azurepowershellmicrosoft-entra-id

How to query OAuth2 permission grants for service principals in Entra ID using Microsoft Graph PowerShell


When I query service principals of application type with both delegated and application permissions for MS Graph, the OAuth2 permission grants (Oauth2PermissionGrants) are always returned as $null.

$servicePrincipal = Get-MgServicePrincipal -ServicePrincipalId c3c1919a-eb0e-4664-96c7-3a4112345678

How can I return the OAuth2 permission grants for service principals?

Note: The AzureAD module doesn't work on arm64-based Mac.


Solution

  • As a sample, I granted a few delegated and application API permissions to the Microsoft Entra ID application:

    enter image description here

    To fetch the delegated API permissions, use the below command:

    Get-MgServicePrincipalOauth2PermissionGrant -ServicePrincipalId ServicePrincipalId
    

    enter image description here

    To fetch the application type API permissions, use the below command:

    Get-MgServicePrincipalAppRoleAssignment -ServicePrincipalId ServicePrincipalId
    

    enter image description here