Skip to main content

spo serviceprincipal permissionrequest deny

Denies the specified permission request


m365 spo serviceprincipal permissionrequest deny [options]


m365 spo sp permissionrequest deny


-i, --id <id>

ID of the permission request to deny.

-h, --help [help]

Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is options.

--query [query]

JMESPath query string. See for more information and examples.

-o, --output [output]

Output type. json, text, csv, md, none. Default json.


Runs command with verbose logging.


Runs command with debug logging.



The admin role that's required to deny permissions depends on the API. To approve permissions to any of the third-party APIs registered in the tenant, the application administrator role is sufficient. To approve permissions for Microsoft Graph or any other Microsoft API, the Global Administrator role is required.

The permission request you want to approve is denoted using its ID. You can retrieve it using the spo serviceprincipal permissionrequest list command.


Deny permission request

m365 spo serviceprincipal permissionrequest deny --id 4dc4c043-25ee-40f2-81d3-b3bf63da7538


The command won't return a response on success.