Why is it not possible to hard delete an Azure Web App (Website)

Question

I have the need to move an Azure Web App (Website) from one Azure Directory to another.

When I attempted this earlier this month I deleted the Web App, It's App Plan, and the Resource Group that it was in.
I then tried to [re]create it in the new Azure Directory I was told that the name was already in use.

Contacting AzureSupport on twitter led me to discover that when a Web App is deleted it is only soft deleted and it is not automatically hard deleted for 30 days.

I have found out using this API https://learn.microsoft.com/en-us/rest/api/appservice/deleted-web-apps/list that I now have four Web Apps which are in the soft deleted state.

Why is there no interface for me to perform a hard delete of these Web Apps?
This would allow me to complete the move of the Website now, instead of waiting for 30 days before trying to create the website in the new directory.

Answer 1

@Mike Williams Apologies for issue!

This is due to new feature App Service recently rolled out a Name Reservation feature to protect customers from the threat of subdomain takeovers.

This new built-in feature creates a name reservation for web application names. No additional changes or configuration are needed by the customer to establish a name reservation.

The name reservation for a given resource name will exist from the moment the resource is created and for a lengthy time period after the resource has been deleted (a cooldown period). This means that during the cooldown period after resource deletion, other subscriptions outside of the original creating Azure AD tenant will not be able to create a web application using the same name.

However, once the cooldown period has ended, the name reservation will be released, and any subscription will then be able to create a web application with that given name.

See: Name Reservation on App Service for Web Apps and App Service Environment (ASE)

Also, could you please share what is your Quota ID if its enterprise or CSP or others to help you better on this?

Answer 2

@SnehaAgrawal-MSFT I eventually found this which accuratly describes my situation.
However there is no idictaion of how to force early release of the reserved DNS entry.

https://learn.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover#clean-up-dns-pointers-or-re-claim-the-dns

Clean up DNS pointers or Re-claim the DNS

Upon deletion of the classic cloud service resource, the corresponding DNS is reserved for 7 days. During the reservation period, re-use of the DNS will be forbidden EXCEPT for subscriptions belonging to the AAD tenant of the subscription originally owning the DNS. After the reservation expires, the DNS is free to be claimed by any subscription. By taking DNS reservations, the customer is afforded some time to either 1) clean up any associations/pointers to said DNS or 2) re-claim the DNS in Azure. The DNS name being reserved can be derived by appending the cloud service name to the DNS zone for that cloud.

Public - cloudapp.net Mooncake - chinacloudapp.cn Fairfax - usgovcloudapp.net BlackForest - azurecloudapp.de

i.e. a hosted service in Public named “test” would have DNS “test.cloudapp.net”

Example: Subscription ‘A’ and subscription ‘B’ are the only subscriptions belonging to AAD tenant ‘AB’. Subscription ‘A’ contains a classic cloud service ‘test’ with DNS name ‘test.cloudapp.net’. Upon deletion of the cloud service, a reservation is taken on DNS name ‘test.cloudapp.net’. During the 7 day reservation period, only subscription ‘A’ or subscription ‘B’ will be able to claim the DNS name ‘test.cloudapp.net’ by creating a classic cloud service named ‘test’. No other subscriptions will be allowed to claim it. After the 7 days is up, any subscription in Azure can now claim ‘test.cloudapp.net’.