MicrosoftI have run this query and got all the role assignments, and deleted all the orphaned role assignments my matching all principles, if principle not existis then i am considering as Orphaned role, all working great.
AuthorizationResources
| where type =~ "microsoft.authorization/roleassignments"
| extend principalId = tostring(properties.principalId),
principalType = tostring(properties.principalType),
roleDefinitionId = extract(@"([0-9a-fA-F-]{36})$", 1, tostring(properties.roleDefinitionId)),
scope = tostring(properties.scope),
assignmentName = name
| project subscriptionId, principalId, principalType, roleDefinitionId, scope, assignmentName
Found one issue, even after deleting role assignments its continue to show deleted role assignments even after 2 days which is weird, the script tries to delete and gets the error "Not able to map the role assignment with the scope "
