Deletion and recovery of applications FAQ

The following are some frequently asked questions (FAQs) on deletion and recovery of applications.

When I create applications, I'm getting Directory_QuotaExceeded error. How can I avoid this problem?

A non-admin user can create no more than 250 Azure AD resources that include applications and service principals. Both active resources and deleted resources that are available to restore count toward this quota. Even if you delete more applications that you don't need, they'll still add count to the quota. To free up the quota, you need to permanently delete objects in the deleted items container.

For more information about the service limits, see Azure resource management.

Where can I find all the deleted applications and service principals?

Soft-deleted application and service principal objects go into the deleted items container and remain available to restore for up to 30 days. After 30 days, they're permanently deleted, and this frees up the quota.

To learn how to view deleted application objects through the Azure portal, see View restorable applications.

Deleted service principals can't be viewed through the Azure portal. To learn how to view your restorable service principals using PowerShell or Microsoft Graph API, see View restorable service principals.

How do I restore deleted applications or service principals?

To learn how to restore recently deleted application registrations through the Azure portal, see Restore application registrations.

To learn how to restore recently deleted service principals, see Restore service principals. This method is also applicable for restoring recently deleted application registrations using PowerShell or Microsoft Graph API.

How do I permanently delete soft deleted applications or service principals?

To permanently delete application registrations through the Azure portal, see Permanently delete an application.

To permanently delete a service principal, see Permanently delete a service principal. This method is also applicable for permanently deleting application registrations using PowerShell or Microsoft Graph API.

Can I configure the interval in which applications and service principals are permanently deleted by Azure AD?

No. You can't configure the periodicity of hard deletion.

I lost my SAML SSO configurations after deleting and restoring my application through app registrations in the Azure portal. How can I restore my configurations?

The SAML SSO configurations are stored on the service principal object. When you restore an application from the App registrations UI, it recovers the app object but creates a new service principal. The SAML SSO configurations done earlier to the app are lost when restoring a deleted application using the App registrations UI.

To correct this problem, delete the new service principal the App registrations experience created and Restore the original service principal.

If you didn't record the service principal before deleting the application, use the list deleted items API to fetch the deleted service principal and filter the results by the client's application ID (appId) property using the following syntax:

https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.servicePrincipal?$filter=appId eq '{appId}'. Once you've retrieved the object ID of the deleted service principal, proceed to restore it.

Why can't I recover managed identities?

Managed identities are a special type of service principals. Deleted managed identities can't be recovered currently.

I can't see the provisioning data from a recovered service principal. How can I recover it?

After recovering a service principal, you may initially see the error in the following screenshot. This issue will resolve itself between 40 mins and 1 day. If you'd like the provisioning job to start immediately, you can hit restart to force the provisioning service to run again. Hitting restart will trigger an initial cycle that can take time for customers with 100K+ users or group memberships.

Screenshot of recovering user provisioning data.

I recovered my application that was configured for application proxy. I can't see app proxy configurations after the recovery. How can I recover it back?

App proxy configurations can't be recovered through the portal UI. Use the API to recover app proxy settings. Expect a delay of up to 24 hours as the app proxy data gets synced back.

I can't see the policies I set on the service principal object after the recovery. How can I recover them?

Policies can't be recovered currently. When you restore a service principal, you'll have to configure the policies again.