Restore an enterprise application in Azure AD

Article
11/02/2022
3 minutes to read

In this article, you'll learn how to restore a soft deleted enterprise application in your Azure Active Directory (Azure AD) tenant. Soft deleted enterprise applications can be restored from the recycle bin within the first 30 days after their deletion. After the 30-day window, the enterprise application is permanently deleted and can't be restored.

Important

If you deleted an application registration in its home tenant through app registrations in the Azure portal, the enterprise application, which is its corresponding service principal also got deleted. If you restore the deleted application registration through the Azure portal, its corresponding service principal, won't be restored. Instead, this action will create a new service principal. Therefore, if you had configurations on the previous enterprise application, you can't restore them through the Azure portal. Use the workaround provided in this article to recover the deleted service principal and its previous configurations.

Prerequisites

To restore an enterprise application, you need:

An Azure AD user account. If you don't already have one, you can Create an account for free.
One of the following roles: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
A soft deleted enterprise application in your tenant.

View restorable enterprise applications

To recover your enterprise application with its previous configurations, first delete the enterprise application that was restored through the Azure portal, then take the following steps to recover the soft deleted enterprise application. For more information on frequently asked questions about deletion and recovery of applications, see Deleting and recovering applications FAQs.

Important

Make sure you're using the AzureAD module. This is important if you've installed both the AzureAD module and the AzureADPreview module.

Run the following commands:

Remove-Module AzureADPreview
Import-Module AzureAD

Connect to Azure AD PowerShell:
```
Connect-AzureAD
```
To view the recently deleted enterprise application, run the following command:
```
Get-AzureADMSDeletedDirectoryObject -Id <id>
```

Replace id with the object ID of the service principal that you want to restore.

Run connect-MgGraph -Scopes "Application.ReadWrite.All" and sign in with a Global Admin user account.
To view the recently deleted enterprise applications, run the following command:
```
Get-MgDirectoryDeletedItem -DirectoryObjectId <id>
```

Replace id with the object ID of the service principal that you want to restore.

View and restore recently deleted enterprise applications using Graph Explorer.

To get the list of deleted enterprise applications in your tenant, run the following query.

GET https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.servicePrincipal

From the list of deleted service principals generated, record the ID of the enterprise application you want to restore.

Alternatively, if you want to get the specific enterprise application that was deleted, fetch the deleted service principal and filter the results by the client's application ID (appId) property using the following syntax:

https://graph.microsoft.com/v1.0/directory/deletedItems/microsoft.graph.servicePrincipal?$filter=appId eq '{appId}'. Once you've retrieved the object ID of the deleted service principal, proceed to restore it.