Offboard Azure subscriptions from ACE

Do the following:

For offboarding all subscriptions:

From the Azure Cloudshell run the following command:

For more details on using Azure Cloudshell to offboard a subscription, see az ad sp delete.

For offboarding individual subscriptions:

From the Azure Cloudshell remove permissions for the subscription(s)

Do the following:

You can remove the subscription from ACE interface or API.

To remove the subscription from the ACE interface:

1. In ACE, hover over the Settings icon at the bottom left of the screen. After the panel expands, click Onboarding. The Onboarding Management page is displayed, with a table showing details for each account defined in ACE.

2. Select the checkbox to the left of the subscriptions(s) you want to delete. You can click on the checkbox in the column header to select all vendors.

3. Click Delete.

   A confirmation window appears.

   

4. Click Delete again to delete the selected subscription(s).

To remove the subscription from the ACE interface:

Do the following:

Go to the Delete an Azure subscription API and follow instructions to remove the subscription.

If App analyzer CD mitigation was onboarded, complete removal requires cleaning up Subscription-level artifacts.

Do the following:

1. Delete the Resource Group

   • Name: prevasio-<HASH>-resource-group

   • Action: Deleting it to remove the Function App, Storage Account, and logic container.

2. Remove Custom IAM Role

   • Name: Prevasio Application Role (<HASH>)

   • Action: Delete the custom role definition and its assignment to the Service Principal.

3. Purge the Key Vault

   • Name: prevasio-<HASH>-kv

   • Action: You must explicitly purge the Key Vault to free up the name; otherwise, re-onboarding will fail with a "Conflict" error.

HASH = a combination of the first 4 characters of your AlgoSec Tenant ID plus the first 4 characters of the Subscription ID.

For example: If Tenant ID == 123456789, and Subscription ID = abcdefgh, HASH = 1234abcd