Skip to main content

Trusted Domains: How to disconnect

Remove the Valimail App Registration in your Azure tenant

What this article covers

This article walks through how to disconnect the Trusted Domains integration by deleting the Valimail App Registration in your Microsoft Entra ID (Azure Active Directory) tenant. Removing the App Registration revokes Valimail’s access to your tenant’s domain list.

Before you start

  • You must be an Administrator in the Azure tenant. Specifically, you need a role that can delete App Registrations in Microsoft Entra ID — typically Global Administrator, Cloud Application Administrator, or Application Administrator. The owner of the App Registration can also delete it.

  • This action is tenant-wide. Deleting the App Registration disconnects Trusted Domains for the entire Valimail account associated with that tenant.

  • Existing report data is preserved in Valimail. Domains that you have already configured in Valimail remain configured. The Trusted Domains report itself stops refreshing because Valimail can no longer read your tenant. The Trusted Domains card on the Integrations page returns to a disconnected state and offers the option to reconnect later.

What "disconnect" actually does

The Trusted Domains integration is implemented as a Valimail-published App Registration that lives in your Azure tenant. Deleting that App Registration:

  • Immediately revokes the consent granted to Valimail.

  • Stops all future Microsoft Graph calls Valimail makes against your tenant.

  • Causes Valimail to detect, on the next sync attempt, that the connection is no longer available and to mark the integration as disconnected.

Recommended path: use the link in Valimail

The fastest way to disconnect is to use the link Valimail provides on the Trusted Domains integration card. That link opens the exact App Registration in your Azure portal, so you do not have to search for it manually.

  1. Sign in to Valimail and open the Integrations page.

  2. Locate the Trusted Domains card. While the integration is connected, the card displays a Disconnect (or equivalent) link with instructions for removing the App Registration.

  3. Click the link. A new browser tab opens directly to the Valimail App Registration in your Azure portal.

  4. Sign in to Azure with an administrator account if prompted.

  5. In the App Registration’s Overview page, click Delete in the top action bar.

  6. Confirm the deletion when Azure prompts you. Microsoft moves the App Registration to a recoverable Deleted applications state for 30 days; after that, it is permanently removed.

  7. Return to Valimail. Within a few minutes, the Trusted Domains card on the Integrations page updates to a disconnected state. You can reconnect at any time by following the standard onboarding flow.

Tip

If you also want to remove Valimail from the list of Enterprise applications in Microsoft Entra ID (the service principal counterpart of the App Registration), delete it from Microsoft Entra ID → Enterprise applications as well. Deleting the App Registration alone is sufficient to revoke Valimail’s access.

Manual path: delete from the Azure portal

If you cannot use the link from Valimail, for example, the integration is already in a disconnected state, or you are cleaning up after a former admin, you can find and delete the App Registration manually.

Step 1. Open Microsoft Entra ID

  1. Sign in to the Azure portal with an administrator account.

  2. In the search bar at the top of the portal, search for and open Microsoft Entra ID (formerly Azure Active Directory).

Step 2. Find the Valimail App Registration

  1. In the left navigation, select App registrations.

  2. Switch the filter at the top to All applications so you see every App Registration in the tenant.

  3. In the search box, type Valimail. Look for the application created when Trusted Domains was connected (the name will reference Valimail or Trusted Domains).

  4. Click the App Registration to open its Overview page.

How to confirm you have the right app

Open the App Registration’s API permissions page. The Valimail Trusted Domains app requests read-only domain permissions (for example, Domain.Read.All on Microsoft Graph) and nothing else. If the app you are looking at requests broader permissions (mail, users, files, etc.), it is a different application — do not delete it without checking with your team.

Step 3. Delete the App Registration

  1. On the Overview page, click Delete in the top action bar.

  2. Read the confirmation dialog. Azure warns that deleting the App Registration removes the application and any associated permissions.

  3. Click Delete to confirm.

Step 4. (Optional) Remove the Enterprise Application

Granting consent to an App Registration also creates a corresponding service principal in Microsoft Entra ID, listed under Enterprise applications. To fully remove the Valimail presence from your tenant:

  1. In Microsoft Entra ID, select Enterprise applications.

  2. Search for Valimail and open the matching entry.

  3. Select Properties, then click Delete and confirm.

Verifying the disconnect

After deleting the App Registration, you can confirm the disconnect from either side:

  • In Valimail: Open the Integrations page. The Trusted Domains card returns to a disconnected state within a few minutes (Valimail detects the missing App Registration on the next sync). The Connect option becomes available again.

  • In Azure: Search App registrations for “Valimail”. The App Registration should no longer appear under All applications. If you also removed the Enterprise application, it will no longer appear under Enterprise applications.

Common questions

Will deleting the App Registration affect anything else in our tenant?

No. The Valimail Trusted Domains App Registration is a standalone object that exists only to grant Valimail read access to your domain list. Deleting it has no effect on users, mailboxes, mail flow, group policies, conditional access, or any other Microsoft 365 service.

Does Valimail keep our domain data after we disconnect?

Domains you actively configured in Valimail remain configured; they are now part of your Valimail account, independent of the Trusted Domains source. The Trusted Domains report itself stops refreshing once the App Registration is deleted, since Valimail can no longer read your tenant’s domain list.

How do we reconnect later?

Open the Integrations page in Valimail and click Connect on the Trusted Domains card. The standard onboarding flow runs again and creates a fresh App Registration in your tenant. See the companion article Trusted Domains: Integration Overview for the full connection walkthrough.

Need help?

If you cannot find the Valimail App Registration in your tenant, or you need to confirm which application is associated with your account, contact Valimail Support through the in-app messenger or your Account Manager. Please include your Valimail account name and the Azure tenant ID so we can confirm the correct App Registration before you delete it.

Related Articles
Setting up the Valimail Mailbox Connector with Microsoft 365
Tutorial: How to integrate Microsoft Entra ID SSO with Valimail
Tutorial: Integrating ValiGOV Enforce with Microsoft Azure AD SSO
Setting up the Microsoft Sentinel integration
Trusted Domains: Integration Overview
Did this answer your question?