Enterprise Application is unknown and I cannot delete it.

Question

Enterprise Application is unknown and I cannot delete it.

Magnus Mårtensson 1

In my AAD there is an Enterprise Application that has an odd name of just letters and numbers (not a guid). I don't know what it is for. I am the Global Admin of my tenant. I cannot delete this enterprise application. This is quite odd. I'd like to be able to identify it. Maybe delete it.

Andy David - MVP 157.8K Reputation points

2022-11-28T12:18:56.8+00:00

Check the Azure Audit and Sign In Logs for the last month. Any activity?
What happens when you try to delete it?

1 answer

Your answer

Andy David - MVP 157.8K Reputation points

2022-11-28T12:18:56.8+00:00

Check the Azure Audit and Sign In Logs for the last month. Any activity?
What happens when you try to delete it?

Answer 1

Hi @Magnus Mårtensson ,

Thanks for your post! There are a few issues that can prevent an enterprise application from being deleted. First, if you haven't done so already, I would recommend trying to remove the application through Powershell using these commands:

1) Connect-Azure AD : Connect-AzureAD

2) Enter Get-AzureADServicePrincipal to display all registered Enterprise Applications along with their ObjectId

3) Remove-AzureADServicePrincipal -objectid <ObjectId from the list> to remove the listed application

If you are unable to remove the object via Powershell, please share the output you receive.

There are several other issues that can prevent the deletion of an enterprise application.

1) This will happen when you try to delete servicePrincipals that correspond to a managed identity. Managed identity service principals cannot be deleted the normal way though the Enterprise apps blade or via PowerShell. If this is a managed identity, you need to go to the associated Azure resource to manage it. When the resource is deleted, Azure will automatically delete the identity.

2) If the application is a first party service principal, it can only be deleted through a support case. This is a known issue, for instance, with the tenant schema extension app. If this is the case, you can reach out to Billing support for free here or via the global support numbers.

Additional references:
Delete an enterprise application
Remove service principal
Cannot delete tenant schema extension app
Remove enterprise applications

Let me know if this helps and if you have further questions.

-
If the information helped you, please Accept the answer. This will help us and other community members as well.

Magnus Mårtensson 1 Reputation point

2022-12-02T13:10:51.71+00:00

Hi there and thank you for trying to help!

It is indeed the case that I am unable to remove this service principal, even using PowerShell.

(The correct cmdlets are Get-AzADServicePrincipal and Remove-AzADServicePrincipal!)

I also have not found any Azure Resource that fits the naming of this principal which is eb392b7888e945af9b1626cc. If I search in Azure for this name, I can only find the principal in AAD, and nothing else at all.

A thing that bothers me is that this principal had access on the tenant root management group (which I have now revoked), and it has two roles in AAD - Cloud Application Administrator and Reports Reader. I am unable to remove the roles from the principal.

Here is the output you asked for I think:

Share via

Enterprise Application is unknown and I cannot delete it.

1 answer

Your answer