Cannot delete Enterprise Policy. Error says it is associated with an Power Platform env that has been deleted after geo-to-geo migration has been performed

Question

I had a Power Platform Environment in Europe region that user Enterprise Policy (2 VPNs within 2 paierd datacenters in the region) https://learn.microsoft.com/en-us/power-platform/admin/vnet-support-setup-configure?tabs=new. I did geo-to-geo migration to Germany via MS Support. https://learn.microsoft.com/en-us/power-platform/admin/geo-to-geo-migrations

Because of that I had to recreate 2 virtual networks in germany and an enterprise policy.

Now I want to cleanup my resources, but Azure thinks that the enterprise policy is still associated to the env:

Remove-AzResource -ResourceId "..."

Remove-AzResource: EnterprisePolicyDeleteNotAllowed : Enterprise Policy Deletion not allowed for Enterprise Policy with name <name> as it is linked with 1 environment with environmentId as 628b9eda-13f4-ef50-a287-7b586ef7995c. Please unlink these environments from Enterprise Policy name <name> and id 8343a557-6bee-4cb6-94a3-7c944ab42f8a to perform deletion

The thing is I recognize this environment id as a source environment that was migrated FROM Europe. I have since new environment id.

MS Support confirmed that the env is gone.

I suspect they deleted env in a way that UI does not allow to and they ask revert subnet injection policy before deletion. Anyways, I think some metadata is still present that prevents deleting this.

The issue is similar to: https://learn.microsoft.com/en-us/answers/questions/2134887/cannot-delete-virtual-network-enterprise-policy but I have the policy and not the env. There is no way to create env with that particular ID.

How can I proceed cleaning up virtual network resources which has orphaned dependencies?

Answer 1

Jānis Veinbergs ca va, ca va, thanks for bringing this up ))

let's tackle the microsoft side. since u already did the geo migration and ms support confirmed the old env is gone, the error might just be stale metadata. try this powerShell command to force unlink the policy from the ghost env

Remove-AzResource -ResourceId "/subscriptions/[your-sub-id]/resourceGroups/[your-rg]/providers/Microsoft.PowerPlatform/enterprisePolicies/[policy-name]" -Force

if that doesn't work, u might need to nudge the azure resource manager. sometimes it gets stuck like a croissant in a parisian café )) check this doc for deeper cleanup steps learn.microsoft.com/power-platform/admin/manage-environments#delete-an-environment.

also, peek into the azure resource graph explorer. run this query to see if the old env id still lurks somewhere

resources
| where type == "microsoft.powerplatform/environments"
| where properties.environmentId == "628b9eda-13f4-ef50-a287-7b586ef7995c"

if it shows up, ms support might need to purge it from their backend.

now for some general tips that could save u headaches later )) always double check subnet injections before deleting policies. its like untangling earphones skip a step, and everything knots up. this might help in other tools too, especially when dealing with cross region setups.

worth looking into azure policies as well. sometimes they hold references to deleted resources like overattached exes )) learn.microsoft.com/azure/governance/policy/overview.

if u ever do another geo migration, maybe take screenshots of the old env configs. old school, but it beats chasing ghost ids later :))

let me know if the force delete worked

Best regards,

Alex

and "yes" if you would follow me at Q&A - personaly thx.
P.S. If my answer help to you, please Accept my answer

https://ctrlaltdel.blog/