More granular Graph API permissions for Teams
The Graph API, in its current iteration, is essentially unusable at an enterprise level. Access is granted to read/write to ALL Teams spaces which is a LOT of power to give an application. Either have the Graph API include specific Teams IDs which it can access or have each Team include configuration to allow specific registered app IDs to access their data. In the later case, an admin would still approve the app access in the tenant but the Team owner would need to add the app ID to the Team before any data could be read.