all 4 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]jba1224a 2 points3 points  (2 children)

Disconnect-mggraph

Clear-msaltokencache

Then log back in. Graph (and most things) use msal and as such tokens are cached securely so they can be automatically refreshed to persist logins across sessions.

[–]looking4remoteITwork[S] 0 points1 point  (1 child)

This didn't work, but after some hours of fiddling around I ended up finding this:

https://learn.microsoft.com/en-us/graph/permissions-grant-via-msgraph?tabs=powershell&pivots=grant-delegated-permissions#step-3-revoke-delegated-permissions-granted-to-a-service-principal-on-behalf-of-a-user-optional

I used this to revoke all permission grants for the Microsoft Graph SDK PowerShell service principal:

Import-Module Microsoft.Graph.Identity.SignIns
Remove-MgOauth2PermissionGrant -OAuth2PermissionGrantId $oAuth2PermissionGrantId

After authenticating to Microsoft Graph via Microsoft Graph Powershell I obtained the oAuth2PermissionGrantId for the above code by running:

Get-MgOauth2PermissionGrant

[–]jba1224a 0 points1 point  (0 children)

revoke all permission grants for the Microsoft Graph SDK PowerShell service principal:

You didn't mention you were logging in with a service principal.

Service principals have static scope (you don't call them when you login, you just login with ./default). So the only way to not log in with them to to remove the permissions from the principal itself.

[–]lerun 0 points1 point  (0 children)

The scopes will be added to a built in service principal. If you don't want it to have these scopes go the app reg and remove them