I have global adminstrator permission and When i try to do admin consent to AAD Application permissions i am getting below error.
az : ERROR: Bad Request({"ClassName":"Microsoft.Portal.Framework.Exceptions.ClientException","Message":"Graph call failed with httpCode=BadRequest, errorCode=Request_BadRequest, errorMessage=The application needs access to a service that your organization aadb2c01 has not subscribed to. Please contact your administrator to review the configuration of your service subscriptions. At line:141 char:13
+ az ad app permission admin-consent --id "$($app.Id)"
After some research i found when spn(created in protal) is avaiable for application i can able to provide admin consent without the above error. I want to use powershell script to do admin consent
Used commands to create AAD application:
New-AzureADApplication -DisplayName "test"
Admin consent:
az ad app permission admin-consent --id "$($app.Id)"
Need solution to do admin consent
2
Answers
As @mikesh mentioned in comments, when we use wizard in the portal, it creates both an Application and a Service Principal. So, if you want to create the same in PowerShell, then we need to use New-AzureADApplication and New-AzureADServicePrincipal both
After creating spn for myapp can able to do admin consent without any issue.
I tried the same in my environment and got the results successfully like below:
By using the above commands, Admin consent got granted successfully to the API permissions like below:
To resolve the error, check the below:
I agree with @mikesh, make sure that the Azure Service Principal exists for the Azure AD Application you have created. If not, create the Service Principal by using below command:
To
Connect-AzureAD, make sure you are connecting with the user which exists in Azure AD B2C tenant and has Global Administrator role assigned:If still the issue persists, try recreating the Azure AD Application and check.
Reference:
Apps & service principals in Azure AD – Microsoft Entra