Add https://outlook.office.com/Exchange.ManageApp API permission to enterprise app

Question

I am trying to register for Enterprise App from Web Application via MSAL. When I tried to add "https://outlook.office.com/Exchange.Manage" Scope it throwing error

asked for scope 'Exchange.Manage' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor. Trace ID: 079564e0-750b-49ea-a245-91b514f11900 Correlation ID: 70d5a2a4-6808-4066-ad61-a86f90817a80 Timestamp: 2023-12-13 08:04:21Z
ServerError: invalid_client: AADSTS650053:

Is there Any Graph API end point or powershell to add API permission for Enterprice Application?

Answer 1

To add API permission for Enterprise Application, make use of Microsoft Graph query:

Go to Office 365 Exchange Online in the Enterprise Applications and copy the AppID:

And make use of below query:

https://graph.microsoft.com/v1.0/servicePrincipals?$filter=appId eq '00000002-0000-0ff1-ce00-000000000000' 

Now grant Exchange.Manage API permission to the Enterprise application like below:

https://graph.microsoft.com/v1.0/oauth2PermissionGrants

{
"clientId": "EntrepriseAppObjID",
"consentType": "AllPrincipals",
"resourceId": "Office 365 Exchange Online ObjID",
"scope": "Exchange.Manage"
}

The API permission is granted successfully:

You can also make use of below PowerShell script:

$params = @{
clientId = "EntrepriseAppObjID"
consentType = "AllPrincipals"
resourceId = "Office 365 Exchange Online ObjID"
scope = "Exchange.Manage"
}

New-MgOauth2PermissionGrant -BodyParameter $params