review the details of the enterprise application to be sure you still want to hard delete it.

Permanently delete an enterprise application using Azure AD PowerShell

To permanently delete a soft deleted enterprise application, run the following command:

Remove-AzureADMSDeletedDirectoryObject -Id <id>

Permanently delete an enterprise application using Microsoft Graph PowerShell

  1. To permanently delete the soft deleted enterprise application, run the following command:

    Remove-MgDirectoryDeletedItem -DirectoryObjectId <id>
    

Permanently delete an enterprise application using Microsoft Graph API

To permanently delete a soft deleted enterprise application, run the following query in Microsoft Graph explorer.

DELETE https://graph.microsoft.com/v1.0/directory/deletedItems/{object-id}

Next steps