Hi,
I have an issue with revoking permissions on a Service principal created in our Azure AD environment. The spn has been created under the App Registrations section in the Azure Portal. Granting the permissions to the Azure AD Graph API is working after confirming the consent. Permissions granted are Read All Directory Data and Read All Applications Owned By.
This has been tested with different calls via PostMan and Powershell.
When I want to revoke the permission (not removing the spn), I see the permissions have been removed from the application, but my calls to Azure AD Graph API are still working. Permissions have been revoked via the Azure Portal under App Registrations and consent has been confirmed again.
Analyzing the Bearer token tells me the roles are not assigned anymore, but when doing calls to Azure AD Graph, I still get results from my queries.
Can someone explain this to me?