Unable to delete test tenant

Question

I have an Entra ID tenant that I would like to delete. The dialog to delete the tenant is suggesting an enterprise application exists that must first be deleted.

The only enterprise applications left are first-party which cannot be deleted. I've waited several days thinking one of the applications I did delete was pending, but that did not make a difference.

Does anyone know how to troubleshoot this?

Thank you.

Answer 1

It seems the issue cleared up on its own after a few weeks.

Answer 2

To troubleshoot and unblock deletion of the Entra ID test tenant when an enterprise application is still reported:

1. Confirm all deletion prerequisites
   • Ensure there is only one user left in the tenant (the Global Administrator who will delete the tenant).
   • Ensure there are no applications left in the tenant under App registrations (including special apps like b2c-extensions-app if this is/was a B2C or External ID tenant).
   • Ensure there are no subscriptions, MFA providers, or self-service sign-up products still associated with the tenant.
   These checks are required before a tenant can be deleted.
2. Use the built‑in delete flow to see what is blocking
   • Sign in to the Microsoft Entra admin center as a Global Administrator.
   • Go to Microsoft Entra ID → Overview → Manage tenants.
   • Select the test tenant and choose Delete.
   • Review the Required action information shown there; it will list the blocking resource type (for example, applications, user flows, subscriptions, etc.). This helps confirm that the blocker is indeed an enterprise application and not another resource.
3. If the blocker is an enterprise application that cannot be deleted in the portal Some first‑party or special service principals cannot be removed directly in the Entra admin center but can still block tenant deletion. In that case, remove or disable them using Microsoft Graph PowerShell as documented: a. Install required modules (run in an elevated PowerShell session):

      Install-Module Microsoft.Graph
      Install-Module -Name Az
   

   b. Connect to the tenant to be deleted with a homed Global Administrator:

      Connect-MgGraph -Scopes "Application.ReadWrite.All"
   

   Run Get-MgDomain to verify the connected tenant ID and onmicrosoft.com domain. c. Verify Az context to avoid affecting the wrong tenant:

      Clear-AzContext -Scope CurrentUser
      Connect-AzAccount -Tenant <object id of the tenant you are attempting to delete>
      Get-AzContext
   

   Confirm the tenant ID and domain match the test tenant. d. Remove service principals (enterprise apps):

      Get-MgServicePrincipal -All | ForEach-Object { 
          Remove-MgServicePrincipal -ServicePrincipalId $_.Id 
      }
   

   Run this multiple times until no more service principals can be removed. e. If some service principals still cannot be deleted, disable them and retry removal so they no longer block tenant deletion:

      $ServicePrincipalUpdate = @{ "accountEnabled" = "false" }
      
      Get-MgServicePrincipal -All | ForEach-Object { 
          Update-MgServicePrincipal -ServicePrincipalId $_.Id -BodyParameter $ServicePrincipalUpdate 
      }
      Get-MgServicePrincipal -All | ForEach-Object { 
          Remove-MgServicePrincipal -ServicePrincipalId $_.Id 
      }
   

4. Retry tenant deletion
   • After cleaning up or disabling the blocking enterprise applications, sign in again to the Entra admin center as Global Administrator.
   • Go to Microsoft Entra ID → Overview → Manage tenants.
   • Select the test tenant and choose Delete.
   • If all checks now pass, confirm deletion.

This PowerShell-based cleanup is specifically intended for cases where non‑deletable enterprise applications are blocking tenant deletion.

---

References:

• Delete a tenant in Microsoft Entra ID
• Delete the organization
• Remove enterprise apps that you can't delete
• Delete an external tenant
• Clean up resources and delete the tenant