Forum Discussion
povlhp
Nov 04, 2019Copper Contributor
Control what the user can give consent to
O365 and OAuth2 allows users to give 3rd party apps consent to access data on behalf of the user. Is there any way we can limit the "scope" of consent the user allow ? Since we are in the EU, and...
VasilMichev
Nov 05, 2019MVP
So one thing you can do currently is enforce app permission policies so that by default apps can only get access to some mailboxes: https://practical365.com/exchange-online/application-access-policies-in-exchange-online/
You cannot go more granular on the actual app permissions though, so it's either that or disable them altogether. But they did announce that they are working on a "consent" role for Azure AD, which should eventually be able to allow you to delegate permissions to consent, ideally for specific scopes/permissions only. No ETA on that though.