Skip to content

aad oauth2grant remove

Remove specified service principal OAuth2 permissions


m365 aad oauth2grant remove [options]


-i, --grantId <grantId>
objectId of OAuth2 permission grant to remove
-h, --help
output usage information
--query [query]
JMESPath query string. See for more information and examples
-o, --output [output]
Output type. json,text,csv. Default json
Runs command with verbose logging
Runs command with debug logging


Before you can remove service principal's OAuth2 permissions, you need to get the objectId of the permissions grant to remove. You can retrieve it using the aad oauth2grant list command.

If the objectId listed when using the aad oauth2grant list command has a minus sign ('-') prefix, you may receive an error indicating --grantId is missing. To resolve this issue simply escape the leading '-'.

m365 aad oauth2grant remove --grantId \\-Zc1JRY8REeLxmXz5KtixAYU3Q6noCBPlhwGiX7pxmU


Remove the OAuth2 permission grant with ID YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek

m365 aad oauth2grant remove --grantId YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek

More information