Open jiasli opened 2 years ago
Following the announcement of Azure Active Directory Graph retirement, users cannot add permissions of Azure Active Directory Graph to Azure Active Directory applications via Azure Portal. This feature retirement was announced on Twitter.
This affects the usage of Azure CLI (https://github.com/Azure/azure-cli/issues/12946#issuecomment-938443839) and Azure PowerShell (https://github.com/Azure/azure-powershell/issues/16009), as Azure CLI az ad
commands and Azure PowerShell's AzAD
cmdlets are still using Azure Active Directory Graph.
For now, you may use az ad app permission add
to add Azure Active Directory Graph permissions.
[Optional] After the permission is added to an application, if needed, you may grant admin consent using either
Alternatively, to add Azure Active Directory Graph permissions with PowerShell cmdlets, please see https://github.com/Azure/azure-powershell/issues/16067.
I don't want to add the old permissions, what I want is to create a new application through the new graph API, will az ad app create ...
use the new API and operate off of the new permissions?
will
az ad app create ...
use the new API and operate off of the new permissions?
Absolutely. Tracked by https://github.com/Azure/azure-cli/issues/12946.
I have provided a full script in https://github.com/Azure/azure-cli/issues/20792#issuecomment-1014183586 to demonstrate how to grant AD Graph permissions to a service principal with Azure CLI.
In Azure Portal -> Azure Active Directory, users cannot add Azure Active Directory Graph permissions to a newly created application. The option is greyed out with a notification that you should use the new Microsoft Graph instead:
This means that for newly created Service Principals, users are currently unable to use
az ad
commands in automation workflows.Originally posted by @renskewierda in https://github.com/Azure/azure-cli/issues/12946#issuecomment-938443839