Skip to main content

entra app permission list

Lists the application and delegated permissions for a specified Entra Application Registration

Usage

m365 entra app permission list [options]

Alias

m365 aad app permission list [options]

Options

-i, --appId [appId]

Client ID of the Application Registration to retrieve the permissions for. Specify appId or appObjectId but not both.

--appObjectId [appObjectId]

Object ID of the Application Registration to retrieve the permissions for. Specify appId or appObjectId but not both.

--type [type]

The type of permissions to retrieve. Allowed values: delegated, application, all. Defaults to all.

-h, --help [help]

Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is options.

--query [query]

JMESPath query string. See http://jmespath.org/ for more information and examples.

-o, --output [output]

Output type. json, text, csv, md, none. Default json.

--verbose

Runs command with verbose logging.

--debug

Runs command with debug logging.

Remarks

For best performance use the objectId option to reference the Entra application registration to get. If you use appId, this command will first need to find the corresponding object ID for that application.

Examples

Retrieves all permissions for an Entra app registration

m365 entra app permission list --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690'

Retrieves all delegated permissions for an Entra app registration

m365 entra app permission list --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --type delegated

Response

[
  {
    "resource": "Microsoft Graph",
    "resourceId": "00000003-0000-0000-c000-000000000000",
    "permission": "User.Read",
    "type": "Delegated"
  }
]
CTRL + M