Azure AD

Cleaning up Azure AD B2B Memberships

I work with a lot of companies, and I also collaborate a fair bit with colleagues on various projects. This frequently means that I need to use my personal or work identity to access someone else’s Azure subscription or data in Office 365. Fortunately, this works quite well with Azure AD B2B. Unfortunately, this tends to break down when you’re done working in that directory. Until an administrator removes you from that subscription, you remain a member forever – even if all my privileges are revoked, it still shows up in a list! For a while, the Azure Portal would sign me into an Azure AD that I’d used for some training, which had no subscriptions. It was a bit tiresome to always have to switch directories!

Today, Microsoft released the capability for a user to remove themselves from a directory. This is great news, and builds on the previous enhancements that were made to the Azure Portal to allow users to select a default Directory and Subscription whenever they signed in. There’s some other enhancements, most notably that the requirement to accept an invitation no longer exists. That will definitely streamline things!

I noticed pretty quickly, however, that it is not straightforward to remove yourself from a directory if the directory has not been renamed!

I quickly realized there’s a solution. You can place the Directory ID into the URL and be signed into that directory, and you can map a directory to an ID in the Azure Portal. Here’s how:

  • Sign into the Azure Portal and select the Directory and Subscription menu
  • Identify a directory you wish to remove – the “” URL is unique to the subscription, even if the title is still “Default Directory”

  • Copy the Subscription ID. Navigate to the Azure AD Account Management page. This should load with a GUID in the URL, as shown below, but it doesn’t seem to always do this. Either way, insert the GUID into the URL as shown – keep the “#” in the URL! Press enter, and the page should reload.

  • Select your name in the top, right-hand corner, and then select “Profile”

  • Select the “Leave Organization” link on the page. This will remove you from this organization! You won’t be able to access anything in that organization with this account once you click that link. This includes documents shared with you via OneDrive for Business/SharePoint Online as well as potentially other assets. Make sure you know what you’re doing first!

Hope this helps!

Leave a Reply

Your email address will not be published. Required fields are marked *