While using Microsoft Graph explorer, you accidentally consented to permission(s) that you did not mean to. This blog post will explain how to unconsent or remove that permission(s).
Log in to graph explorer (Graph Explorer | Try Microsoft Graph APIs – Microsoft Graph) with your credentials.
Note: In order to perform the following unconsent steps, make sure these permissions: Directory.Read.All and DelegatedPermissionGrant.ReadWrite.All are already consented.
Perform the following steps to remove consented permissions as shown in the screen shots below:
- Click on the Profile icon in the top right corner.
- Click on the “Consent to permissions” link in the popup menu to bring up the permissions window.
- Navigate to the consented permission that you want to unconsent and click on “Unconsent” button next to it.
In order for the above change to take effect, you need to log out and log back in again.
After consenting to a permission, there is a propagation delay so you may see the following error if you try to unconsent too soon.
You are experiencing a delay in updating this permission on AAD. Try again after a few minutes.
Note: There are certain permissions that cannot be unconsented, for instance “User.Read” is required for sign in. Removing that permission can result in the following error.
error: Default scope - Graph Explorer requires this permission for its normal working behavior.
This feature works both for user consent and admin consent permissions. For admin consented permissions, it will say “AllPrincipal” instead of “Principal”.