This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 79%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIZ%3C/text%3E%3C/svg%3E)
Hi there,
We have a registered Service Principal (Enterprise Application) being used by several users granting us delegated permissions.
We'd like to add an additional application (not delegated) permission to this service principal. For context, it is the CallRecords.Read.All permission.
My question is, how would this affect existing users, and our service principal? I couldn't find any documentation, but I'm curious if this would cause their existing tokens to invalidate, or would they continue working with the original scopes granted before we added an additional one.
Additionally, is it fine to have a service principal with delegated & application API permissions? I'd assume yes for this one.
Appreciate any help, thanks.
It should continue to work fine but mixing delegated and application perms is generally not recommended:
This video explains why: