Forum Discussion

bhartisemwal1990's avatar
bhartisemwal1990
Copper Contributor
Jun 22, 2022

Revoke all Graph write permission for an Enterprise Application in Azure AD

Hello,   I have a enterprise application registered in my tenant which is having delegated permission consented by Global Admin(Me).   I have below permission for enterprise App Graph: User.Read...
  • bhartisemwal1990's avatar
    bhartisemwal1990
    Copper Contributor
    Jun 23, 2022

    Hello mikhailf ,

     

    Thanks for the help!

     

    I tried executing the command ,following the article it doesn't seems to work for enterprise application.

     

    I am trying to remove scope from Enterprise application for  ShareGate Migration tool.

     

    I have ever tried it for Enterprise application?

     

    Pls find below snippet i tried to run

    $ShareGateTool= Get-AzureADServicePrincipal | Where-Object {$_.DisplayName -eq "ShareGate migration tool 2.0"}
    $ShareGateToolONotes= Get-AzureADOAuth2PermissionGrant | Where-Object {$_.ResourceId -eq $ShareGateTool.ObjectId} | Where-Object {$_.Scope -eq "Notes.ReadWrite.All"}
    Remove-AzureADOAuth2PermissionGrant -ObjectId  $ShareGateToolONotes.ObjectId

     

     

    • mikhailf's avatar
      mikhailf
      Iron Contributor
      Jun 23, 2022
      What do you see when you run "Get-AzureADServicePrincipal | Where-Object {$_.DisplayName -eq "ShareGate migration tool 2.0"}" ?
      Do you see the permissions you want to remove?
      • bhartisemwal1990's avatar
        bhartisemwal1990
        Copper Contributor
        Jun 23, 2022
        No , This command only get's the enterprise application service principal object. Please find below
        Result: ObjectId AppId DisplayName
        -------- ----- -----------
        29002c3b-0337-466e-8ab5-c00c5219474f 0f78653b-2b30-47f2-9d09-3c17709f118a ShareGate migration tool 2.0

Resources