Azure

Clean up unused, inactive or old directories from your Directory + subscription list in the Azure Portal


I am already working as an Azure Consultant/Architect for almost 7 years. In those 7 years I setup and configured a lot of Azure environments for different customers.

To do all the work needed, I most of the time got access to their Azure environment with my Microsoft account (personal account) or my work account (B2B user) as a guest.

However, when all the work was done a thing mostly forgotten is to clean up that specific user in the customer’s Azure Active Directory (Azure AD). This causes that that specific customer directory still shows up, or even starts as the default directory, when you login the Azure portal with that account.

Currently a single user can belong to a maximum of 500 Azure AD’s directories as a member or a guest. A single user can create a maximum of 200 directories.



You should know, until May 14 2018, you had to contact another global admin of the inviting organization, to remove that account from their Azure AD tenant and to unlink those lingering directories. Until then even as an admin you were not able to delete your own guest account. And sometimes, when a lot of time was passed since you last worked for that customer, finding the global or tenant admin to delete that user could be a lot of work.

Luckily, thanks to Europe’s General Data Protection Regulation (GDPR), this can now be done in a much easier way. A B2B user (guest user) can now easily leave an organization on their own (self-service leaving), to which he or she has been invited, at any time, without having to contact a tenant admin.

Keep in mind that when a user leaves an organization, the user account is soft deleted in the directory. By default, the user object moves to the Deleted users state in Azure AD but is not permanently deleted for 30 days. This soft deletion enables an administrator to restore the user account (including groups and permissions), if the user makes a request to restore the account within that 30-day period.


Leave an organization via the My Apps portal 

To leave an organization you were invited to as a guest, log in with your account (personal or B2B) at https://myapps.microsoft.com/

When logged in select your name on the access panel in the upper-right corner.



Under ORGANIZATIONS, select the organization you want to leave.



Select your name again in the upper-right corner.



Click the Leave organization command next to the correct organization.



When asked to confirm, click on Leave. When the popup message box appears telling you to “You have left the [Organization]”, click OK.




After a few minutes the company you left will disappear from the list an also from the Directory + subscription list in the Azure Portal (logoff and login again, to validate if the directory removed from the list).

Repeat the above steps if you need to leave any other organization you are associated with.


Conclusion

These days an Azure AD guest user can decide to leave an organization at any time if they no longer need Azure Portal access or need to use apps from an organization where they were invited too. Via the use of the My Apps portal, a user can now simply leave an organization on their own, without having to contact any tenant administrator.

%d bloggers like this: