Edit

Share via


Automatic deletions from deployment history

When you deploy resources to Azure, the deployment details are recorded in the deployment history at the scope where the deployment occurs. Each scope—whether it's a resource group, subscription, management group, tenant—can store up to 800 deployments in its history. Once this limit is reached, Azure automatically deletes the oldest deployments to make space for new ones. This automatic cleanup process was implemented on August 6, 2020.

Note

Deleting a deployment from the history doesn't affect any of the resources that were deployed.

Overview of automatic deployment history deletions

Deployments are deleted from your history when you exceed 700 deployments. Azure Resource Manager deletes deployments until the history is down to 600. The oldest deployments are always deleted first.

Diagram of deployment history deletion.

Important

If your scope is already at the 800 limit, your next deployment fails with an error. The automatic deletion process starts immediately. You can try your deployment again after a short wait.

In addition to deployments, you also trigger deletions when you run the what-if operation or validate a deployment.

When you give a deployment the same name as one in the history, you reset its place in the history. The deployment moves to the most recent place in the history. You also reset a deployment's place when you roll back to that deployment after an error.

Permissions required for automatic deletions

The deletions are requested under the identity of the user who deployed the template. To delete deployments, the user must have access to the Microsoft.Resources/deployments/delete action. If the user doesn't have the required permissions, deployments aren't deleted from the history.

If the current user doesn't have the required permissions, automatic deletion is attempted again during the next deployment.

Handling resource locks

If you have a CanNotDelete lock on a resource group or a subscription, the deployments for that scope can't be automatically deleted. To enable automatic cleanup of the deployment history, you need to remove the lock.

To delete a resource group lock, run the following commands:

$lockId = (Get-AzResourceLock -ResourceGroupName lockedRG).LockId
Remove-AzResourceLock -LockId $lockId

To delete a resource group lock, run the following commands:

Opting out of automatic deletions

You can opt out of automatic deletion to manually manage your deployment history. Use this option cautiously, as the 800-deployment limit remains enforced, and exceeding it causes deployment failures.

Important

Opting out is available only for subscription scopes, as it's controlled by the subscription-level Microsoft.Resources/DisableDeploymentGrooming feature flag. You can't opt out for only a particular resource group. For tenant or management group scopes, open a support ticket to disable automatic deletion.

To disable automatic deletion at the subscription scope (affects all resource groups within it):

For PowerShell, use Register-AzProviderFeature.

Register-AzProviderFeature -ProviderNamespace Microsoft.Resources -FeatureName DisableDeploymentGrooming

To see the current status of your subscription, use:

Get-AzProviderFeature -ProviderNamespace Microsoft.Resources -FeatureName DisableDeploymentGrooming

To reenable automatic deletions, use Azure REST API or Azure CLI.

Next steps