Anonymous

← Microsoft Graph Customer Feedback

My feedback

  1. Restrict permissions to app-only Azure AD applications consuming Office 365 services on resource level

    515 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    62 comments  ·  Microsoft Graph Feature Requests » Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  Adminjackson.woods (Program Manager, Microsoft Graph) responded

    Work has started. This feature is currently in preview for certain Teams resources with the name “resource-specific consent” (RSC).

    Admin documentation: https://docs.microsoft.com/en-us/MicrosoftTeams/resource-specific-consent

    Developer documentation: https://docs.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent

    We intend to continue adding support for additional resource types in the future (e.g. SharePoint content), but we have no ETA to share at this time.

    An error occurred while saving the comment
    Anonymous commented  · 

    I have a requirement to develop a web/daemon app that manipulates the member ship of specific AD groups.
    Currently it seems to only be possible to give an app access to write the membership of all AD groups. (Or none at all)
    Strangely this is not a popular idea with our AD admins.
    Users can be given this access to specific AD groups by making them the owner.
    You can even make an App’s managed identity the owner of an AD groups, but there seems to be no way to join the dots to give the app restricted access to the GroupMember.Readwrite.All scope.

    So I may have to resort to a service account and username/password credentials to work around this.

    Anonymous supported this idea  · 

Feedback and Knowledge Base

(thinking…)