Forum Discussion
Control what the user can give consent to
O365 and OAuth2 allows users to give 3rd party apps consent to access data on behalf of the user. Is there any way we can limit the "scope" of consent the user allow ? Since we are in the EU, and...
So one thing you can do currently is enforce app permission policies so that by default apps can only get access to some mailboxes: https://practical365.com/exchange-online/application-access-policies-in-exchange-online/
You cannot go more granular on the actual app permissions though, so it's either that or disable them altogether. But they did announce that they are working on a "consent" role for Azure AD, which should eventually be able to allow you to delegate permissions to consent, ideally for specific scopes/permissions only. No ETA on that though.