如何删除应用服务的孤立托管标识

时间:2021-06-07 10:39:46

标签: azure azure-devops azure-active-directory azure-web-app-service azure-managed-identity

不知何故,我得到了一个托管标识,其主应用程序早已被删除。如何删除它?请帮忙

我可以运行以下命令来查找 MSI 对象(注意 $appServiceName appService 不再存在)

PS C:\src\S\aspbuild-arm\azure\scripts> az ad sp list --display-name $appServiceName
[
  {
    "accountEnabled": "True",
    "addIns": [],
    "alternativeNames": [
      "isExplicit=False",
      "/subscriptions/99a0...645c6d1f/resourcegroups/myResourceGroup/providers/Microsoft.Web/sites/appservice-name"
    ],
    "appDisplayName": null,
    "appId": "d85bfd2d-2d93-4b13-864c-1321ac6c9ad1",
    "appOwnerTenantId": null,
    "appRoleAssignmentRequired": false,
    "appRoles": [],
    "applicationTemplateId": null,
    "deletionTimestamp": null,
    "displayName": "appservice-name",
    "errorUrl": null,
    "homepage": null,
    "informationalUrls": null,
    "keyCredentials": [
      {
        "additionalProperties": null,
        "customKeyIdentifier": "8173F9C433B4C0EFEE14E3FE5F2B9DB0C7D81898",
        "endDate": "2021-09-02T06:49:00+00:00",
        "keyId": "6ff17781-87f7-4b19-abda-a3066aafa5fc",
        "startDate": "2021-06-04T06:49:00+00:00",
        "type": "AsymmetricX509Cert",
        "usage": "Verify",
        "value": null
      }
    ],
    "logoutUrl": null,
    "notificationEmailAddresses": [],
    "oauth2Permissions": [],
    "objectId": "8f8c3360-fc2f-4a5e-a97a-f3b6fba6d972",
    "objectType": "ServicePrincipal",
    "odata.type": "Microsoft.DirectoryServices.ServicePrincipal",
    "passwordCredentials": [],
    "preferredSingleSignOnMode": null,
    "preferredTokenSigningKeyEndDateTime": null,
    "preferredTokenSigningKeyThumbprint": null,
    "publisherName": null,
    "replyUrls": [],
    "samlMetadataUrl": null,
    "samlSingleSignOnSettings": null,
    "servicePrincipalNames": [
      "d85bfd2d-2d93-4b13-864c-1321ac6c9ad1",
      "https://identity.azure.net/ZoZNNul3HNZB6XiExPJTR2+ZNTIByGOiR23h9Nu81y0="
    ],
    "servicePrincipalType": "ManagedIdentity",
    "signInAudience": null,
    "tags": [],
    "tokenEncryptionKeyId": null
  }
]

或者我可以在“企业应用程序”刀片下搜索 MSI,如果我单击它并转到其属性,并尝试导航到其应用程序,我会收到“找不到资源”。附上截图。

enter image description here enter image description here enter image description here

即使我尝试从命令行删除,我也做不到。 enter image description here

更新:运行 az ad sp delete 也会出现错误“权限不足,无法完成操作”。我有全局管理员并怀疑它是因为它是一个 MSI 并且应该完全由 Azure 管理 enter image description here

0 个答案:

没有答案
相关问题
最新问题