How to provide permissions for an Azure registered application with MS Graph SharePoint Sites.Selected API permissions to a specific site via calling Microsoft Graph API from PowerShell.
We need an “admin” application – Azure registered application with with Sites.FullControl.All MS Graph API permissions. This method can use secret, so we need Client Id and Client Secret for this “admin” app.
We also need a Client Id and Application Display Name for an Azure application with Sites.Selected MS Graph and/or SharePoint API permissions provided.
And we need our “target” site Url.
With PowerShell scripts you can:
- Get Microsoft Graph Access Token with an “admin” app
- Get client (target) site Id
- Get current app permissions provided to client site
- Add read or write permissions for the client app to the client site
- Revoke one specific permission from site
- Revoke all app permissions provided to site
– please refer to the GitHub Repo Sites.Selected