I've been tasked with writing a few powershell scripts to automate some basic operations in our Azure AD tenant. I've successfully added and removed users and domains, and I've added new applications through the Azure Graph API, but I haven't had any luck with deleting the applications.
It seems that the documentation on this is minimal, and I haven't been able to find any examples of someone doing this. Based on the reference for Applications under Supported Operations, it should be possible (https://msdn.microsoft.com/library/azure/ad/graph/api/entity-and-complex-type-reference#applicationentity):
Supported Operations
The following operations are supported on applications (HTTP methods are >listed in parentheses):
create (POST)
read (READ)
update (PATCH)
delete (DELETE)
So what should the URI look like? I couldn't find a direct answer, but to delete a user, you'd use this:
https://graph.windows.net/myorganization/users/{user_id}[?api-version]
So, I thought to try something similar for deleting an application:
https://graph.windows.net/company.onmicrosoft.com/applications/{application_id}?api-version=1.6
If that's correct, then what is the application ID? Client ID and App ID URI make the most sense to me, but neither those nor the application name have worked for me so far. Could it be a formatting problem? I get different errors depending on what I try.
Application Name:
https://graph.windows.net/company.onmicrosoft.com/applications/application4?api-version=1.6
Yields
Invoke-RestMethod : {"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Invalid object identifier 'application4'."},"values":null}}
Client ID (zeroed out here):
https://graph.windows.net/company.onmicrosoft.com/applications/00000000-0000-0000-0000-000000000000?api-version=1.6
Yields
Invoke-RestMethod : {"odata.error":"code":"Request_ResourceNotFound","message":{"lang":"en","value":"Resource '00000000-0000-0000-0000-000000000000' does not exist or one of its queried reference-property objects are not present."}}}
App ID URI - wasn't sure exactly how to add this. Do I need some encoding, maybe? Tried two ways:
https://graph.windows.net/company.onmicrosoft.com/applications/application4.company.com?api-version=1.6
Which yields
Invoke-RestMethod : {"odata.error":{"code":"Request_BadRequest","message":{"lang":"en","value":"Invalid object identifier 'application4.company.com'."},"values":null}}
and
https://graph.windows.net/company.onmicrosoft.com/applications/https://application4.company.com?api-version=1.6
Which I suspect is where encoding might come in. Currently it simply yields
Invoke-RestMethod : {"odata.error":{"code":"Request_BadRequest","message"{"lang":"en","value":"Bad request. Please fix the request before retrying."}}}
Any idea where I'm going wrong?
