Unable to revoke admin consent for added permissions: Powershell
I have one Azure Ad app where I added permissions using Add-AzADAppPermission
To grant admin consent to these, I used CLI commands here
az login
az ad app permission admin-consent --id <application-id>
I can see admin consent is granted for these permissions in Portal:
But I want to remove this consent now from PowerShell.
Is there any command like Revoke-AzADPermissionGrant to achieve that?
I can do this from Portal, but I want it from PowerShell or CLI or Graph query.
Can anyone please shed light on this?
To revoke admin_consent granted for Azure AD application permissions, you can make use of below Graph API query:
DELETE https://graph.microsoft.com/v1.0/oauth2PermissionGrants/<id>
To get the <id>, you can run this query by filtering it with Service Principal ObjectID.
GET https://graph.microsoft.com/v1.0/oauth2PermissionGrants/?$filter=clientId eq 'SP ObjectID'
I tried to reproduce the same in my environment and got the below results:
I created one Azure AD application and granted same API permissions like this:
You can get SP ObjectID of the above application like below:
Go to Azure Portal -> Azure AD -> Enterprise Applications -> Your App -> Overview
I ran the below query to get <id> by including filter like this:
GET https://graph.microsoft.com/v1.0/oauth2PermissionGrants/?$filter=clientId eq 'SP ObjectID'
Response:
I ran the DELETE query like below, I got the response successfully:
DELETE https://graph.microsoft.com/v1.0/oauth2PermissionGrants/<id>
Response:
When I checked Azure Portal, admin consent got revoked successfully for that application like below:
To do the same from PowerShell, try running below commands:
Connect-MgGraph
Import-Module Microsoft.Graph.Identity.SignIns
Remove-MgOauth2PermissionGrant -OAuth2PermissionGrantId $Id
Make sure to install Microsoft.Graph module before running those commands.
If not, try using below command to install that module:
Install-Module Microsoft.Graph -Scope CurrentUser
- VS code terminal can't find AWS SAM even though windows terminal can
- How to combine multiple conditions in a PowerShell if-statement
- Can I change Read-Host so it doesn't always end in a colon?
- How to call native XPath functions from Select-Xml?
- How to get all piped in objects at once when using Begin/Process/End blocks?
- Calling a method returned from another method in Powershell
- Powershell -- how to minimize the console the script is running in while sitting in a loop?
- Automation Account Script to delete Stale Devices
- Powershell version of cut -d is very slow on large files, am I missing the fast way to do it?
- how to use "if" statements inside pipeline
- Error When Connecting to Azure from PowerShell
- Execute powershell in x64 from MSBuild
- Powershell 5 and 7 processes double quotes in different way when running Cygwin
- SQL Package extract command is failing in PowerShell script
- Office 364 Audit logs: Search-UnifiedAuditLog is not recognized as the name of a cmdlet
- Empty path name is not legal - DTEXEC with Powershell
- Cannot remove PowerShell environment variables
- Is automating App Registration on Azure possible through ARM Template on the User's tenant?
- Powershell error "value can not in the type System Management Automation LanguagePrimitives+InternalPSCustomObject converted"
- Diskspace Report HTML Text Color Output
- Issue with Azure Automation Account and Key Vault Certificate Retrieval
- How to display current virtual environtment in python in oh-my-posh?
- How do I get a list of Service Principals in Azure via the CLI
- Handling special characters in password string
- What is the right way to check a switch parameter
- How to make ($Line_1`n$Line_2) work in a CMD script?
- .ps1 script reported as "Missing closing '}'" in .bat file script
- APPAP308E - Invalid process path. Full path is required
- How do I verify that a SMB server requires signing, preferably with Powershell?
- Import-Excel: Expand imported Excel columns to become individual row entries