Lots of partners, ISVs and end-user orgs create provisioning solutions which create Teams and Groups with additional governance/templating/features, but such solutions currently require the Group.ReadWrite.All permission - which is hugely problematic. This is a manifestation of the need for more granular permission scope types (e.g. see https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests/suggestions/37796059-restrict-permissions-to-app-only-azure-ad-applicat), but is a particularly important use case and isn't quite the same thing as the need to access only specified resources.

To expand, it does not appear to be dealt with by Resource-Specific Consent - after all, I just want permissions to create a new Team/Group, rather than permissions to an existing resource.

Please consider providing support for this type of consent - thanks!