Hi Everyone,
I need to clear the User Consent permissions on an Enterprise App so I can run the 3rd party app again and then grant "Consent on behalf of your organisation" so all users (assigned to the Ent App) can access it.
![User's image](https://learn-attachment.microsoft.com/api/attachments/de043a19-4e0f-4778-a113-bfaf8880e6de?platform=QnA)
Using MgGraph PowerShell to remove permissions from an Enterprise App and I get this pop up:
Connect-MgGraph -Scopes "Application.ReadWrite.All", "DelegatedPermissionGrant.ReadWrite.All"
# Get Service Principal using objectId
$sp = Get-MgServicePrincipal -ServicePrincipalId xxxxxx
# Get MS Graph App role assignments using objectId of the Service Principal
$assignments = Get-MgServicePrincipalAppRoleAssignedTo -ServicePrincipalId $sp.Id -All
# Remove all users and groups assigned to the application
$assignments | ForEach-Object {
if ($_.PrincipalType -eq "User") {
Remove-MgUserAppRoleAssignment -UserId $_.PrincipalId -AppRoleAssignmentId $_.Id
} elseif ($_.PrincipalType -eq "Group") {
Remove-MgGroupAppRoleAssignment -GroupId $_.PrincipalId -AppRoleAssignmentId $_.Id
}
}
![User's image](https://learn-attachment.microsoft.com/api/attachments/faa9a9d3-5ac0-4599-b17b-3b0f660db383?platform=QnA)
What is this for and should I accept and grant "Consent on behalf of your organisation".
Thanks, M