I have an issue similar to this one. After revoking the following permissions from my app (Sign in and read user profile & Read all groups), and reassigning completly different permissions (Read user mail + waiting 20 mins for the new permissions to take effect), my app is still able to query/read the domain's group. I have also tried revoking all permissions => the resulting requiredResourceAccess array in the Manifest file for the application is empty; waited 20 mins for the changes to take effect. => result my application is still able to query the domain's group. Any explanation is appreciated.
Asked
Active
Viewed 1,622 times
1 Answers
1
As that case's answer said, after change the permissions in Application registrations, you need to click the Grant Permissions button.
Go to Azure portal> Azure Active Directory> Application registrations > Select your application > Required permissions > Choose the API > Revoke the permissions > Save > Grant permissions
You can go to Enterprise applications to check if it has revoked.
Enterprise Applications > Select your applications > Permissions
If you want to revoke all permissions of the Application, you can just delete it in Enterprise applications.
Wayne Yang
- 9,016
- 2
- 20
- 40