pmatthews05/clearAppRoleAssignments.ps1

## clearAppRoleAssignments.ps1
#Get a access Token
$tokenResponse = az account get-access-token --resource-type ms-graph | convertFrom-Json

#Get all App Role Assignment Permission for the Service prinipal ObjectId.
$apiUrl = "https://graph.microsoft.com/v1.0/servicePrincipals/$ServicePrincipalObjectId/appRoleAssignments"

$appRoleAssignmentCollection = @(Invoke-RestMethod -Uri $apiUrl -Headers @{Authorization = "Bearer $($tokenResponse.accessToken)" }  -Method GET -ContentType "application/json").value

$appRoleAssignmentCollection | ForEach-Object {
   $appRoleAssignment = $PSItem
   $deleteApiUrl = "$apiUrl/$($appRoleAssignment.id)"
   Invoke-RestMethod -Uri $deleteApiUrl -Headers @{Authorization = "bearer $($tokenResponse.accessToken)" } -Method Delete -ContentType "application/json"
}
	#Get a access Token
	$tokenResponse = az account get-access-token --resource-type ms-graph \| convertFrom-Json

	#Get all App Role Assignment Permission for the Service prinipal ObjectId.
	$apiUrl = "https://graph.microsoft.com/v1.0/servicePrincipals/$ServicePrincipalObjectId/appRoleAssignments"

	$appRoleAssignmentCollection = @(Invoke-RestMethod -Uri $apiUrl -Headers @{Authorization = "Bearer $($tokenResponse.accessToken)" } -Method GET -ContentType "application/json").value

	$appRoleAssignmentCollection \| ForEach-Object {
	$appRoleAssignment = $PSItem
	$deleteApiUrl = "$apiUrl/$($appRoleAssignment.id)"
	Invoke-RestMethod -Uri $deleteApiUrl -Headers @{Authorization = "bearer $($tokenResponse.accessToken)" } -Method Delete -ContentType "application/json"
	}