Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#Get all Permission for the Service prinipal ObjectId.
$exisitingCollection = az ad app permission list-grants --filter "clientId eq '$($ServicePrincipalObjectId)' and consentType eq 'AllPrincipals'" | ConvertFrom-Json
#Get a access Token
$tokenResponse = az account get-access-token --resource-type ms-graph | convertFrom-Json
$existingCollection | ForEach-Object {
$existing = $PSItem
#Get the PermissionGrant
$apiUrlPatch = "https://graph.microsoft.com/v1.0/oauth2Permissiongrants/$($existing.objectId)"
$body = @{
scope = ""
}
#Patch with an empty scope.
Invoke-RestMethod -uri $apiUrlPatch -Headers @{Authorization = "Bearer $(tokenResponse.accessToken)"} -Method $PATCH -Body $($body | ConvertTo-Json) -ContentType "application/json"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment