How to remove/revoke permission once granted.

清水 明士 56 Reputation points
2022-01-05T08:12:30.817+00:00

Hi, community.

When I was checking Microsoft Graph APIs for a demon type app, without users' login,
Admin gave some consents from Azure Portal to my app and Sites.FullControl.All permission from Graph Explore to me.

Since we found it worked well, it is no need to be granted anymore.
For security reasons, I think we better remove/remove permission for mean time until we will need them again.
But we could not find how to remove those permissions from Azure Portal/Graph Explore.

How to revoke/remove permissions once granted without deleting app itself from Azure Portal?

Regards.

Microsoft Security | Microsoft Graph
0 comments No comments
{count} votes

Accepted answer
  1. CarlZhao-MSFT 46,376 Reputation points
    2022-01-05T09:31:28.69+00:00

    Hi @清水 明士

    There is no specific remove/revoke API, the easiest way is to revoke the granted permissions directly in the Azure portal. This requires you to log in to the Azure portal as a global administrator, then find your application and revoke the permissions granted.

    162476-image.png


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Wade Lewis 21 Reputation points
    2022-04-26T00:05:39.06+00:00

    @CarlZhao-MSFT Any update on this? Deleting the enterprise application is not a feasible solution! We just want to revoke a single permission permission for a user. Otherwise we have no means to revert these permissions once we have updates downstream to allow for reduced permission scopes.

    I see that you were working on a script to remove all delegated permissions - specifically I'm trying to remove EWS.AccessAsUser.All and EAS.AccessAsUser.All permissions

    Are you able to come up with any way to remove those specific permissions?

    2 people found this answer helpful.

  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.