Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this article, you learn how to restore a soft deleted enterprise application in your Microsoft Entra tenant. Soft deleted enterprise applications can be restored from the recycle bin within the first 30 days after their deletion. After the 30-day window, the enterprise application is permanently deleted and can't be restored.
If you deleted an application registration in its home tenant through app registrations in the Microsoft Entra admin center, the enterprise application, which is its corresponding service principal also got deleted.
If you restore the deleted application registration through the Microsoft Entra admin center, its corresponding service principal, is also restored. You'll therefore be able to recover the service principal's previous configurations, except its previous policies such as Conditional Access policies, which aren't restored.
To restore an enterprise application, you need:
- A Microsoft Entra user account. If you don't already have one, you can Create an account.
- One of the following roles: Cloud Application Administrator, Application Administrator, or owner of the service principal.
- A soft deleted enterprise application in your tenant.
Take the following steps to recover a recently deleted enterprise application. For more information on frequently asked questions about deletion and recovery of applications, see Deleting and recovering applications FAQs.
Make sure you're using the Azure AD PowerShell module. This is important if you've installed both the Azure AD PowerShell module and the AzureADPreview module.
You need to sign in as at least a Cloud Application Administrator.
Run the following commands.
Remove-Module AzureADPreview Import-Module AzureADConnect to Azure AD PowerShell.
Connect-AzureAD -AzureEnvironmentName AzureChinaCloudRun the following command to view the recently deleted enterprise application.
Get-AzureADMSDeletedDirectoryObject -Id <id>
Replace ID with the object ID of the service principal that you want to restore.
Run
Connect-MgGraph -Environment China -ClientId 'YOUR_CLIENT_ID' -TenantId 'YOUR_TENANT_ID' -Scopes "Application.ReadWrite.All". You need to sign in as at least a Cloud Application Administrator.To view the recently deleted enterprise applications, run the following command.
Get-MgDirectoryDeletedItem -DirectoryObjectId <id>
Replace ID with the object ID of the service principal that you want to restore.
To restore the enterprise application, run the following command:
Restore-AzureADMSDeletedDirectoryObject -Id <id>
Replace ID with the object ID of the service principal that you want to restore.
To restore the enterprise application, run the following command:
Restore-MgDirectoryDeletedItem -DirectoryObjectId <id>
Replace ID with the object ID of the service principal that you want to restore.
Soft-deleted managed identity service principals can be viewed but can't be recovered or permanently deleted by customers.
Warning
Permanently deleting an enterprise application is an irreversible action. Any present configurations on the app will be completely lost. Carefully review the details of the enterprise application to be sure you still want to hard delete it.
To permanently delete a soft deleted enterprise application, run the following command:
Remove-AzureADMSDeletedDirectoryObject -Id <id>
To permanently delete the soft deleted enterprise application, run the following command:
Remove-MgDirectoryDeletedItem -DirectoryObjectId <id>