We've recently added app permission add for working with permissions of app registrations. But that command can only be used when you are working with a m365rc.json file.
We also have:
- aad approleassignment add but that only adds app-only permissions to service principals, not to App Registrations.
- aad oauth2grant add but that only adds delegated permissions to service principals, not to App Registrations.
So it would be useful if we add another command to be able to easily work with permissions of App Registrations just using options.
Usage
m365 aad app permission add [options]
Description
Adds the specified application and/or delegated permissions to a specified AAD app
Options
| Option |
Description |
-i, --appId [appId] |
Client ID of the Azure AD app to add the API permissions to. Specify appId or appObjectId but not both. |
--appObjectId [appObjectId] |
Object ID of the Azure AD app to add the API permissions to. Specify appId or appObjectId but not both. |
-a, --applicationPermissions [applicationPermissions] |
Space-separated list of application permissions to add. Specify at least applicationPermissions or delegatedPermissions. |
-d, --delegatedPermissions [delegatedPermissions] |
Space-separated list of delegated permissions to add. Specify at least applicationPermissions or delegatedPermissions. |
--grantAdminConsent |
When specified, grants application & delegated permissions through admin consent. |
Remarks
Scopes/Roles to grant must be fully-qualified so that we can disambiguate them between the different resources.
Examples
Grant multiple delegated API permissions to an AAD app registration
m365 aad app permission add --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --delegatedPermissions 'https://management.azure.com/user_impersonation https://service.flow.microsoft.com/Flows.Read.All https://graph.microsoft.com/Agreement.Read.All'
Grant multiple app-only permissions to an AAD app registration and grant admin consent
m365 aad app permission add --appId 'f1417aa3-bf0b-4cc5-a845-a0b2cf11f690' --applicationPermissions 'https://graph.microsoft.com/Sites.FullControl.All https://microsoft.sharepoint-df.com/Sites.FullControl.All' --grandAdminConsent
Additional information
The code of app permission add can be reused for this.
We've recently added app permission add for working with permissions of app registrations. But that command can only be used when you are working with a
m365rc.jsonfile.We also have:
So it would be useful if we add another command to be able to easily work with permissions of App Registrations just using options.
Usage
m365 aad app permission add [options]
Description
Adds the specified application and/or delegated permissions to a specified AAD app
Options
-i, --appId [appId]appIdorappObjectIdbut not both.--appObjectId [appObjectId]appIdorappObjectIdbut not both.-a, --applicationPermissions [applicationPermissions]applicationPermissionsordelegatedPermissions.-d, --delegatedPermissions [delegatedPermissions]applicationPermissionsordelegatedPermissions.--grantAdminConsentRemarks
Scopes/Roles to grant must be fully-qualified so that we can disambiguate them between the different resources.
Examples
Grant multiple delegated API permissions to an AAD app registration
Grant multiple app-only permissions to an AAD app registration and grant admin consent
Additional information
The code of app permission add can be reused for this.