I've created an Azure Active directory under my MSDN Azure subscription for testing.
The subscription is tied to our main company Azure AD.
I turned Azure Active Directory Identity Protection a while ago to experiment on my own AD.
However I suspect it's interfering (not the best word) with apps logging in, as I often see warnings that my login was blocked during an oauth flow, but after closing the dialog, it works fine.
I suspect when doing oauth flows that may not be scoped to a particular directory, the flow attempts to connect to both directories?
Is there a way to delete the azure active directory, if I select the directory in the top right of the azure portal, it instantly says my login is blocked.
I can't see a way of managing the directory without switching to it.
EDIT:
An example repro in powershell:
"Before Login"
Get-AzureRmContext
Login-AzureRmAccount
"After login"
Get-AzureRmContext
Here's the screen I get during login, but the "after login" shows it has logged in ok.
Actually, There is no interfering with different Directories. Each Directory has its unique Directory ID, as called Tenant ID. But I would like to know what kind App did you login and occurs this issue. If an application need to connect Azure Active directory, it will need the Tenant ID of that directory, not just your Azure Account.
I want to make clear that there is no interfering with different directories under same Azure Account. The directory is not under subscription. One subscription can only belongs to one directory but one directory can has many subscriptions.
Absolutely, you can delete one azure active directory. Just click the Delete directory button in the Azure Active Directory Portal. This may need some presupposition. You can refer to this article to complete deleting process.
Additional, you should check the configuration of that Application or just clear the cache of your Browser. I have lots of directories under my one azure account and I has never came across the interfering.
Hope this helps!
It appears that Login-AzureRmAccount will attempt to login to all directories / subscriptions that the azure tenant is tied to (not sure if I'm using the correctly terminology).
My main user account in our main AD was a guest user on the dummy AD account (which is causing problems).
When using the code above, I was able to see the offending tenant id in Get-AzureRmTenant.
The new azure portal logs you into the tenant as soon as you try to switch to see that active directory, meaning I was not able to manage the account.
However the old portal does not, so I was able to manage the AD account.
Using the old portal I added a separate Microsoft account external user, logged in as it and delete my main user account (reflecting on this, this might be possible in AzureAD (non RM) powershell as well).
I then deleted any applications in the Azure AD, which left some straggling service principals. Deleting those failed initially in powershell, as some are Microsoft service principals (even when ignoring the errors).
This however worked by doing a foreach loop, instead of directly using the pipeline.