How to transfer subscription after the AD (Entra) user has been deleted?

Question

hi!

My colleague had an azure subscription with 150 monthly free credit provided by the organization as part of the visual studio enterprise license.

Now because the colleague has left us, we deleted his user.

New we realized that even if a user is deleted its subscription won't get deleted and it's still working.

Since we deleted the user, we can't find a way to access this subscription.

The only reason we know about it, is that my colleague shared the subscription with me earlier, but only for view.

If it would have been an owner access level then I could delete the subscription and the resources, but this way I can only see the subscription with its resource groups.

Is there a way to remove a subscription or delegate it with no user?

Thank you very much!

Answer 1

Hello @Kovács László Thank you for contacting us through Microsoft Q&A platform. Happy to assist you!

From the details you have provided, I understand that you want to delete an Azure subscription of your colleague who has left you and he as a user has been deleted from the account. In Azure, the ownership and management of subscriptions are tied to Azure Active Directory (AAD) accounts. When a user who owns a subscription is deleted from AAD, the subscription itself continues to exist independently. This situation can lead to difficulties in managing or accessing the subscription, especially if the owner is no longer available.

Here’s how you can approach handling this scenario for recovering access to the Subscription:1. Identify Subscription Ownership:

• As you mentioned, you have view access to the subscription but not ownership. This means you can see the subscription and its resource groups but cannot manage them fully.

1. Contact Azure Support:
   • Azure support can assist in recovering access to a subscription when the owner is no longer available. Use the following steps: https://docs.microsoft.com/en-us/azure/azure-portal/supportability/how-to-create-azure-support-request The ticket enables you to work closely with the support engineers and get a quick resolution to your issue.
   • FYI: Azure Billing and Subscription Management support is included in the Basic Support Plan without any charge. https://azure.microsoft.com/en-us/support/plans/
2. Verification Process:
   • Azure support will likely verify your identity and relationship to the organization.
   • They may ask for documentation or other proof of authorization to manage the subscription.
3. Transfer Ownership (if possible):
   • In some cases, Azure support can transfer ownership of the subscription to a new Azure AD user within the organization.
   • You may need to provide the details of the new user’s Azure AD account who will become the new owner.
4. Delete Resources (if needed):
   • If the goal is to delete the subscription and its resources, and you have ownership transferred or regained access, you can then proceed to delete resources as necessary.
   • Keep in mind that deleting a subscription and its resources is a serious action and cannot be undone.

Note: Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.

https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access

Hope this helps!

---

If the response helped, do "Accept Answer" and up-vote it