entra oauth2grant remove
Remove specified service principal OAuth2 permissions
Usage
m365 entra oauth2grant remove [options]
Alias
m365 aad oauth2grant remove [options]
Options
-i, --grantId <grantId>objectIdof OAuth2 permission grant to remove-f, --forceDo not prompt for confirmation before removing OAuth2 permission grant
-h, --help [help]Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are
options,examples,remarks,response,full. Default isoptions.--query [query]JMESPath query string. See http://jmespath.org/ for more information and examples.
-o, --output [output]Output type.
json,text,csv,md,none. Defaultjson.--verboseRuns command with verbose logging.
--debugRuns command with debug logging.
Remarks
Before you can remove service principal's OAuth2 permissions, you need to get the objectId of the permissions grant to remove. You can retrieve it using the entra oauth2grant list command.
If the objectId listed when using the entra oauth2grant list command has a minus sign ('-') prefix, you may receive an error indicating --grantId is missing. To resolve this issue simply escape the leading '-'.
m365 entra oauth2grant remove --grantId \\-Zc1JRY8REeLxmXz5KtixAYU3Q6noCBPlhwGiX7pxmU
Examples
Remove the OAuth2 permission grant with ID YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek
m365 entra oauth2grant remove --grantId YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek
Remove the OAuth2 permission grant with ID YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek without being asked for confirmation
m365 entra oauth2grant remove --grantId YgA60KYa4UOPSdc-lpxYEnQkr8KVLDpCsOXkiV8i-ek --force
Response
The command won't return a response on success.
More information
- Application and service principal objects in Microsoft Entra ID: https://learn.microsoft.com/azure/active-directory/develop/active-directory-application-objects
- Delete a delegated permission grant (oAuth2PermissionGrant): https://learn.microsoft.com/graph/api/oauth2permissiongrant-delete?view=graph-rest-1.0