Skip to main content

spo serviceprincipal grant revoke

Revokes the specified set of permissions granted to the service principal

Usage

m365 spo serviceprincipal grant revoke [options]

Alias

m365 spo sp grant revoke

Options

-i, --id <id>

ObjectId of the permission grant to revoke.

-s, --scope [scope]

Scope to revoke. If not specified, will revoke all permissions.

-h, --help [help]

Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is options.

--query [query]

JMESPath query string. See http://jmespath.org/ for more information and examples.

-o, --output [output]

Output type. json, text, csv, md, none. Default json.

--verbose

Runs command with verbose logging.

--debug

Runs command with debug logging.

Remarks

info

To use this command you must be a Global administrator.

The permission grant you want to revoke is denoted using its ObjectId. You can retrieve it using the spo serviceprincipal grant list command.

Examples

Revoke permission grant with all permissions

m365 spo serviceprincipal grant revoke --id 50NAzUm3C0K9B6p8ORLtIsQccg4rMERGvFGRtBsk2fA

Revoke a specific permission

m365 spo serviceprincipal grant revoke --id 50NAzUm3C0K9B6p8ORLtIsQccg4rMERGvFGRtBsk2fA --scope "Mail.Read"

Response

The command won't return a response on success.

CTRL + M