Forum Discussion
Revoke all Graph write permission for an Enterprise Application in Azure AD
Hello,
I have a enterprise application registered in my tenant which is having delegated permission consented by Global Admin(Me).
I have below permission for enterprise App
Graph: User.Read.All
Graph: User.ReadWrite.All
I want to remove/ revoke Graph: User.ReadWrite.All and keep all other graph permissions.
Do anybody have any idea how we can do it using Powershell or Azure Portal.
Thanks in advance
6 Replies
Hello bhartisemwal1990 ,
You can use PowerShell to remove granted permissions.
Please, look at this:
Revoke permissions using PowerShell commands
Remove-AzureADOAuth2PermissionGrant (AzureAD) | Microsoft Docs
Hello mikhailf ,
Thanks for the help!
I tried executing the command ,following the article it doesn't seems to work for enterprise application.
I am trying to remove scope from Enterprise application for ShareGate Migration tool.
I have ever tried it for Enterprise application?
Pls find below snippet i tried to run
$ShareGateTool= Get-AzureADServicePrincipal | Where-Object {$_.DisplayName -eq "ShareGate migration tool 2.0"}
$ShareGateToolONotes= Get-AzureADOAuth2PermissionGrant | Where-Object {$_.ResourceId -eq $ShareGateTool.ObjectId} | Where-Object {$_.Scope -eq "Notes.ReadWrite.All"}
Remove-AzureADOAuth2PermissionGrant -ObjectId $ShareGateToolONotes.ObjectId- What do you see when you run "Get-AzureADServicePrincipal | Where-Object {$_.DisplayName -eq "ShareGate migration tool 2.0"}" ?
Do you see the permissions you want to remove?
