Graph API permission for azure cli rest command

Juliano Jeziorny 6 Reputation points

When calling rest graph api though the azure cli, one might need certain permissions. However the az cli does not have an app in aad to grant the permission thorugh. So how should this be done?
I understand it could be possible using a SP for the az cli authentication, but want to avoid that as many users use the cli and don't want to create an SP for each one.

$ az rest --method get --url$filter=subjectId+eq+'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx'
  "error": {
    "code": "UnknownError",
    "message": "{\"errorCode\":\"PermissionScopeNotGranted\",\"message\":\"Authorization failed due to missing permission scope PrivilegedAccess.Read.AzureResources,PrivilegedAccess.ReadWrite.AzureResources.\",\"target\":null,\"details\":null,\"innerError\":null,\"instanceAnnotations\":[],\"typeAnnotation\":null}",
    "innerError": {
      "date": "2021-02-18T14:18:50",
      "request-id": "b5c00ab3-a964-42d1-a244-32da8df9dda8",
      "client-request-id": "b5c00ab3-a964-42d1-a244-32da8df9dda8"
Not Monitored
Not Monitored
Tag not monitored by Microsoft.
32,768 questions
0 comments No comments
{count} votes