How delete the integrated resources

Hi Q&A team,

Actually I was facing an issue while deleting the resource group due my subnet is integrated with the web app I have deleted those resource only my vnet is left in the resource group while I am trying to delete I'm getting error that cannot delete due to subnet is attached I have tried multiple via portal and even trying delete using az CLI still cannot resolve the issue please check the error attached provide me detailed intructions to resolve this.
👁 User's image

Thanks&Regards,
Vishwa

0 comments No comments
Sign in to comment

Answer accepted by question author

TP 157.5K Reputation points Volunteer Moderator

Hi Vishwa,

Please run command similar to below in Azure Cloud Shell (Bash mode) to purge unused Service Association Link (SAL). Substitute SubscriptionId, Location, SubnetId. Subnet Id can be found by navigating to your subnet in portal and clicking the Copy icon next to Subnet ID

az rest --method POST \
 --uri "/subscriptions/<SubscriptionId>/providers/Microsoft.Web/locations/<Location>/purgeUnusedVirtualNetworkIntegration?api-version=2024-04-01" \
 --body "{'subnetResourceId': '<SubnetId>'}"

You should see output similar to below:

👁 User's image

Once you have completed the above, try the delete again.

Please click Accept Answer and upvote if the above was helpful.

Thanks.

-TP

  1. Vishwa Teja Devarakonda 60 Reputation points

    Thank you @TP It worked after executing the command.

Sign in to comment

1 additional answer

  1. Megha Ramakrishnan 240 Reputation points

    Hi @Vishwa Teja Devarakonda

    Even though you deleted the Web App, Azure App Service creates an underlying, invisible Network Intent Policy or maintains an active Service Association Link (SAL) on the subnet to preserve the integration.

    Until that link or policy is broken, Azure locks the subnet to prevent accidental network disruption, which stops you from deleting the Virtual Network or the Resource Group.

    Try the below steps to resolve the issue.

    1. Clear App service links via CLI Open your Azure CLI or Cloud Shell and run these commands.

    Delete the Network Intent policy:

    Run this command to check for and destroy any policies holding your subnet:

    az network vnet subnet update \

    --resource-group <Your-Resource-Group-Name> \

    --vnet-name <Your-VNet-Name> \

    --name <Your-Subnet-Name> \

    --remove networkIntentPolicy

    Clear subnet delegation:

    Clear the subnet by running:

    az network vnet subnet update \

    --resource-group <Your-Resource-Group-Name> \

    --vnet-name <Your-VNet-Name> \

    --name <Your-Subnet-Name> \

    --remove delegations

    Once the commands have run successfully, try deleting the resource group again.

    If the CLI throws an error or you prefer using the Azure Portal, you can create a dummy App service to release the lock.

    1. Create a Temporary Web App: Create a new, cheap (Basic or Premium) Web App in the exact same region as your stuck VNet. (You can put it in a temporary resource group).
    2. Re-integrate it: Go to the new Web App > Networking > VNet integration and connect it to the exact stuck Subnet.
    3. Disconnect it properly: Once connected successfully, wait 2 minutes. Then, click Disconnect inside the Web App's networking blade. This forces Azure to run its teardown scripts and cleanly wipe out the Service Association Link.
    4. Clean up: Delete the temporary Web App, then proceed to delete your stuck VNet and Resource Group.
    0 comments No comments
    Sign in to comment
Sign in to answer

Your answer