Unable to remove app role assignments using Graph API. Getting "EntitlementGrant being updated or deleted is not found." error

Question

I have created some app roles for my Azure AD application and assigned a user in those roles. Using Graph API, I can list the app role assignments just fine.

Request URL:

https://graph.microsoft.com/v1.0/servicePrincipals/<my-application-id>/appRoleAssignedTo

Here's the response I get (partial for the sake of brevity):

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#servicePrincipals('<my-application-id>')/appRoleAssignedTo",
    "value": [
        {
            "id": "<app-role-assignment-id>",
            "deletedDateTime": null,
            "appRoleId": "<my-application-role-id>",
            "createdDateTime": "2021-04-16T00:50:28.7061339Z",
            "principalDisplayName": "User Name",
            "principalId": "<user-id>",
            "principalType": "User",
            "resourceDisplayName": "<my-application-name>",
            "resourceId": "<my-application-id>"
        },
...

However when I try to delete an app role assignment, I am getting the following error:

{
    "error": {
        "code": "Request_BadRequest",
        "message": "EntitlementGrant being updated or deleted is not found.",
        "innerError": {
            "date": "2021-04-20T15:08:28",
            "request-id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
            "client-request-id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
        }
    }
}

Request URL for delete:

https://graph.microsoft.com/v1.0/servicePrincipals/<my-application-id>/appRoleAssignedTo/<app-role-assignment-id> .

I am not sure what does this error message mean:

EntitlementGrant being updated or deleted is not found.

Would appreciate if someone can explain this to me.

I found another question with exact same issue - Microsoft Graph API: EntitlementGrant being updated or deleted is not found but that is marked as closed as not reproducible (which is surprising because it is certainly reproducible.

BTW, removing app role assignment from Azure Portal also does not work. Removing a user app role assignment is consistently failing with Microsoft.Online.DirectoryServices.DirectoryValueNotFoundException in the Azure Portal.

UPDATE

I get the following error messages in the audit logs:

Answer 1

What @Joy said is absolutely correct. I have also tested this several times in Azure portal and MS graph api. I found a rule that all the old assignments not work, all the new assignments work fine. So, I also think it is a bug caused by the migration from App roles | Preview App roles | Preview to App roles .

Currently, if you want to delete the old assignments, you can only delete the Enterprise Application and then create it again. (You delete the Enterprise Application will not delete the application in App registrations).

Refresh and create again:

---

Add:

It is a bug caused by the migration from App roles | Preview App roles | Preview to App roles . This is an bug of Azure AD itself. I have reported the error message to Microsoft, and Microsoft should resolve it as soon as possible!