This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 56.00000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWH%3C/text%3E%3C/svg%3E)
We generate managed identities (Entra resources), which are properly deleted upon test completion. However, Azure's soft-delete mechanism retains these resources for 30 days, during which they continue to count against our tenant quota.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 0%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBL%3C/text%3E%3C/svg%3E)
Disabling soft deletion for Entra resources (including managed identities) at the tenant level is not natively supported by Azure. Please try to submit a ticket to Microsoft Support to get the root reason and workaround.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 7.000000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Thanks for posting your question in Microsoft Q&A portal
Yes, Managed Identities are soft deleted for 30 days. You can view the soft deleted managed identity service principal, but you can't restore or permanently delete it and During this retention period, the soft-deleted identities still count against your tenant quota in Microsoft Entra ID. Unfortunately, this soft-delete period is fixed by Microsoft and cannot be configured or shortened.
After 30 days, these managed identities are permanently removed and stop counting against the quota. This behavior applies to managed identities as special types of service principals that are managed by Azure. As Byron Liu mentioned there isn't a supported way to bypass or purge soft-deleted managed identities before that period ends.
Refer document:
I hope the provided answer is helpful, do let me know if you have any further questions on this Please accept as Yes & upvote if the answer is helpful so that it can help others in the community.
Hello Wenqi He (RED HAT INC), Just checking to see if you have a chance to check my previous response and helped, do let me know if you have any further questions on this.
Hi Wenqi He (RED HAT INC), following up to see if you have a chance to check my previous response and helped, do let me know if you have any further questions on this.