Grant Sites.Selected to Sharepoint Site using azure app registration with full control in PowerShell

Question

I am trying to grant Sites.Selected to Sharepoint site. I have granted with admin consent. I am using admin authentication to grant the permission. I am getting a "invalid request" error. I've checked the id and client id, but can't seem to figure out what the issue is. Is it better to go through a Sharepoint admin and use pnp powershell instead?

Import-Module Microsoft.Graph.Sites
Connect-MgGraph -Scopes "Sites.FullControl.All" -UseDeviceAuthentication -ContextScope Process

# Define variables
$siteId = "34587347"  # Site ID of the SharePoint site
$appId = "93849382489"  # Application ID to grant permissions to

# Define permission parameters

$params = @{
	roles = @("write")
    grantedTo = @(
		@{
			application = @{
		  		id = $appId
			}
		}
	)
}
# Assign permissions using New-MgSitePermission with defined Site ID and Application ID

New-MgSitePermission -SiteId $siteId -BodyParameter $params

Answer 1

Hi @Sharee Huddleston，

You could create a Microsoft Entra ID application like below

And use the below PowerShell script to restrict SharePoint API permission to a specific site

$siteUrl = “https://xxx.sharepoint.com/sites/xxx”
$clientId = “AppClientID” 
$certThumbprint = “Thumbprint” 
$tenant = “xxx.onmicrosoft.com”

Connect-PnPOnline -Url $siteUrl -Interactive
$writeperm = Grant-PnPAzureADAppSitePermission -Permissions “Write” -Site $siteUrl -AppId $clientId -DisplayName “PowerShell-SharepointOnline”
$PermissionId = Get-PnPAzureADAppSitePermission -AppIdentity $clientId
Set-PnPAzureADAppSitePermission -Site $siteurl -PermissionId $(($PermissionId).Id) -Permissions “FullControl”

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.