Scoping Microsoft Graph application permissions to specific Sharepoint Sites
As a developer, I'd like to use the Microsoft Graph API to access data on Microsoft Sharepoint Sites. At first glance, I would enable the permissions at the Application Level and access the Sharepoint Site data, however, when an administrator grants access they are granting access to ALL sharepoint sites - therefore in a large enterprise organization, this is viewed as a security risk and is usually disabled (as it should be). Recently, Exchange services enabled scoped permissions so that only specific mailboxes can be accessed at the application level. It would be great if we could apply a similar solution to the Sharepoint API so that large organizations could enable this feature.
Mike Baker commented
this would solve a number of problems with security when operating in shared tenants when integrating other SaaS apps.