515 votes62 comments · Microsoft Graph Feature Requests » Identity and Access · Flag idea as inappropriate… · Admin →
Work has started. This feature is currently in preview for certain Teams resources with the name “resource-specific consent” (RSC).
Admin documentation: https://docs.microsoft.com/en-us/MicrosoftTeams/resource-specific-consent
Developer documentation: https://docs.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent
We intend to continue adding support for additional resource types in the future (e.g. SharePoint content), but we have no ETA to share at this time.
An error occurred while saving the commentAnonymous commented
I have a requirement to develop a web/daemon app that manipulates the member ship of specific AD groups.
Currently it seems to only be possible to give an app access to write the membership of all AD groups. (Or none at all)
Strangely this is not a popular idea with our AD admins.
Users can be given this access to specific AD groups by making them the owner.
You can even make an App’s managed identity the owner of an AD groups, but there seems to be no way to join the dots to give the app restricted access to the GroupMember.Readwrite.All scope.
So I may have to resort to a service account and username/password credentials to work around this.Anonymous supported this idea ·