Ensuring the security and compliance of your SharePoint environment is crucial, especially when dealing with service principals, Entra ID apps, or federated identities. These entities often have elevated permissions that, if mismanaged, can lead to unauthorized access and potential data breaches. Regularly auditing these permissions is a best practice for maintaining a secure and compliant SharePoint environment. Application only or granular access to individual site instead of whole tenant, scope called “Sites.

Managing Service Principal Permission Requests using PowerShell Permission to the “SharePoint Online Client” service principal can be granted either in declarative method within SPFx solutions or directly. This post explores how to handle both declarative and direct permission grants using SPO PowerShell , ClI for M365 and PnP PowerShell. PnP PowerShell Get all service principal permission grants Gets the collection of permission grants for the “SharePoint Online Client” service principal using the cmdlet Get-PnPTenantServicePrincipalPermissionGrants