Share via

Unable to Delete a Log Analytics Workspace in Azure

Gordon Blackwell 40 Reputation points
2025-05-12T12:37:10.0133333+00:00

While I am the Owner of the Subscription & Resource Group, I cannot delete a Log Analytics Workspace because there is a system assigned Deny Assignment on the Resource Group for All Principals.

What do I need to do to delete this service and resource group?

Also... Azure Log Analytics Workspace is not available as a Child Tag while logging this question

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,658 questions
0 comments
Accepted answer
  1. Ashok Gandhi Kotnana 10,350 Reputation points Microsoft External Staff Moderator
    2025-05-12T15:26:47.0266667+00:00

    Hi @Gordon Blackwell

    The issue you're encountering in Azure is due to a Deny Assignment at the Resource Group level. Even though you're the Owner, Deny Assignments override role-based access control (RBAC) permissions, including Owner. That means:

     A System Assigned Deny Assignment explicitly prevents deletion or modification of certain resources (in this case, the Log Analytics Workspace or the entire Resource Group).

     Deny Assignments are usually created by Azure policies, Blueprints, 

     Steps to Resolve & Delete the Resource:

     1. Identify the Source of the Deny Assignment

    Go to Azure Portal > Resource Group in question.

     Click Access Control (IAM) > Deny assignments tab.

     Look at the "Created By" field. This will tell you whether it's from:

     a) An Azure Policy or Blueprint

    If it’s Azure Policy:

    Go to Azure Policy > Assignments

     Find the policy that applies to the subscription/resource group

     Either exclude the resource group or delete the assignment

     If it’s a Blueprint:

     Go to Blueprints > Assigned Blueprints

     Locate the one that includes this resource group and unassign it (this will remove deny assignments)

     Note: It may take several minutes after unassigning a policy/blueprint

     2. Once the deny assignment disappears, you (as Owner) should now be able to delete the Log Analytics Workspace and the Resource Group.

    User's imageReferences:

    https://learn.microsoft.com/en-us/azure/azure-monitor/logs/delete-workspace?tabs=azure-portal#delete-a-workspace-into-a-soft-delete-state

    https://learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments?tabs=azure-portal

    Please let me know if you face any challenge here, I can help you to resolve this issue further

    Provide your valuable Comments.

    User's image

    Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gordon Blackwell 40 Reputation points
    2025-05-16T10:38:26.1166667+00:00

    Identify the Source of the Deny Assignment

    • From the Azure Portal, I navigated to the resource group or the Log Analytics workspace.
    • I reviewed the logs to determine that an Application Insights instance was the source
    • I deleted that Application Insights instance
    • This removed the Deny Assignments

    Delete Workspace

    • With the Deny Assignments removed, I was able to delete the Log Workspace
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.