make Files.ReadWrite.AppFolder scope available for business accounts.
We have created a Microsoft Teams business app with a Bot that searches for specific content and posts filecards directly back to the user. For that we need to upload the file to the users OneDrive via Microsoft Graph.
As we are also focused on data security we would like to restrict our app and the permissions it uses, which led us to the Files.ReadWrite.AppFolder scope.
Unfortunately this scope is only valid for personal accounts and not supported on business accounts.
Therefore we have to ask the user for delegated Files.ReadWrite permissions which gives us access to the entire OneDrive instead of restricting the access to the designated AppFolder.
However, this is a major security concern for many of our customers and blocks a lot of the Enterprise Rollouts. With more than 1.4 million active monthly business users of our main product, we would like to deploy our newly created teams app to as many of these clients as possible.
In addition, maybe a similar behaviour of permissions could be archieved through a alternative approach with special folders?
Martin Seifert commented