Microsoft Graph APIs have improved consistently over the years.
In 2021, one highly demanded feature, Application Only or granular access to individual site instead of whole tenant, was impleme...
Updated Jun 03, 2024
Version 3.0
Blog Post
Hi Guys, I thought I'd leave this comment in case someone is still struggling with getting this to work. There is a much easier way to do this without having to create the Full Control app as suggested in this blog post. I can confirm this has worked for me recently:
Create your app in Entra ID - Site.Selected permissions were setup on the app, with Graph API permissions granted. Remember to grant 'Admin Consent' after creating the app.
These PowerShell commands were used to grant permissions to the app to access a specific SharePoint site, with write permissions:
Connect-PnPOnline https://YOUR_DOMAIN.sharepoint.com/sites/YOUR_SITE -Interactive
Grant-PnPAzureADAppSitePermission -AppId 'APP_ID_FROM_ENTRA_ID' -DisplayName 'APP_DISPLAY_NAME' -Site 'https://YOUR_DOMAIN.sharepoint.com/sites/YOUR_SITE' -Permissions Write
This will generate a Permission ID, use it in the next command to check the permissions were applied properly to the app:
Get-PnPAzureADAppSitePermission -PermissionId PERMISSION_ID_GENERATED_ABOVE
That's it, done.