How to transfer subscription after the AD (Entra) user has been deleted?

Kovács László 0 Reputation points
2024-06-25T09:36:57.4066667+00:00

hi!

My colleague had an azure subscription with 150 monthly free credit provided by the organization as part of the visual studio enterprise license.

Now because the colleague has left us, we deleted his user.

New we realized that even if a user is deleted its subscription won't get deleted and it's still working.

Since we deleted the user, we can't find a way to access this subscription.

The only reason we know about it, is that my colleague shared the subscription with me earlier, but only for view.

If it would have been an owner access level then I could delete the subscription and the resources, but this way I can only see the subscription with its resource groups.

Is there a way to remove a subscription or delegate it with no user?

Thank you very much!

Azure Cost Management
Azure Cost Management
A Microsoft offering that enables tracking of cloud usage and expenditures for Azure and other cloud providers.
2,325 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. SadiqhAhmed-MSFT 41,066 Reputation points Microsoft Employee
    2024-06-25T11:37:25.46+00:00

    Hello @Kovács László Thank you for contacting us through Microsoft Q&A platform. Happy to assist you!

    From the details you have provided, I understand that you want to delete an Azure subscription of your colleague who has left you and he as a user has been deleted from the account. In Azure, the ownership and management of subscriptions are tied to Azure Active Directory (AAD) accounts. When a user who owns a subscription is deleted from AAD, the subscription itself continues to exist independently. This situation can lead to difficulties in managing or accessing the subscription, especially if the owner is no longer available.

    Here’s how you can approach handling this scenario for recovering access to the Subscription:1. Identify Subscription Ownership:

    • As you mentioned, you have view access to the subscription but not ownership. This means you can see the subscription and its resource groups but cannot manage them fully.
    1. Contact Azure Support:
    2. Verification Process:
      • Azure support will likely verify your identity and relationship to the organization.
      • They may ask for documentation or other proof of authorization to manage the subscription.
    3. Transfer Ownership (if possible):
      • In some cases, Azure support can transfer ownership of the subscription to a new Azure AD user within the organization.
      • You may need to provide the details of the new user’s Azure AD account who will become the new owner.
    4. Delete Resources (if needed):
      • If the goal is to delete the subscription and its resources, and you have ownership transferred or regained access, you can then proceed to delete resources as necessary.
      • Keep in mind that deleting a subscription and its resources is a serious action and cannot be undone.

    Note: Also, for the future, you can create an emergency access account (break glass) in Azure AD. This account will help prevent being accidentally locked out of your Azure Active Directory (Azure AD) organization because you can't sign in for any reason.

    https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access

    Hope this helps!


    If the response helped, do "Accept Answer" and up-vote it

    0 comments No comments