You probably landed here after feeling a little of the pain inherent in attempting to delete an Azure Active Directory B2C tenant. I have read several FAQ’s, How To’s, posts, and forum pleadings on the topic and I’ve yet to find one that definitively helped me remove above 20+ test B2C tenants clogging my menu in the Azure portal. They all seem to be missing one or more critical steps needed to fully delete a B2C tenant.
Last week, I snapped and decided I was going to make it happen and I was able to hijack about 2 hours of a colleague’s evening (thanks Ken!) as we plowed through my removing of all of the long-ago needed B2C tenants attached to my Azure subscription.
From that pain, I’ve assembled what I hope is the definitive guide to removing these pesky B2C tenants when you are done with them. If you hit additional issues, please let me know about them in the comments and I’ll try to keep this post updated.
Delete All the Things
1. Login to your Azure AD B2C Tenant
2. Navigate to the B2C settings by typing “b2c” in the main search box in the Azure portal and select the Azure AD B2C link under Services.
3. Navigate to Applications, Identity Providers, and All Policies and delete all entries under each of them.
4. Navigate to Azure Active Directory / All Users and then delete each of the users (except the one you are logged in as).
5. Navigate to Azure Active Directory / App Registrations and make sure to select All apps from the dropdown (the default selection is ‘My Apps’ which hides the app we want to delete).
6. Select the b2c-extensions-app App and then click Delete and confirm the deletion when prompted.
7. Navigate to Azure Active Directory / Overview and click the Delete Directory button.
8. Here you will be prompted with a list of things that must be resolved before you can delete the directory.
9. To resolve the Microsoft Azure entry that appears in the Resource column, click the link. Then, change the permissions to Yes in the Properties blade and click Save.
10. Once Azure is complete with that operation, click the Refresh button and the issues should all be resolved allowing you to now click the Delete button to delete the directory.
Required Actions still listed for Enterprise Applications
If you are still seeing issues for Enterprise Applications, the culprit is likely VSTS. The issue is that sign-ons are still allowed for the VSTS Enterprise Application, so you have to turn this off.
Navigate to the Properties blade and set the Enabled users for sign-in switch to No and then click Save.
Back on the Overview tab, the Delete button is still disabled. However, if you repeat Step 10 above you should now have the Required Action column empty for Enterprise applications and should be able to delete the directory now.
Hopefully this post will help clean out all of those old Azure B2C tenants you have lying around. Please let me know if you encounter any issues with this and I’ll get this post updated with any workarounds or additional knowledge.
Originally published: 2018/08/20