Remove-EntraServicePrincipalDelegatedPermissionClassification

Module:

Microsoft.Entra

Remove delegated permission classification.

Syntax

Remove-EntraServicePrincipalDelegatedPermissionClassification
      -ServicePrincipalId <String>
      -Id <String>
      [<CommonParameters>]

Description

The Remove-EntraServicePrincipalDelegatedPermissionClassification cmdlet deletes the given delegated permission classification by Id from service principal.

Examples

Example 1: Remove a delegated permission classification

Connect-Entra -Scopes 'Policy.ReadWrite.PermissionGrant'
$servicePrincipal = Get-EntraServicePrincipal -Filter "displayName eq 'Helpdesk Application'"
$permissionClassification = Get-EntraServicePrincipalDelegatedPermissionClassification -ServicePrincipalId $servicePrincipal.Id | Where-Object {$_.PermissionName -eq 'Sites.Read.All'}
Remove-EntraServicePrincipalDelegatedPermissionClassification -ServicePrincipalId $servicePrincipal.Id -Id $permissionClassification.Id

This command deletes the delegated permission classification by Id from the service principal.

• -ServicePrincipalId parameter specifies the unique identifier of a service principal.
• -Id parameter specifies the unique identifier of a delegated permission classification object Id.

Parameters

-Id

The unique identifier of a delegated permission classification object Id.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

-ServicePrincipalId

The unique identifier of a service principal object in Microsoft Entra ID.

Type:	System.String
Position:	Named
Default value:	None
Required:	True
Accept pipeline input:	True
Accept wildcard characters:	False

Related Links

• Get-EntraServicePrincipalDelegatedPermissionClassification
• Add-EntraServicePrincipalDelegatedPermissionClassification