I can't create any new SPs in Azure despite being under quota. If I run:
az ad sp create-for-rbac
I get
The directory object quota limit for the Principal has been exceeded. Please ask your administrator to increase the quota limit or delete objects to reduce the used quota.
When I do this:
az ad sp list --show-mine | grep objectId | wc -l
or this
az ad app list --show-mine | grep displayName | wc -l
It shows that I don't own many applications/service principals (the default limit is 250.)
It turns out the Azure has a secret "Recycle Bin" for applications!
I did the following to empty this recycle bin
Install-Module -Name AzureAd -AllowClobber -Scope CurrentUser
Get-AzureADDeletedApplication -all 1 | ForEach-Object { Remove-AzureADdeletedApplication -ObjectId $_.ObjectId }
This will permanently remove all deleted applications (that you owned.) If you want to be more selective then run:
Get-AzureADDeletedApplication -all 1
And go through every app deleting it like this:
Remove-AzureADdeletedApplication -ObjectId 00000000-0000-0000-0000-000000000000