Forum Discussion
Practical Graph: Exploring the Best Way to Control User Access to Entra ID Apps
Most Microsoft 365 tenants have a collection of Entra ID apps to manage. One task might be to control access to Entra ID apps, so the question is how best to do this. Assignments for users and groups control the ability to use apps while custom app roles are there for developers to determine what a user can done when they run an app.
https://practical365.com/access-to-entra-id-apps/
1 Reply
To control user access to Entra ID apps in Microsoft 365, there are a few key approaches:
- Assigning Users and Groups: This determines who can access an application by assigning specific users or groups through Enterprise Applications in Entra ID.
- App Roles: These are defined by developers in the app’s manifest and control what users can do once they have access.For additional security, Conditional Access Policies can be used to restrict access based on factors like location or device compliance. If automation is needed, Microsoft Graph API is a great way to manage assignments and roles efficiently.
The best approach depends on whether the goal is to grant access (assignments) or define user permissions within the app (roles).
