August 2, 2018

Cannot delete Azure Active Directory due to existing Enterprise Applications

Problem

After deleting all required objects from Azure AD, so you could delete it, the “Delete directory” validator still says “Delete all enterprise applications”, as there are custom Enterprise Applications preventing directory deletion.

1

Solution

Usually the reason is Microsoft Visual Studio Team Services Enterprise application. You can go to Properties, and flip “Enable for users to sign-in” to No, and it helps in some cases.

2

However, sometimes it is not enough, but you need to go and delete all Enterprise Applications via PowerShell (although many of them are internal Azure apps).

Command for logging in and deletion is:

Connect-AzureAD –TenantID <TENANT_ID>
#repeat the following line for EACH Enterprise Application, some will throw error, but ignore it
Remove-AzureADServicePrincipal –ObjectId <OBJECT_ID_OF_ENT_APP>

Then with your web browser, log out from the Azure portal, and log back in, and you should be able to delete the Azure AD using browser.

Do note that Get-AzureADServicePrincipal | Remove-AzureADServicePrincipal didn’t work for some reason, and I needed to do the removal one by one.

9 comments:

  1. Pulling my hair out over this one. Did everything in the official guidelines. Did everything as described in this blog post. Just came off the phone with MS support remote desktoping in.... STILL UNABLE TO DELETE because of the 'delete all Enterprise Applications' error! Support guy has no idea why either... Ugh.

    ReplyDelete
    Replies
    1. I understand the frustration, but can only wonder why these steps didn't work for you. :(

      Delete
  2. I was able to resolve it with a combination of the steps above and also enabling LinkedIn connections in the User Settings for the Directory. Without enabling the LinkedIn connections, I was unable to disable or delete the O365 LinkedIn app (not listed as an Enterprise app but was blocking deletion).

    ReplyDelete
  3. This worked for me:

    Get-AzureADServicePrincipal | Select-Object -ExpandProperty ObjectId | ForEach-Object { Remove-AzureADServicePrincipal -ObjectId $_}

    ReplyDelete
    Replies
    1. Hi....thanks for this idea..It really worked for me. There were no enterprise applications shown in the portal but i had a hell lot of other pre-installed applications which were stubborn enough. I was able to remove all of them using this cmdlet of yours. Thanks once again!

      Delete
  4. Get-AzureADServicePrincipal | ForEach-Object { Remove-AzureADServicePrincipal -ObjectId $_.ObjectId }

    ReplyDelete