RBAC for Applications in Exchange Online.

Marek K 0 Reputation points
2025-01-21T08:25:10.5133333+00:00

Hello

With the RBAC for application in exchange online coming to EOL this February I have been tasked with finding the apps that are using it and either re-creating them or changing the permissions to the relevant Microsoft graph permissions.

Could someone please point me in the direction of a script that I could run to list the apps that are using the permission in question?

As a side note can someone point me as well to a PowerShell I can use to remove/ delete application beginning with a certain name on mass from azure?

Regards,

Marek

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,993 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,796 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marek K 0 Reputation points
    2025-01-21T11:53:37.01+00:00

    Hi all again

    I have found the answer to my question for those that may struggle.

    This script https://stackoverflow.com/questions/77064801/retrieve-complete-api-permissions-of-azure-ad-application-via-powershell allowed me to list every app registration we have with all the permission it uses.

    As it exports to CSV I was then able to filter by permissions and find the EWS permission that is being retired. I now just need to work at replacing it with the graph permission.

    If anyone has PowerShell to list all azure app registrations beginning with a name and then delete them I would be grateful.

    Regards,

    Marek

    0 comments No comments

  2. Raja Pothuraju 12,275 Reputation points Microsoft Vendor
    2025-01-22T03:27:44.38+00:00

    Hello @Marek K,

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue: Could someone please point me in the direction of a script that I could run to list the apps that are using the permission in question?

    Solution: Resolved by @Marek K,

    I have found the answer to my question for those that may struggle. This script https://stackoverflow.com/questions/77064801/retrieve-complete-api-permissions-of-azure-ad-application-via-powershell allowed me to list every app registration we have with all the permission it uses. As it exports to CSV I was then able to filter by permissions and find the EWS permission that is being retired. I now just need to work at replacing it with the graph permission. If anyone has PowerShell to list all azure app registrations beginning with a name and then delete them I would be grateful.

    If you have any other questions or are still running into more issues, please let me know. Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    Thanks,
    Raja Pothuraju.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.