Share via

Delete FrontDoor

Ricardo Romão 25 Reputation points
2026-02-11T15:31:20.1333333+00:00

Hello Azure Support Team,

We are requesting assistance with the forced removal of custom domains associated with an Azure Front Door instance that we are unable to delete.

Context:

We have an Azure Front Door resource that is no longer in use. There is no active production workload behind this Front Door.

However, the resource cannot be deleted because the following custom domains are still associated:

  • fabrica.dgpm.mm.gov.pt
  • gestao.dgpm.mm.gov.pt
  • fundoazul.dgpm.mm.gov.pt
  • www.pnvihsida.dgs.pt
  • saudesazonal.min-saude.pt

These domains are externally managed by the client, and we no longer have administrative control over their DNS configuration. Despite multiple requests, the DNS entries have not been updated to remove the CNAME records pointing to the Azure Front Door endpoint.

As a result:

  • We cannot remove the custom domains from the Front Door resource.
  • We cannot delete the Front Door instance.
  • The resource is inactive but remains locked due to external DNS dependency.

Request:

We kindly request Microsoft assistance to:

  1. Forcefully detach these custom domains from the Azure Front Door resource.
  2. Remove any validation bindings that are blocking deletion.
  3. Allow the Front Door resource to be safely deleted.

We confirm that:

  • There are no active backends configured.
  • No traffic is intended to be served from this resource.
  • This is a decommissioning scenario.

Please let us know if additional information is required (Subscription ID, Resource Group, Front Door name, etc.).

Thank you for your support.

Best regards,
Masterlink

Azure Front Door
Azure Front Door

An Azure service that provides a cloud content delivery network with threat protection.

0 comments
Answer accepted by question author
  1. Praveen Bandaru 10,720 Reputation points Microsoft External Staff Moderator
    2026-02-11T18:12:48.5666667+00:00

    Hello Ricardo Romão

    I understand that you're in a bit of a bind with those custom domains attached to your Azure Front Door instance, and I get how frustrating that can be.

    1. Unfortunately, there isn't a direct way to forcefully detach custom domains via the Azure Portal or API if you don't manage the DNS records for those domains. Usually, domains need to be detached by removing the CNAME entries in the domain's DNS settings.
    2. If the domains are still associated with your Front Door but cannot be directly removed due to DNS issues, you might want to verify if you can use either PowerShell or Azure CLI to delete the Front Door, which might bypass those bindings if they’re not actively validating.
    3. Additionally, when deleting, check the activity logs to find information about the activity if it fails.
    • Using Azure PowerShell: 
        Remove-AzFrontDoor -Name "YourFrontDoorName" -ResourceGroupName "YourResourceGroupName"
    • Using Azure CLI: 
        az network front-door delete --name YourFrontDoorName --resource-group YourResourceGroupName

    Check the below reference link:
    https://learn.microsoft.com/en-us/cli/azure/network/front-door?view=azure-cli-latest&wt.mc_id=knowledgesearch_inproduct_azure-cxp-community-insider

    Microsoft has introduced this breaking change (https://github.com/hashicorp/terraform-provider-azurerm/issues/11231). But it seems like it can be disabled by registering feature flag: 

    az feature register --namespace Microsoft.Network --name BypassCnameCheckForCustomDomainDeletion

    And let me know the outcome once you perform the action.

    Hope the above answer helps! Please let us know do you have any further queries.

    Please do consider to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alex Burlachenko 19,615 Reputation points Volunteer Moderator
    2026-02-12T10:37:29.0366667+00:00

    Hi,

    i would like to add my coin to discuss, in Azure front door msft cannot forcibly detach custom domains if dns validation still points to the front door endpoint. The platform requires ownership validation of each custom domain and as long as the cname record is still resolving to the front door hostname the binding remains valid and cannot simply be removed from the backend side.

    If you no longer control the external dns zone then unfortunately this becomes a dns ownership issue rather than an Azure resource issue. Azure does not have the ability to override public dns records or bypass domain validation checks.

    The only supported way to remove the custom domains is to update or remove the cname records in the public dns so that they no longer point to the front door endpoint. Once dns propagation completes the custom domains can be removed and the front door resource can be deleted normally.

    If dns cannot be modified because the domain owner is unresponsive then the only realistic option is to open a msft support ticket and request backend cleanup but even then microsoft will require proof that you are authorised to request detachment of those domains.

    In short this is not a compute or configuration lock but a domain validation dependency & dns ownership must be resolved before deletion can proceed.

    rgds,

    Alex

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.