I suggest you ...

← Microsoft Graph Feature Requests

MSFT Graph API - ApplicationAccessPolicy

Need ability to allow other resources (such as the Directory.ReadWrite permission) to be scoped/restricted similar to the Application permissions for Exchange resources.

Per MSFT, unfortunately, only Application Permissions for Exchange Online resources can be currently restricted/scoped in Microsoft Graph.

https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access

23 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Anonymous commented  ·   ·  Flag as inappropriate

    Unfortunately, only Application Permissions for Exchange Online resources can be currently restricted/scoped in Microsoft Graph. The Application.ReadWrite and Directory.ReadWrite permissions cannot be scoped at this point in time. The reason for this is because the Application Access Policy is an Exchange-specific feature, and so other resources cannot be scoped via this method.

    Engineering is aware of this limitation in MS Graph, and they have been exploring options for allowing other resources (such as the Application.ReadWrite and Directory.ReadWrite permission) to be scoped/restricted similar to the Application permissions for Exchange resources. However, there is currently no published roadmap or ETA I can provide for when this functionality might become available.

Microsoft Graph Feature Requests: Groups

Categories

Feedback and Knowledge Base

(thinking…)