We want to give access to a specific Microsoft SharePoint Online site collection from an Azure App Registration.

Create the App Registration in Azure

  • Open Azure Portal.
  • Browse to Azure AD.
  • Select App Registration.
  • Select New App Registration.
  • Give it a name.
  • Copy the Application Id.
  • In Certificates & Secrets, give it a Client Secret.
  • Copy the Client Secret Value.
  • In API Permissions, give the following permissions.
    • SharePoint
      • Sites.Selected
  • Grant admin consent for each of the permissions.

Grant permissions to select sites using PowerShell

  • Run the following PowerShell
$targetSiteUrl = '{sharepoint site url}'
Connect-PnPOnline $targetSiteUrl -Interactive
Grant-PnPAzureADAppSitePermission -AppId '{app (client) id}' -DisplayName '{app display name}' -Site $targetSiteUrl -Permissions Write

Get-PnPAzureADAppSitePermission -Site $targetSiteUrl

Revoke Permission via PowerShell

$targetSiteUrl = '{sharepoint site url}'
Connect-PnPOnline $targetSiteUrl -Interactive
Revoke-PnPAzureADAppSitePermission -PermissionId '{permissionid}' -Site $targetSiteUrl -Force

Get-PnPAzureADAppSitePermission -Site $targetSiteUrl

References