Offboard Azure subscriptions from ACE
You can offboard Azure subscriptions from ACE with the following methods:
From the Azure Cloudshell (for subscriptions onboarded using the script/no script methods)
Do the following:
For offboarding all subscriptions:
From the Azure Cloudshell run the following command:
az ad sp delete --id 'f1764d38-8bca-497f-94ae-2ccec598107d'
Note: You need proper permissions to run "az ad sp delete".
For more details on using Azure Cloudshell to offboard a subscription, see az ad sp delete.
Note: Removed subscriptions will automatically sync with ACE once every hour.
For offboarding individual subscriptions:
From the Azure Cloudshell remove permissions for the subscription(s)
Note: Removed subscriptions will automatically sync with ACE once every hour.
Offboard Cloud App Analyzer CD mitigation resources
If App analyzer CD mitigation was onboarded, complete removal requires cleaning up Subscription-level artifacts.
Do the following:
-
Delete the Resource Group
-
Name: prevasio-<HASH>-resource-group
-
Action: Deleting it to remove the Function App, Storage Account, and logic container.
-
-
Remove Custom IAM Role
-
Name: Prevasio Application Role (<HASH>)
-
Action: Delete the custom role definition and its assignment to the Service Principal.
-
-
Purge the Key Vault
-
Name: prevasio-<HASH>-kv
-
Action: You must explicitly purge the Key Vault to free up the name; otherwise, re-onboarding will fail with a "Conflict" error.
-
HASH = a combination of the first 4 characters of your AlgoSec Tenant ID plus the first 4 characters of the Subscription ID.
For example: If Tenant ID == 123456789, and Subscription ID = abcdefgh, HASH = 1234abcd
