I've created several Apps in Azure Active Directory and some of them I don't need anymore. I want to remove them but the remove icon at the bottom is greyed out.
Does anyone know what the reason for this could be or if there is another way to remove the Apps I don't need?
If the applications are multi tenant, first thing you would need to do is to change that so that they are not multi tenant. Then you should be able to remove the applications from your Azure AD.
This helped me when I had similar problems, check it out:
https://samlman.wordpress.com/2015/02/27/how-to-delete-an-app-you-consented-to-in-azure-ad/
Related
I am a Solution Architect responsible for setting up a project's infrastructure on Azure. The project should be running in multiple environments (dev, staging, prod). As far as I learned the best practice regarding environment separation in Azure is to use Resource Groups. That's what I did.
However, this is where things start getting tricky. Our application will use Azure AD as OAuth Authorization Server. I want to have my AD isolated, like everything else in my infrastructure. I don't want to accidentally modify a production user from the dev environment and for the dev environment, I want to be able to create a ton of test users which I don't want to see in production. So, isolation.
The problem is I don't see any option on how to do this. My first instinct was to create multiple ADs. But when I do that, they actually need to create a completely new tenant for each of these environments. This seems really messy to me. Have to support as many (almost empty) tenants as I want to have environments.
Please, what is the right way how to do this?
Does Azure AD have some kind of support for isolation I require?
Am I missing something?
Note: this question was also asked in MS Q&A.
You're correct that a tenant is equivalent to a directory and a user is either in the directory or it's not. However, using RBAC, you can restrict the permissions on users so that they can't access particular services. It would be good if you separated permissions by subscription which is what a lot of major companies do and that's how they know which workload a subscription handles.
Since yesterday I can't add and application to my tenant or look at the properties of an already added application.
Also if I try to delete the directory I can't because it says I have to delete all the applications in the directory first, when I click to view the applications.... there are none...
Is there a problem going on with the service? Is there somewhere else I can find about this?
#Martin. It was a service issue. You can use B2C service blog
https://blogs.msdn.microsoft.com/azureadb2c/2018/11/28/investigating-administrators-are-unable-to-create-new-b2c-applications-or-modify-the-permissions-for-existing-b2c-applications/
Please confirm the issue was fixed for you.
Does anyone know where I can find my Azure Active Directory Graph Client ID in Azure?
I have searched everywhere within Azure itself and still no luck. Or if anyone know the powershell command to get the information?
Hopefully someone could point me in the right direction.
Many thanks.
You also could get it on Azure Portal.
You could register a new application using the Azure portal, more information about this please refer to this link.
Client Id is your app's application id.
You also need grant Graph permission to your app, you also could check the link I provided.
No worries I managed to find it. Had to create B2C tenant through the use of powershell using this link:
https://github.com/blumu/azure-content/blob/master/articles/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.md#register-a-service-application-in-your-tenant
From there it will generate your Client ID. Ensure to make a copy and paste it somewhere for future use.
The title of my issue is clear enough by itself I hope....
I have only one application in my Applications list in Azure Active Directory. I would like to delete that, because it was only for experimental purposes.
But I cannot delete it, the delete icon in the drawer is greyed.
What can I do to delete the application from AAD?
For those coming by later and are using the new (preview) Azure Portal and are trying to remove a Native App;
The issue is due to the availableToOtherTenants setting, which you can not edit in the UI at the moment of writing. However, you can add the Manifest manually through the Azure Portal and edit the setting. After the edit, you can remove the app.
If it's a multi-tenant app, you need to convert it back to a single-tenant app before you can delete it. Please confirm that the setting 'Application is Multi-Tenant' (on the configure tab) is set to No.
Just adding to this - make sure that you are the owner of the application - if you're not, assign yourself ownership and delete will be enabled.
Unable to delete Azure AD due to Enterprise Apps (Delete grayed out)
Login to a Powershell (Admin)
Install-Module -Name MSOnline
connect-msolservice
(Provide GA Creds)
CAUTION: Following step may delete all the objects/applications recursively and may present multiple errors as well, but in the end, all this will help you to be finally able to delete the Azure AD instance successfully
Get-MsolServicePrincipal -All | Remove-MsolServicePrincipal
Sign-out and Sign-in Azure Portal
All enterprise apps will now be deleted --> You can Delete Azure AD Directory now
Whilst old, I stubmled across this issue earlier and found this post.
The portal has changed and none of the above worked for me (although I did not edit the manifest) - what I did do was go into AAD > Enterprise Applications and, from there, I could delete the Native applications.
Hope this helps someone (possibly me!) later.
We have an issue where our Test and QA and Production environments do not appear to be enumerating through the active directory groups list when the group is added to a SharePoint group (we are controlling SP access using AD groups). These are not nested groups. Have you any idea what could be causing this? What is really confusing is that it is adding some, but not all. For instance, we found 4 people who were missed in the initial group setup. So this afternoon we added them into the AD group. Of those 4 people, SharePoint can see 2 and can't see the other 2. There is no properties that we can see that are different between the working and non working accounts. 2 accounts sit in the same OU and have the same group access, but SharePoint only resolves one of the accounts and can't see the other. If it wasn't seeing any of them I would put it up to a refresh job that hadn't run yet or a sync between AD and SP, but that can't be the case here because SP is resolving some of the accounts.
We do have accounts sitting in different OUs being added to the AD Group, but this is affecting accounts that share the same OU as well.
I would appreciate any insight anyone would have.
One last thing I should mention, though I don't know if it is an issue or not, we are running Active Directory 2003.
Thank you
Try changing the token cache timeout, we had similar issues and the command bellow (source) + IIS reset solved it:
stsadm -o setproperty -propertyname token-timeout -propertyvalue 1