Forum Discussion
Graph User.ReadBasic.All Application Permission Available
The Graph User.ReadBasic.All permission is now available for both delegated and application usage. Think before rushing to use the permission. Although the permission does what it sets out to do, the restriction on filtering means that many scenarios need the full User.Read.All permission.
https://office365itpros.com/2024/01/30/user-readbasic-all-permission/
3 Replies
Thanks Tony, I came across this recently as we're being asked to modify our multi-tenant service principal to drop User.Read.All in favor of User.ReadBasic.All - however filters on the queries on unsupported properties will be an issue. Also, having all current clients have to grant consent when app permissions are changed is a challenge. Are you aware of any work being done on the Microsoft side to allow for adding of permissions on a tenant by tenant basis by client AAD admins? If Microsoft would allow for a client to add (instead of just remove) permissions in their specific tenant, then we would be able to allow our clients to customize the permissions granted to the service principal if they were ok with the consequences that some queries may not work.
- Hello Tony Redmond, All permission in Microsoft Graph API. This permission is indeed designed for both delegated and application usage, providing basic profile information about users. However, you mentioned thinking before rushing to use the permission, which is a good consideration. It's important to carefully evaluate permissions in any application to ensure they align with privacy and security best practices. If you have specific concerns or questions about using this permission in your scenario, feel free to provide more details, and I'll do my best to assist you.
- Is this some kind of weird AI-generated response? It makes no sense...
