Revoke-MsIdMcpServerPermission
SYNOPSIS
Revokes delegated permissions from MCP clients for the Microsoft MCP Server for Enterprise.
SYNTAX
PredefinedClients (Default)
Revoke-MsIdMcpServerPermission [-MCPClient <String[]>] [-Scopes <String[]>]
[-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
CustomClients
Revoke-MsIdMcpServerPermission -MCPClientServicePrincipalId <String[]> [-Scopes <String[]>]
[-ProgressAction <ActionPreference>] [-WhatIf] [-Confirm] [<CommonParameters>]
DESCRIPTION
This cmdlet revokes OAuth2 delegated permissions from MCP clients (like VS Code or Visual Studio) to access the Microsoft MCP Server for Enterprise. You can specify predefined clients or provide custom MCP client app IDs.
EXAMPLES
EXAMPLE 1
Connect-MgGraph -Scopes DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All
Revoke-MsIdMcpServerPermission
Revokes all permissions from Visual Studio Code (default MCP client if none specified).
EXAMPLE 2
Connect-MgGraph -Scopes DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All
Revoke-MsIdMcpServerPermission -MCPClient VisualStudioCode -Scopes 'Group.Read.All'
Revokes specific permissions from Visual Studio Code.
EXAMPLE 3
Connect-MgGraph -Scopes DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All
Revoke-MsIdMcpServerPermission -MCPClient 'VisualStudio', 'VisualStudioCode'
Revokes all permissions from Visual Studio and Visual Studio Code.
EXAMPLE 4
Connect-MgGraph -Scopes DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All
Revoke-MsIdMcpServerPermission -MCPClientServicePrincipalId '12345678-1234-1234-1234-123456789012'
Revokes all permissions from a custom MCP client using its service principal ID.
EXAMPLE 5
Connect-MgGraph -Scopes DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All
Revoke-MsIdMcpServerPermission -VisualStudioClient 'VisualStudioMSAL' -Scopes 'User.Read.All'
Revokes specific permissions from Visual Studio MSAL client.
EXAMPLE 6
Connect-MgGraph -Scopes DelegatedPermissionGrant.ReadWrite.All, Application.ReadWrite.All
Revoke-MsIdMcpServerPermission -MCPClientServicePrincipalId '12345678-1234-1234-1234-123456789012' -Scopes 'User.Read.All'
Revokes specific permissions from a custom MCP client.
PARAMETERS
-MCPClient
Specifies the predefined MCP client(s) to revoke permissions from. Valid values are:
- VisualStudio: Visual Studio
- VisualStudioCode: Visual Studio Code
- VisualStudioMSAL: Visual Studio MSAL
Type: String[]
Parameter Sets: PredefinedClients
Aliases:
Required: False
Position: Named
Default value: @('VisualStudioCode')
Accept pipeline input: False
Accept wildcard characters: False
-MCPClientServicePrincipalId
Specifies custom service principal ID(s) to revoke permissions from. Must be valid GUIDs.
Type: String[]
Parameter Sets: CustomClients
Aliases:
Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Scopes
Specific scopes to revoke. If not specified, all permissions are revoked.
Type: String[]
Parameter Sets: (All)
Aliases:
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ProgressAction
{{ Fill ProgressAction Description }}
Type: ActionPreference
Parameter Sets: (All)
Aliases: proga
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.