This article describes how to remove Microsoft Entra role assignments using the Microsoft Entra admin center, Microsoft Graph PowerShell, or Microsoft Graph API.
You can remove both direct and indirect role assignments for a user. If a user is assigned a role by a group membership, remove the user from the group to remove the role assignment. For more information, see Use Microsoft Entra groups to manage role assignments.
Microsoft Entra roles in PIM
If you have a Microsoft Entra ID P2 license and Privileged Identity Management (PIM), you have additional capabilities for role assignments. For information about removing Microsoft Entra role assignments in PIM, see these articles:
HTTP/1.1 400 Bad Request
{
"odata.error":
{
"code":"Request_BadRequest",
"message":
{
"lang":"en",
"value":"Removing self from Global Administrator built-in role is not allowed"},
"values":null
}
}
}
You are prevented from removing your own Global Administrator role assignment to avoid a scenario where a tenant has zero Global Administrators. Removing other roles assigned to yourself is allowed.