Remove-EntraUserAppRoleAssignment
Removes a user application role assignment.
Syntax
Default (Default)
Remove-EntraUserAppRoleAssignment
-AppRoleAssignmentId <String>
-UserId <String>
[<CommonParameters>]
Description
The Remove-EntraUserAppRoleAssignment cmdlet removes a user application role assignment in Microsoft Entra ID.
In delegated scenarios with work or school accounts, the signed-in user must have a supported Microsoft Entra role or a custom role with the required permissions. Supported roles include:
- Directory Synchronization Accounts (for Entra Connect and Cloud Sync)
- Directory Writer
- Hybrid Identity Administrator
- Identity Governance Administrator
- Privileged Role Administrator
- User Administrator
- Application Administrator
- Cloud Application Administrator
Examples
Example 1: Remove user app role assignment
Connect-Entra -Scopes 'AppRoleAssignment.ReadWrite.All'
$assignment = Get-EntraUserAppRoleAssignment -UserId 'SawyerM@Contoso.com' |
Where-Object { $_.ResourceDisplayName -eq 'Helpdesk Application' -and $_.PrincipalType -eq 'User' }
Remove-EntraUserAppRoleAssignment -UserId 'SawyerM@Contoso.com' -AppRoleAssignmentId $assignment.Id
This example demonstrates how to Remove the user app role assignment in Microsoft Entra ID.
-UserIdparameter specifies the user ID.-AppRoleAssignmentIdparameter specifies the application role assignment ID.
Use the Get-EntraUserAppRoleAssignment cmdlet to get AppRoleAssignmentId details.
Parameters
-AppRoleAssignmentId
Specifies the ID of an application role assignment.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-UserId
Specifies the ID (as a UserPrincipleName or ObjectId) of a user in Microsoft Entra ID.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | ObjectId, UPN, Identity, UserPrincipalName |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.