Is your feature request related to a problem? Please describe.az ad app permission admin-consent internally calls https://main.iam.ad.ext.azure.com/ endpoint:
It can only be called by a user, not a service principal.
It fails in Cloud Shell, because https://main.iam.ad.ext.azure.com/ is not a resource supported by Cloud Shell (#8912, #14230)
It doesn't support sovereign clouds (#9942)
Describe the solution you'd like
Migrate https://main.iam.ad.ext.azure.com/ to Microsoft Graph.
Describe alternatives you've considered
Remove az ad app permission admin-consent and replace it with fine-grained az ad app permission grant and https://github.com/Azure/azure-cli/issues/22768.
Related command
az ad app permission admin-consent
Is your feature request related to a problem? Please describe.
az ad app permission admin-consent
internally callshttps://main.iam.ad.ext.azure.com/
endpoint:https://github.com/Azure/azure-cli/blob/38eaebb6936a32be13e2c4afba8e600ce9c91513/src/azure-cli/azure/cli/command_modules/role/custom.py#L959
This endpoint has several limitations:
https://main.iam.ad.ext.azure.com/
is not a resource supported by Cloud Shell (#8912, #14230)Describe the solution you'd like Migrate
https://main.iam.ad.ext.azure.com/
to Microsoft Graph.Describe alternatives you've considered Remove
az ad app permission admin-consent
and replace it with fine-grainedaz ad app permission grant
and https://github.com/Azure/azure-cli/issues/22768.Additional context