![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 28.999999999999996%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 99%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 49%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
The tenant deletion check can still be blocked by hidden or system enterprise applications (service principals) that don’t appear in the Enterprise applications blade. These must be removed or disabled by using Microsoft Graph and Az PowerShell, then the deletion can be retried.
Follow these steps:
- Install the required PowerShell modules
Install-Module Microsoft.Graph Install-Module -Name Az - Connect to the tenant to be deleted (as a homed Global Administrator)
RunConnect-MgGraph -Scopes "Application.ReadWrite.All"Get-MgDomainto verify the connected tenant ID andonmicrosoft.comdomain. - Verify Az context for the same tenant (safety check)
Confirm the tenant ID and domain match the tenant that should be deleted. Do not skip this step to avoid deleting apps in the wrong tenant.Clear-AzContext -Scope CurrentUser Connect-AzAccount -Tenant <object id of the tenant you are attempting to delete> Get-AzContext - Remove all service principals (enterprise apps)
Run the following command multiple times until no more service principals can be removed:
Get-MgServicePrincipal -All | ForEach-Object { Remove-MgServicePrincipal -ServicePrincipalId $_.Id } - If some service principals cannot be deleted, disable and retry
$ServicePrincipalUpdate = @{ "accountEnabled" = "false" } Get-MgServicePrincipal -All | ForEach-Object { Update-MgServicePrincipal -ServicePrincipalId $_.Id -BodyParameter $ServicePrincipalUpdate } Get-MgServicePrincipal -All | ForEach-Object { Remove-MgServicePrincipal -ServicePrincipalId $_.Id } - After the service principals are removed/disabled, go back to the Microsoft Entra admin center and retry tenant deletion from Entra ID → Overview → Manage tenants → Delete.
This clears hidden enterprise applications that are not visible in the portal list but still block tenant deletion.
References: