Using Microsoft Graph PowerShell SDK to manage user consented permissions

The oAuth2PermissionGrant object keeps a record of user consented permissions (Delegated Permissions) in a tenant. There is one OAuth2PermissionGrant object (identified by Consent ID) for each combination of client application, resource application, and user. The sample PowerShell script in this post will perform the following tasks: Remove all MS Graph Delegated permissions (if any) for the user Perform user consent for an initial set of MS Graph permission Update the…

Read More

Revoke Admin Consent for a delegated permission on a Service Principal with the MS Graph PowerShell SDK

Scenario: You use the Microsoft Graph Explorer tool to test a query. It requires you to consent to a permission so you use your admin account to do this. However, you click the check box to consent for the entire organization… woops! You did not mean to give everyone permissions for “AuditLog.Read.All” so now you need to revoke this permission. The easiest way to revoke consent is to just delete…

Read More