Application States

Applications in AZExecute can exist in different states that control automated processing, available actions, and visibility. Understanding these states is essential for managing application lifecycle and troubleshooting issues.

Available States

Applications can be in one of six states, each with specific characteristics and behaviors:

Active

The normal operational state where all automation and management features are fully enabled.

Automated secret rotation occurs according to configured schedule

Automated certificate renewal happens before expiration

All integrations active (Key Vault, DevOps, Vercel, etc.)

Full management capabilities available to administrators

Notifications sent according to configuration

Default State: Applications are set to Active when first imported and should remain in this state during normal operations.

Disabled

Temporarily pauses automated processing while keeping the application in the system.

No automated rotations - secrets and certificates won't be renewed automatically

Manual operations allowed - administrators can still trigger rotations manually

Configuration accessible - settings can still be modified

Application remains visible in lists and searches

Common Use Cases:

� Temporarily pause automation during maintenance windows

� Application undergoing major refactoring or migration

� Troubleshooting rotation or integration issues

� Staging environment applications that don't need constant rotation

Deleted

Soft-deleted state indicating the application should no longer be actively managed.

No automated processing of any kind

Manual operations blocked - cannot trigger rotations

Read-only access - can view configuration and history

Can be reactivated if Entra ID application still exists

Data preserved - no information is lost from database

Soft Delete: Deleted state doesn't remove the application from AZExecute or Entra ID. It's a reversible flag that stops management activities.

Orphaned

Indicates the Service Principal is missing in Entra ID, but the Application Registration still exists.

Partial Entra ID presence - App Registration exists but Service Principal doesn't

No automated processing - cannot rotate credentials

Recovery possible - can recreate Service Principal from Application Registration

How This Happens:

� Service Principal manually deleted in Azure Portal

� Removed by automation or scripts outside AZExecute

�Entra IDD sync issues or temporary failures

MissingInAzure

The application was completely deleted from Entra ID but the record remains in AZExecute.

No Entra ID presence - neither Application Registration nor Service Principal exists

No operations possible - application cannot be managed

Historical record preserved - logs and configuration remain for audit purposes

Should be deleted - can safely remove from AZExecute

Common Causes:

� Application deleted in Azure Portal without removing from AZExecute first

� Bulk cleanup operations iEntra IDAD

� Application moved to different tenant

Error

Critical data integrity issue requiring immediate investigation and resolution.

Data inconsistency detected - application state is internally contradictory

All automation stopped - prevents potential data corruption

Manual intervention required - contact support or administrators

Check application logs for specific error details

Critical State: Error state indicates a serious problem that prevents safe operation. Contact AZExecute support immediately if you encounter this state.

Possible Causes:

� Application ID present but Object ID missing (or vice versa)

� Service Principal ID doesn't match expected values

� Database corruption or migration issues

� Conflicting data betweeEntra IDAD and AZExecute

State Transitions

Applications move between states based on manual actions or system detection:

Manual State Changes

Administrators can manually change application state:

Active ? Disabled

Temporarily pause automation

Disabled ? Active

Resume automation

Active/Disabled ? Deleted

Soft-delete the application

Deleted ? Active

Reactivate a deleted application (if it still exists in Entra ID)

Automatic State Detection

The system automatically detects and sets certain states during background processing:

Active ? Orphaned

System detects Service Principal is missing during rotation attempt

Active ? MissingInAzure

System detects Application Registration is completely gone from Entra ID

Any ? Error

System detects data integrity issues during validation

Changing Application State

Application administrators can manually change state when needed:

1. Navigate to your application's details page

2. If the application is not in Active state, a warning banner appears at the top

3. The banner shows current state and available actions

4. Click the appropriate action button (Reactivate, Disable, Delete, etc.)

5. Confirm the state change in the dialog

6. State changes take effect immediately

Important: Changing to Disabled or Deleted state stops all automated credential rotation. Ensure you understand the impact before changing state.

State-Specific Warnings

When an application is not in Active state, AZExecute displays contextual warnings and guidance:

Warning Banner Components

Current State: Clear indication of which state the application is in

Impact Description: Explains what this state means for automation and management

Available Actions: Buttons for state transitions you can perform

Recommendations: Suggested next steps or troubleshooting guidance

Recovering from Problem States

Recovering from Orphaned State

1. Verify the Application Registration still exists in Azure Portal

2. In Azure Portal, go to Enterprise Applications

3. Search for your application and verify it has a Service Principal

4. If missing, the Service Principal can be recreated by granting consent or adding permissions

5. Once Service Principal exists, click Reactivate in AZExecute

6. System validates Entra ID presence and returns to Active state

Handling MissingInAzure State

When an application is completely missing from Entra ID:

1. Option 1: Remove from AZExecute - If the application is truly deleted and won't return

2. Option 2: Recreate in Entra ID - Create a new Application Registration with the same name

3. If recreating, you'll need to re-import as a new application

4. Historical logs and configuration from the old application remain for audit purposes

Recommendation: If you plan to recreate the application in Entra ID, delete it from AZExecute first and then import the new one. This avoids confusion from having duplicate records.

Resolving Error State

1. Click the Log button to view application logs

2. Review recent error messages for specific details about the problem

3. Note the error details and application ID

4. Contact AZExecute support with the error information

5. Support will investigate and may need to manually correct database inconsistencies

Do Not Attempt Manual Fixes: Error state indicates data corruption. Manual attempts to fix it may worsen the problem. Always contact support.

Best Practices

Keep applications in Active state during normal operations

Only change state when there's a specific reason to pause or remove automation

Use Disabled instead of Deleted for temporary pauses

Disabled allows you to easily resume later; Deleted is for permanent removal

Delete applications in AZExecute before removing from Entra ID

This prevents orphaned or MissingInAzure states

Address problem states promptly

Don't leave applications in Orphaned or MissingInAzure states - either fix or remove them

Monitor state changes in application logs

Review logs regularly to catch automatic state transitions early

Document why you change application states

Leave notes in application description or logs about why it was disabled or deleted

Coordinate with team before deleting applications

Ensure other administrators know before removing an application from management

State Summary Table

State	Automated Rotation	Manual Operations	Configuration	Common Action
Active				Normal operations
Disabled				Resume when ready
Deleted				Reactivate or remove
Orphaned				Recreate Service Principal
MissingInAzure				Remove from system
Error				Contact support

If you encounter any issues or need further assistance, please contact us at

info@azexecute.com

. Our support team is here to help you.