Restore an enterprise application in Microsoft Entra ID
In this article, you learn how to restore a soft deleted enterprise application in your Microsoft Entra tenant. Soft deleted enterprise applications can be restored from the recycle bin within the first 30 days after their deletion. After the 30-day window, the enterprise application is permanently deleted and can't be restored.
If you deleted an application registration in its home tenant through app registrations in the Microsoft Entra admin center, the enterprise application, which is its corresponding service principal also got deleted.
If you restore the deleted application registration through the Microsoft Entra admin center, its corresponding service principal, is also restored. You'll therefore be able to recover the service principal's previous configurations, except its previous policies such as Conditional Access policies, which aren't restored.
Prerequisites
To restore an enterprise application, you need:
- A Microsoft Entra user account. If you don't already have one, you can Create an account.
- One of the following roles: Cloud Application Administrator, Application Administrator, or owner of the service principal.
- A soft deleted enterprise application in your tenant.
Take the following steps to recover a recently deleted enterprise application. For more information on frequently asked questions about deletion and recovery of applications, see Deleting and recovering applications FAQs.
View restorable enterprise applications using Azure AD PowerShell
Make sure you're using the Azure AD PowerShell module. This is important if you've installed both the Azure AD PowerShell module and the AzureADPreview module.
You need to sign in as at least a Cloud Application Administrator.
Run the following commands.
Remove-Module AzureADPreview Import-Module AzureADConnect to Azure AD PowerShell.
Connect-AzureAD -AzureEnvironmentName AzureChinaCloudRun the following command to view the recently deleted enterprise application.
Get-AzureADMSDeletedDirectoryObject -Id <id>
Replace ID with the object ID of the service principal that you want to restore.
View restorable enterprise applications using Microsoft Graph PowerShell
Run
Connect-MgGraph -Environment China -ClientId 'YOUR_CLIENT_ID' -TenantId 'YOUR_TENANT_ID' -Scopes "Application.ReadWrite.All". You need to sign in as at least a Cloud Application Administrator.To view the recently deleted enterprise applications, run the following command.
Get-MgDirectoryDeletedItem -DirectoryObjectId <id>
Replace ID with the object ID of the service principal that you want to restore.
Restore an enterprise application using Azure AD PowerShell
To restore the enterprise application, run the following command:
Restore-AzureADMSDeletedDirectoryObject -Id <id>
Replace ID with the object ID of the service principal that you want to restore.
Restore an enterprise application using Microsoft Graph PowerShell
To restore the enterprise application, run the following command:
Restore-MgDirectoryDeletedItem -DirectoryObjectId <id>
Replace ID with the object ID of the service principal that you want to restore.
Soft-deleted managed identity service principals can be viewed but can't be recovered or permanently deleted by customers.
Warning
Permanently deleting an enterprise application is an irreversible action. Any present configurations on the app will be completely lost. Carefully review the details of the enterprise application to be sure you still want to hard delete it.
Permanently delete an enterprise application using Azure AD PowerShell
To permanently delete a soft deleted enterprise application, run the following command:
Remove-AzureADMSDeletedDirectoryObject -Id <id>
Permanently delete an enterprise application using Microsoft Graph PowerShell
To permanently delete the soft deleted enterprise application, run the following command:
Remove-MgDirectoryDeletedItem -DirectoryObjectId <id>