'NotFound error when revoking permissions granted for Teams Enterprise application

I am working with a Teams app enterprise application. We are testing some permission related changes and require a fresh app load that does not have any permissions granted by the user or admin.

To revoke the user permissions inside Azure Portal: Enterprise Applications, selecting my app, then the "Permissions" tab/blade, click the "Review Permissions" button, select radio button "This application has more permissions than I want", copy the Powershell script (all of it, some of it is cropped out in the small input box), running the script gives the following error on the second line:

$sp = Get-AzureADServicePrincipal -ObjectId "17a19fcd-xxxx-yyyy-zzzz-7b1411390c01

Get-AzureADServicePrincipal : Error occurred while executing GetServicePrincipal
Code: Request_ResourceNotFound
Message: Resource '17a19fcd-xxxx-yyyy-zzzz-7b1411390c01' does not exist or one of its queried reference-property objects are not present.
RequestId: bfdcfd56-xxxx-yyyy-zzzz-fb16d4c796ef
DateTimeStamp: Wed, 06 Apr 2022 09:17:09 GMT
HttpStatusCode: NotFound
HttpStatusDescription: Not Found
HttpResponseStatus: Completed
At line:1 char:1
+ Get-AzureADServicePrincipal -ObjectId "17a19fcd-xxxx-yyyy-zzzz-7b1411390c01 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [Get-AzureADServicePrincipal], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetServicePrincipal
permissionsmicrosoft-teamsazureportal


Solution 1:[1]

The reason for this was that I already ran the sript once before, on the second run, the ObjectId has changed, but Azure Portal doesn't tell you the correct one and just shows the old script with the old ObjectId.

To fix the script, get the new ObjectId:

  1. Run Get-AzureADServicePrincipal -All $true
  2. Copy out the output and search for your app, if the output is being cut out then increase the Screen buffer size in the PowerShell/CMD Properties.
  3. Now use this new ObjectId in the second line: $sp = Get-AzureADServicePrincipal -ObjectId "NEW_ID-HERE-yyyy-zzzz-123abc123abc

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 goamn

Related Questions

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Phonegap Android permissions, config.xml and plugins

What causes this iOS permission prompt for "use Bluetooth for new connections"?

How to convert guild.permissions number into an array of persmissions discord.js oauth2

Docker mounting volume. Permission denied

AWS EC2 Ubuntu File permissions issue

How to add the AppTrackingTransparency permission to your iOS apps

Oracle SELECT granted but still can't access table across users

How to request and check permissions in Flutter

I can't realise what is wrong with this piece of code - Notification.requestPermission();

Must remove QUERY_ALL_PACKAGES permission but cannot find it

django permissions: new permission is inserted after all other migrations

Why do we need permission-tree in Android?

Microsoft Graph File Permission invite API not working always

Google Cloud Storage confused about ACL/IAM and legacy permissions