SjoerdV

← Microsoft Graph Customer Feedback

My feedback

  1. Restrict permissions to app-only Azure AD applications consuming Office 365 services on resource level

    515 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    62 comments  ·  Microsoft Graph Feature Requests » Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  Adminjackson.woods (Program Manager, Microsoft Graph) responded

    Work has started. This feature is currently in preview for certain Teams resources with the name “resource-specific consent” (RSC).

    Admin documentation: https://docs.microsoft.com/en-us/MicrosoftTeams/resource-specific-consent

    Developer documentation: https://docs.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent

    We intend to continue adding support for additional resource types in the future (e.g. SharePoint content), but we have no ETA to share at this time.

    An error occurred while saving the comment
    SjoerdV commented  · 

    Just for the sake of argument, wouldn't it be a far nicer experience if App-Only principles could fall under the regime of Conditional Access policies, just like regular users and groups? This has been suggested here as well: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/37867180-restricting-access-of-azure-service-principals-u

    This would mean that if a SharePoint site has the BlockAccess policy setting enabled and the App Principle falls under the scope of a CA policy that the access will be blocked.

    SjoerdV supported this idea  · 

Feedback and Knowledge Base

(thinking…)