Table of Contents

Remove-PnPEntraIDServicePrincipalAssignedAppRole

SYNOPSIS

Required Permissions

  • Microsoft Graph API: AppRoleAssignment.ReadWrite.All

Removes app roles configured on a service principal/application registration in Entra ID.

SYNTAX

By instance

Remove-PnPEntraIDServicePrincipalAssignedAppRole -Identity <ServicePrincipalAssignedAppRoleBind> [-Connection <PnPConnection>]

By assigned app role

Remove-PnPEntraIDServicePrincipalAssignedAppRole -Principal <ServicePrincipalPipeBind> [-Identity <ServicePrincipalAssignedAppRoleBind>] [-Connection <PnPConnection>]

By app role name

Remove-PnPEntraIDServicePrincipalAssignedAppRole -Principal <ServicePrincipalPipeBind> -AppRoleName <String> [-BuiltInType <ServicePrincipalBuiltInType>] [-Connection <PnPConnection>]

DESCRIPTION

Allows removal of one or more assigned app roles on a specific service principals/app registration in Entra ID.

EXAMPLES

EXAMPLE 1

Remove-PnPEntraIDServicePrincipalAssignedAppRole -Principal 797ee8a7-a950-4eb8-945d-7f10cc68a933 -AppRoleName "User.ReadWrite.All"

Removes the app role "User.ReadWrite.All" from the application registration with the object Id 797ee8a7-a950-4eb8-945d-7f10cc68a933

EXAMPLE 2

Remove-PnPEntraIDServicePrincipalAssignedAppRole -Principal "My application" -AppRoleName "Group.ReadWrite.All"

Removes the app role "Group.ReadWrite.All" from the application registration with the name "My application"

EXAMPLE 3

Remove-PnPEntraIDServicePrincipalAssignedAppRole -Principal 797ee8a7-a950-4eb8-945d-7f10cc68a933

Removes all app roles from the application registration with the object Id 797ee8a7-a950-4eb8-945d-7f10cc68a933

EXAMPLE 4

Remove-PnPEntraIDServicePrincipalAssignedAppRole -Principal "My application"

Removes all app roles from the application registration with the name "My application"

EXAMPLE 5

Get-PnPEntraIDServicePrincipal -AppId fd885e69-86dc-4f3b-851e-ad04920031cf | Remove-PnPEntraIDServicePrincipalAssignedAppRole

Removes all app roles from the application registration with the app Id/Client Id fd885e69-86dc-4f3b-851e-ad04920031cf

EXAMPLE 6

Remove-PnPAzureADServicePrincipalAssignedAppRole -Principal "My application" -AppRoleName "Sites.FullControl.All" -BuiltInType SharePointOnline

Removes the "Sites.FullControl.All" app role assignment only from the SharePointOnline for the application registration named "My application".

PARAMETERS

-Principal

The object id, name or instance of the service principal/application registration to remove app roles for

Type: ServicePrincipalPipeBind
Parameter Sets: By assigned app role, By app role name

Required: True
Position: Named
Default value: None
Accept pipeline input: True
Accept wildcard characters: False

-Identity

The object id, name or instance of the application role to remove from the service principal/application registration

Type: ServicePrincipalAssignedAppRoleBind
Parameter Sets: By assigned app role, By instance

Required: True (By instance), False (By assigned app role)
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AppRoleName

The name of the permission to remove, i.e. Sites.Read.All

Type: ServicePrincipalAssignedAppRoleBind
Parameter Sets: By app role name

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-BuiltInType

The built in application type to use for the app role. This can be MicrosoftGraph or SharePointOnline.

Type: ServicePrincipalBuiltInType
Parameter Sets: By app role name

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Connection

Optional connection to be used by the cmdlet. Retrieve the value for this parameter by either specifying -ReturnConnection on Connect-PnPOnline or by executing Get-PnPConnection.

Type: PnPConnection
Parameter Sets: (All)

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Microsoft 365 Patterns and Practices Microsoft Graph documentation

Edit this page