MSFT Graph API - ApplicationAccessPolicy
Need ability to allow other resources (such as the Directory.ReadWrite permission) to be scoped/restricted similar to the Application permissions for Exchange resources.
Per MSFT, unfortunately, only Application Permissions for Exchange Online resources can be currently restricted/scoped in Microsoft Graph.
https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access

1 comment
-
Anonymous commented
Unfortunately, only Application Permissions for Exchange Online resources can be currently restricted/scoped in Microsoft Graph. The Application.ReadWrite and Directory.ReadWrite permissions cannot be scoped at this point in time. The reason for this is because the Application Access Policy is an Exchange-specific feature, and so other resources cannot be scoped via this method.
Engineering is aware of this limitation in MS Graph, and they have been exploring options for allowing other resources (such as the Application.ReadWrite and Directory.ReadWrite permission) to be scoped/restricted similar to the Application permissions for Exchange resources. However, there is currently no published roadmap or ETA I can provide for when this functionality might become available.