BUG: Unable to Delete an Application's AppRole
Removing an AppRole from an Application’s manifest produces a 400 Bad Request with the error "Property value cannot be deleted unless it is disabled first".
When I set the isEnabled property to false and then hit save, I get a successful saven with a 200 OK looking at the browsers developer tools (See first attached image).
After reloading the Edit manifest screen the isEnabled property is still true and if you look at the PUT response in the browsers developer tools, it's coming back as true there too (See second attached image).
Thanks for reporting this!
I know it was reported quite some time ago, and we do apologize for the delay in responding to this and getting it addressed.
For now, there are two options to work around this:
1. Using Azure AD PowerShell, you can disable and then remove the app role. I’ve posted a sample script which does this here on StackOverflow: https://stackoverflow.com/a/47595128/325697
2. An alternative option is to use the Azure AD Graph Explorer and issue two PATCH requests on the Application object. The first PATCH request should set the app role’s isEnabled attribute to “false”. The second PATCH request can then remove the app role (i.e. include all existing app roles except the disabled one).
/ Philippe Signoret
Marcin Białous commented
Walter Nuss commented
It is a real bug. I have same problem.