Opt out of Microsoft Entra Verified ID
Opting out is the process of resetting your Microsoft Entra Verified ID environment.
When do you need to opt out?
Opting out is a one-way operation. After the process finishes, your Microsoft Entra Verified ID environment is reset. Opting out might be required to:
- Enable new service capabilities.
- Reset your service configuration.
- Switch between trust systems ION and web.
What happens to your data?
When you finish opting out of the Microsoft Entra Verified ID service, the following actions occur:
- The decentralized identifier (DID) keys in Azure Key Vault are soft deleted.
- The issuer object is deleted from our database.
- The tenant identifier is deleted from our database.
- All the verifiable credentials contracts are deleted from our database.
After an opt-out action takes place, you can't recover your DID or conduct any operations on your DID. This step is a one-way operation, and you need to onboard again. Onboarding again results in the creation of a new environment.
Effect on existing verifiable credentials
All verifiable credentials already issued continue to exist. For the ION trust system, they aren't cryptographically invalidated because your DIDs remain resolvable through ION. However, when relying parties call the status API, they always receive a failure message.
Opt out from Microsoft Entra Verified ID
From the Azure portal, search for verifiable credentials.
Select Organization Settings on the leftmost menu.
In the section Reset your organization, select Delete all credentials and reset service.
Read the warning message and select Delete & opt out to continue.
Next steps
- Set up verifiable credentials on your Azure tenant.