Remove-AzureADOAuth2PermissionGrant

Removes an oAuth2PermissionGrant.

Syntax

Remove-AzureADOAuth2PermissionGrant
      -ObjectId <String>
      [-InformationAction <ActionPreference>]
      [-InformationVariable <String>]
      [<CommonParameters>]

Description

The Remove-AzureADOAuth2PermissionGrant cmdlet removes an oAuth2PermissionGrant object in Azure Active Directory (AD).

Examples

Example 1: Remove an OAuth2 permission grant

PS C:\> $SharePointSP = Get-AzureADServicePrincipal | Where-Object {$_.DisplayName -eq "Microsoft.SharePoint"}
PS C:\> $SharePointOA2AllSitesRead = Get-AzureADOAuth2PermissionGrant | Where-Object {$_.ResourceId -eq $SharePointSP.ObjectId} | Where-Object {$_.Scope -eq "AllSites.Read"}
PS C:\> Remove-AzureADOAuth2PermissionGrant -ObjectId $SharePointOA2AllSitesRead.ObjectId

The first command gets a service principal that matches the specified display name by using the Get-AzureADServicePrincipal cmdlet. The command stores the result in the $SharePointSP variable.

The second command gets certain permission grants by using the Get-AzureADOAuth2PermissionGrant cmdlet. The command stores the result in the $SharePointOA2AllSitesRead variable.

The final command removes the permission grant in $SharePointOA2AllSitesRead.

Parameters

-InformationAction

Specifies how this cmdlet responds to an information event. The acceptable values for this parameter are:

  • Continue
  • Ignore
  • Inquire
  • SilentlyContinue
  • Stop
  • Suspend
Type:ActionPreference
Aliases:infa
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-InformationVariable

Specifies an information variable.

Type:String
Aliases:iv
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ObjectId

Specifies the ID of an oAuth2PermissionGrant object in Azure AD.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False