Forum Discussion
Revoke all Graph write permission for an Enterprise Application in Azure AD
Hello, I have a enterprise application registered in my tenant which is having delegated permission consented by Global Admin(Me). I have below permission for enterprise App Graph: User.Read...
What do you see when you run "Get-AzureADServicePrincipal | Where-Object {$_.DisplayName -eq "ShareGate migration tool 2.0"}" ?
Do you see the permissions you want to remove?
Do you see the permissions you want to remove?
No , This command only get's the enterprise application service principal object. Please find below
Result: ObjectId AppId DisplayName
-------- ----- -----------
29002c3b-0337-466e-8ab5-c00c5219474f 0f78653b-2b30-47f2-9d09-3c17709f118a ShareGate migration tool 2.0
Result: ObjectId AppId DisplayName
-------- ----- -----------
29002c3b-0337-466e-8ab5-c00c5219474f 0f78653b-2b30-47f2-9d09-3c17709f118a ShareGate migration tool 2.0
- Correct.
Do you see the list of permissions by running this?
$app = Get-AzureADServicePrincipal | Where-Object {$_.DisplayName -eq "ShareGate migration tool 2.0"}
Get-AzureADOAuth2PermissionGrant | Where-Object {$_.ResourceId -eq $app.ObjectId}- No, The object returned for above command is empty. As Get-AzureADOAuth2PermissionGrant does not have any OAuth2PermissionGrant which matched $app.ObjectId