Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
You learned how to create, retrieve, and work with service principals. Now that you completed the tutorial, it's time to clean up the created service principal resources.
Cleanup service principal resources
The safest way to remove all resources used in this tutorial is to use az group delete. The
--no-wait parameter keeps the CLI from blocking while the deletion takes place.
az group delete --name myResourceGroup --no-wait
If you prefer, delete individual service principals with the az ad sp delete command.
az ad sp delete --id myServicePrincipalID
Troubleshoot service principals
Although you completed the tutorial, you might still have questions regarding service principals that can be answered in this section.
Insufficient privileges
If your account doesn't have permission to create a service principal, az ad sp create-for-rbac
returns an error message containing "Insufficient privileges to complete the operation." Contact
your Microsoft Entra administrator to obtain User Access Administrator or
Role Based Access Control Administrator permissions.
Invalid tenant
If you specified an invalid subscription ID, you see the error message "The request didn't have a
subscription or a valid tenant level resource provider." If using variables, use the Bash echo
command to see the value being passed to the reference command. Use az account set to change
your subscription or learn How to manage Azure subscriptions with the Azure CLI.
Resource group not found
If you specified an invalid resource group name, you see the error message "Resource group 'name'
couldn't be found." If using variables, use the Bash echo command to see the value being passed to
both the subscription and reference commands. Use az group list to see the resource groups for
the current subscription, or learn How to manage Azure resource groups with the Azure CLI.
Authorization to perform action
If your account doesn't have permission to assign a role, you see an error message that your account "doesn't have authorization to perform action 'Microsoft.Authorization/roleAssignments/write'." Contact your Microsoft Entra administrator to manage roles.
Interactive authentication is needed
When signing in with password authentication, error message "...Interactive authentication is needed..." occurs if your organization requires multifactor authentication. Switch to certificate-based authentication, or consider using managed identities.
Compliant device required
If you try to create a service principal using a device that's not compliant with your organization's access policies, you receive the message "...Conditional Access policy requires a compliant device...". Switch to a computer that meets your organization's access policies.
See also
Collaborate with us on GitHub
The source for this content can be found on GitHub, where you can also create and review issues and pull requests. For more information, see our contributor guide.
