Application States

This page documents application states exactly as they are used in the current WebUI and background services. State values come from ServicePrincipalState and are used to control automation, warnings, and available actions.

Important: Some state changes are user-driven in the UI, while others are applied automatically by AZExecute background jobs.

State Definitions

Active

Normal operating state. Automation jobs process the application and all management tabs are available.

Disabled

Paused by user/admin action. Automated processing is paused. The application can be enabled again.

Deleted

Kept as an internal state value, but not the primary removal flow in WebUI. In WebUI, Remove deletes the application record from AZExecute. Deleted can still appear from internal/service flows and can be reactivated from the state warning if present.

MissingInAzure

AZExecute might put the application into MissingInAzure when the Health Check job repeatedly cannot find the Entra ID application, or when renewal processing cannot resolve the Azure application object.

Orphaned

The Application Registration exists, but the Service Principal is missing. AZExecute may set this during Health Check when SP lookup fails.

Error

Critical integrity state. AZExecute may set this when application identifiers are inconsistent (for example Application ID mismatch between DB and Entra ID).

What Users Can Do in WebUI

• For all non-Active states, a state warning banner is shown on the application page.

• Secrets, Certificates, and Roles/Access tabs are disabled when state is not Active.

• State warning actions:

- Disabled: Enable Application or Remove Instead

- MissingInAzure: Mark as Restored or Remove from AZExecute

- Deleted: Reactivate Application (if state exists on record)

- Orphaned: Retry Recovery (re-check/sync IDs)

- Error: troubleshooting link only (no direct state-fix button)

• Tenant admin list screens also support bulk Enable and Disable.

Removal behavior: Remove deletes the application from AZExecute. It does not delete the Entra ID application object.

Automatic State Changes by AZExecute

Health Check Job

• Verifies that the Entra ID application exists.

• Tracks consecutive verification failures; at threshold (3), state is auto-set to MissingInAzure.

• Detects Application ID mismatch and sets state to Error.

• Detects missing Service Principal and sets state to Orphaned, then attempts SP recovery.

Renewal/Update Processing

• Scheduled processing skips non-processable states (notably MissingInAzure/Error/Disabled/Deleted).

• Some direct/legacy renewal flows may set state when Azure objects are not found.

Import/Onboarding

• New or accepted applications are typically set to Active.

• If licensing limits are exceeded, AZExecute may set them to Disabled on import/update.

Practical Transition Guide

• Active -> Disabled (user/admin action)

• Disabled -> Active (Enable/Reactivation)

• MissingInAzure -> Active (Mark as Restored)

• Deleted -> Active (Reactivate, when state exists)

• Any checked state -> MissingInAzure (3 consecutive non-transient verification failures)

• Any checked state -> Orphaned (Service Principal missing)

• Any checked state -> Error (critical identifier mismatch)

If you encounter any issues or need further assistance, please contact us at

info@azexecute.com

. Our support team is here to help you.

An unhandled error has occurred. Reload 🗙
An unhandled error has occurred. Reload 🗙