Is there anyway we can fetch the App permissions and consent?

0
votes

I want to fetch these app permissions without login-in or without Accepting. enter image description here

Required Urls: https://docs.microsoft.com/en-us/azure/active-directory/develop/application-consent-experience

https://login.microsoftonline.com/common/adminconsent?client_id={Application Id}&state=12345&redirect_uri={redirect url of app}

Please help

1
azure-active-directorymicrosoft-graph-api
If you are a global admin, you can approve those permissions through the portal or PowerShell. Is that what you are after? - juunas
You are right... once it is approved I can fetch the permissions ...but it is not possible to approve thousands apps manually. - Ashish Gautam
You could use a PowerShell script with the AzureAD module to do the consent. You basically need to create app role assignments for each application permission each app requires (one per permission) and OAuth2 permission grants for each delegated permission set required (one per target API). Ref: docs.microsoft.com/en-us/graph/api/resources/… and docs.microsoft.com/en-us/graph/api/resources/…. Creating those is what running admin consent does. - juunas
@Junnas Thanks for the reply and your answer helped me.. I have found another approach to work on the same. - Ashish Gautam

1 Answers

0
votes

There is a command az ad app permission admin-consent in Azure CLI, it can grant Application & Delegated permissions through admin-consent for the app.

So in your case, you could use a loop to run the command to grant permissions. Make sure you have installed the Azure CLI, and login with az login as an admin in the AAD tenant, then run the commands below.

My sample grant the permissions for all the app in my tenant, it works in Windows, if you want to run it in Linux, use a loop syntax for bash, or you can modify it depend on your requirements.

$apps = az ad app list --all --query '[].appId' -o tsv
foreach($app in $apps){
    az ad app permission admin-consent --id $app
}