This affects all resources that support extensions but let’s take the User resource as an example:
Extending the User resource currently requires an entire User Profile read/write consent (User.ReadWrite).
We only want to read and write additional data that we provide to the User resource and not modify the entire resource. Users might be hesitant about consenting to Apps that could potentially corrupt their entire user profile.
We do not have this started yet, but its in our plan due to other priorities. ^JT
Kenneth Vinje commented
It's been a while since this was adressed. I'm in need for a more granulated solution here. I don't want to give third party access to all data on users and groups. The case is that third party can not use scope option read user when it logs in, but have to read the user from Azure AD before first login. I could live with a solution where the third party just can read users that are members of a certain group, but there is no such scope option now as far as I can see.
So, is there any plans to go forward with this, or is it suspended.