Skip to main content

entra app permission add

Adds the specified application and/or delegated permissions to a Microsoft Entra app

Usage

m365 entra app permission add [options]

Alias

m365 aad app permission add [options]
m365 entra appregistration permission add [options]

Options

-i, --appId [appId]

Client ID of the Microsoft Entra app to add the API permissions to. Specify appId or appObjectId but not both.

--appObjectId [appObjectId]

Object ID of the Microsoft Entra app to add the API permissions to. Specify appId or appObjectId but not both.

-a, --applicationPermissions [applicationPermissions]

Space-separated list of application permissions to add. Specify at least applicationPermissions or delegatedPermissions.

-d, --delegatedPermissions [delegatedPermissions]

Space-separated list of delegated permissions to add. Specify at least applicationPermissions or delegatedPermissions.

--grantAdminConsent

When specified, grants application & delegated permissions through admin consent.

-h, --help [help]

Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is options.

--query [query]

JMESPath query string. See http://jmespath.org/ for more information and examples.

-o, --output [output]

Output type. json, text, csv, md, none. Default json.

--verbose

Runs command with verbose logging.

--debug

Runs command with debug logging.

Remarks

Scopes/Roles to grant must be fully-qualified so that we can disambiguate them between the different resources.

Examples

Grant multiple delegated API permissions to a Microsoft Entra app specified by client id.

m365 entra app permission add --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --delegatedPermissions 'https://management.azure.com/user_impersonation https://service.flow.microsoft.com/Flows.Read.All https://graph.microsoft.com/Agreement.Read.All'

Grant multiple delegated API permissions to a Microsoft Entra app specified by object id.

m365 entra app permission add --appObjectId 'e0306bb2-bf0b-4cc5-a845-a0b2cf11f690' --delegatedPermissions 'https://management.azure.com/user_impersonation https://service.flow.microsoft.com/Flows.Read.All https://graph.microsoft.com/Agreement.Read.All'

Grant multiple app-only permissions to a Microsoft Entra app specified by client id and grant admin consent.

m365 entra app permission add --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --applicationPermissions 'https://graph.microsoft.com/Sites.FullControl.All https://microsoft.sharepoint-df.com/Sites.FullControl.All' --grantAdminConsent

Response

The command won't return a response on success.

CTRL + M