is that possible to Revoke/Deleting an Application's AppRole via powershell throught pipeline?

Anonymous
2022-06-25T15:00:57.743+00:00

Hi Team, I tried multiple things but no success, please assist.

$appId = $ObjectId
$appRoleValue = "Files.ReadWrite.All" # i.e. the scope

Connect-AzureAD

Disable the AppRole

$app = Get-AzureADApplication -Filter "appId eq '$appId'"
($app.AppRoles | Where-Object { $_.Value -eq $appRoleValue }).IsEnabled = $false
Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $app.AppRoles

Remove the AppRole

$toRemove = $app.AppRoles | Where-Object { $_.Value -eq $appRoleValue }
$app.AppRoles.Remove($toRemove) | Out-Null
Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $app.AppRoles

I want to remove below roles

215012-image.png

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,001 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Manu Philip 19,276 Reputation points MVP
    2022-06-25T19:16:05.327+00:00

    Here are some tips to handle the removal of app permissions through PowerShell

    1. Find the App ID : $appId = (Get-AzADApplication -DisplayNameStartWith yourappname).ApplicationId
    2. Find the api permission id of 'Files.Read.All' : $apiPermId=$(az ad sp show --id 00000003-0000-0000-c000-000000000000 --query "appRoles[?value=='Files.Read.All'].id" --output tsv)
    3. Delete the api permission 'Files.Read.All' from the app: az ad app permission delete --id $appid --api 00000003-0000-0000-c000-000000000000 --api-permissions $apiPermId

    Similar way, you can delete other permissions also

    ----------

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.