If you’re a developer that is constantly trying out new things, you may want to clean up old and unused Microsoft Entra ID (formerly Azure AD) applications in your development tenant. In my case, I wanted to remove every single one, which is the very simple one-line command with PowerShell: Get-AzureRmADApplication | Remove-AzureRmADApplication. If you use applications that are configured for multi-tenancy (or, can be leveraged by other organizations by delegating permissions in Microsoft Entra ID (formerly Azure AD), you could run into the following error:
Remove-AzureRmADApplication : Deletion of multi-tenant application is currently not supported.
How did we get here?
After reviewing the list of Microsoft Entra ID (formerly Azure AD) applications, I noticed the only one not removed was a test version of Azure Usage and Billing Insights (AUBI) Portal. Recently, Jason Webster asked the team to look into deploying AUBI for eGroup, which would enable our customers the ability to have a complete view of their Azure subscriptions in an awesome looking PowerBI dashboard. This would also help us at eGroup visualize billing across all customers. Once fully deployed, AUBI will require its own blog post. This post is directly related to an issue for which I could find no solution.
A few weeks ago I deployed a test version of the application. Jason and I configured quite a few tenants in the application. We ran into a number of issues that most likely required some tweaks to the application to prepare it for general use. I also had some deployment issues that I pushed through to simply get a proof-of-concept up for testing to see if it even worked. The comments section of the Microsoft post and issue backlog on GitHub do not paint AUBI in a pretty light. Despite all this, I’m a glutton for trying to fix the unfixable and I’ve pushed ahead with getting this thing off the ground.
Running Get-AzureRmADApplication returned the only application left:
DisplayName : Azure Usage and Billing Portal (Registration) vdjm ObjectId : a1a650e4-b967-498a-9597-4bb48465fcb5 IdentifierUris : {http://.onmicrosoft.com/} HomePage : http://.azurewebsites.net Type : Application ApplicationId : 670d8498-34e6-49a2-92e4-4adc7e34b840 AvailableToOtherTenants : True AppPermissions : ReplyUrls : {http://.azurewebsites.net}
How do we fix it?
I noticed that AvailableToOtherTenants was set to True, which means that it is configured for multi-tenancy and would block removal, ultimately preventing the application from no longer working with other tenants that had it configured. Could we set this to False? Low and behold, the Set-AzureRmADApplication cmdlet was available with the AvailableToOtherTenants boolean parameter! So I executed the following commands to change this value and delete the application once and for all:
Set-AzureRmADApplication -ObjectId a1a650e4-b967-498a-9597-4bb48465fcb5 -AvailableToOtherTenants $false Remove-AzureRmADApplication -ObjectId a1a650e4-b967-498a-9597-4bb48465fcb5
That’s it!