How to remove/revoke permission once granted.

清水 明士 51 Reputation points
2022-01-05T08:12:30.817+00:00

Hi, community.

When I was checking Microsoft Graph APIs for a demon type app, without users' login,
Admin gave some consents from Azure Portal to my app and Sites.FullControl.All permission from Graph Explore to me.

Since we found it worked well, it is no need to be granted anymore.
For security reasons, I think we better remove/remove permission for mean time until we will need them again.
But we could not find how to remove those permissions from Azure Portal/Graph Explore.

How to revoke/remove permissions once granted without deleting app itself from Azure Portal?

Regards.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,546 questions
0 comments
Accepted answer
  1. CarlZhao-MSFT 36,891 Reputation points
    2022-01-05T09:31:28.69+00:00

    Hi @清水 明士

    There is no specific remove/revoke API, the easiest way is to revoke the granted permissions directly in the Azure portal. This requires you to log in to the Azure portal as a global administrator, then find your application and revoke the permissions granted.

    162476-image.png

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Wade Lewis 21 Reputation points
    2022-04-26T00:05:39.06+00:00

    @CarlZhao-MSFT Any update on this? Deleting the enterprise application is not a feasible solution! We just want to revoke a single permission permission for a user. Otherwise we have no means to revert these permissions once we have updates downstream to allow for reduced permission scopes.

    I see that you were working on a script to remove all delegated permissions - specifically I'm trying to remove EWS.AccessAsUser.All and EAS.AccessAsUser.All permissions

    Are you able to come up with any way to remove those specific permissions?

    2 people found this answer helpful.
  2. Samdi 21 Reputation points
    2023-11-16T19:37:36.6366667+00:00

    The below article (link) has an excellent walk through and shows more information about how to remove permissions with the new Microsoft Graph PowerShell commands. There is also a script that you can use.

    https://www.alitajran.com/remove-permissions-applications/

    0 comments