Graph API - Service Principal app role assignments, returns nothing

Chris 26 Reputation points

I am trying to use the

API, however it does not return any results on the 1.0 or beta endpoint. Is this a known issue or am I doing something wrong?

I am using Powershell, MSAL module to get a token, and calling that as a GET request via Invoke-RestMethod. I have also tried the MG Graph PS module equivalent. I have validated that the MG Graph app in Entra ID has (and my custom app for trying it directly). <-- This works either via direct API call or the Get-AzureADServiceAppRoleAssignment MSOLv2 PS command <-- Returns nothing either via direct API call or the Get-MgServicePrincipalAppRoleAssignment MG Graph PS command.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,409 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 100.1K Reputation points MVP

    The /appRoleAssignments endpoint returns application permissions consented to the given service principal. If delegate permissions are used instead, the /oauth2PermissionGrants endpoint is what you need.

    In both cases, if no consent has been granted, nothing will show on the SP object, even if the app object lists the permissions.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful