Skip to main content

entra app permission remove

Removes the specified application and/or delegated permissions from a specified Entra app.

Usage

m365 entra app permission remove [options]

Options

-i, --appId [appId]

Client ID of the Microsoft Entra app to remove the API permissions from. Specify either appId, appName or appObjectId.

--appObjectId [appObjectId]

Object ID of the Microsoft Entra app to remove the API permissions from. Specify either appId, appName or appObjectId.

-n, --appName [appName]

Display name of the Entra app to remove the API permissions from. Specify either appId, appName or appObjectId.

-a, --applicationPermissions [applicationPermissions]

Space-separated list of application permissions to remove. Specify at least applicationPermissions or delegatedPermissions.

-d, --delegatedPermissions [delegatedPermissions]

Space-separated list of delegated permissions to remove. Specify at least applicationPermissions or delegatedPermissions.

--revokeAdminConsent

When specified, revokes the admin consent for the specified permissions as well.

-f, --force

Don't prompt for confirmation to remove the permissions.

-h, --help [help]

Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is options.

--query [query]

JMESPath query string. See http://jmespath.org/ for more information and examples.

-o, --output [output]

Output type. json, text, csv, md, none. Default json.

--verbose

Runs command with verbose logging.

--debug

Runs command with debug logging.

Remarks

Removing permissions on App Registrations does not immediately remove consent given by an administrator. Explicitly instruct the CLI to revoke consent by using the --revokeAdminConsent flag.

Examples

Remove multiple delegated API permissions from an Entra app registration

m365 entra app permission remove --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --delegatedPermissions 'https://management.azure.com/user_impersonation https://service.flow.microsoft.com/Flows.Read.All https://graph.microsoft.com/Agreement.Read.All'

Remove multiple app-only permissions from an Entra app registration and revoke admin consent

m365 entra app permission remove --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --applicationPermissions 'https://graph.microsoft.com/Sites.FullControl.All https://microsoft.sharepoint-df.com/Sites.FullControl.All' --revokeAdminConsent

Response

The command won't return a response on success.

CTRL + M