Open
Description
openedon Jul 19, 2024
Related command
az ad app permission admin-consent
Is your feature request related to a problem? Please describe.
az ad app permission admin-consent
internally calls https://main.iam.ad.ext.azure.com/
endpoint:
This endpoint has several limitations:
- This endpoint is now deprecated
- It can only be called by a user, not a service principal.
- It fails in Cloud Shell, because
https://main.iam.ad.ext.azure.com/
is not a resource supported by Cloud Shell (az ad app permission admin-consent --id <app-id> fails in CloudShell #8912, Admin Consent is not working in Cloud Shell #14230) - It doesn't support sovereign clouds (az ad app permission admin-consent for sovereign cloud #9942)
Describe the solution you'd like
Migrate https://main.iam.ad.ext.azure.com/
to Microsoft Graph.
Describe alternatives you've considered
Remove az ad app permission admin-consent
and replace it with fine-grained az ad app permission grant
and #22768.
Additional context
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment