Delete remoteDesktopSecurityConfiguration

Namespace: microsoft.graph

Delete a remoteDesktopSecurityConfiguration object on a servicePrincipal. Removing remoteDesktopSecurityConfiguration object on the servicePrincipal disables the Microsoft Entra ID Remote Desktop Services (RDS) authentication protocol to authenticate a user to Microsoft Entra joined or Microsoft Entra hybrid joined devices, and removes any target device groups that you configured for SSO.


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Application-RemoteDesktopConfig.ReadWrite.All, Application.ReadWrite.All, Directory.ReadWrite.All
Delegated (personal Microsoft account) Not supported.
Application Application-RemoteDesktopConfig.ReadWrite.All, Application.ReadWrite.OwnedBy, Application.ReadWrite.All, Directory.ReadWrite.All

The calling user must also be assigned the Application Administrator, Cloud Application Administrator, or Global Administrator directory role.

HTTP request

DELETE /servicePrincipals/{servicePrincipalsId}/remoteDesktopSecurityConfiguration/$ref

Request headers

Name Description
Authorization Bearer {token}. Required.

Request body

Don't supply a request body for this method.


If successful, this method returns a 204 No Content response code.



The following example shows a request.



The following example shows the response.

HTTP/1.1 204 No Content