jiasli
commented
2 years ago Explanation
Following the announcement of Azure Active Directory Graph retirement, users cannot add permissions of Azure Active Directory Graph to Azure Active Directory applications via Azure Portal. This feature retirement was announced on Twitter.
This affects the usage of Azure CLI (https://github.com/Azure/azure-cli/issues/12946#issuecomment-938443839) and Azure PowerShell (https://github.com/Azure/azure-powershell/issues/16009), as Azure CLI az ad commands and Azure PowerShell's AzAD cmdlets are still using Azure Active Directory Graph.
Workaround
For now, you may use az ad app permission add to add Azure Active Directory Graph permissions.
[Optional] After the permission is added to an application, if needed, you may grant admin consent using either
- Azure Portal's Grant admin consent for [TenantName] button
- Azure CLI commands: https://github.com/Azure/azure-cli/issues/12137#issuecomment-596567479
Additional information
Alternatively, to add Azure Active Directory Graph permissions with PowerShell cmdlets, please see https://github.com/Azure/azure-powershell/issues/16067.
justinmchase
In Azure Portal -> Azure Active Directory, users cannot add Azure Active Directory Graph permissions to a newly created application. The option is greyed out with a notification that you should use the new Microsoft Graph instead:
This means that for newly created Service Principals, users are currently unable to use
az adcommands in automation workflows.Originally posted by @renskewierda in https://github.com/Azure/azure-cli/issues/12946#issuecomment-938443839