Forum Discussion
Changing settings for a single O365 Group via Graph needs Directory.Read.Write.All
Hello everyone,
I'd like to discuss the fact that setting group settings for a single O365 group via MS Graph needs
| Directory.ReadWrite.All |
permissions.
See this article for details:
https://docs.microsoft.com/en-us/graph/api/groupsetting-update?view=graph-rest-1.0&tabs=csharp
Changing the settings of a group is a very common task and important settings like setting access for external are included there.
This should not be blocked behind such a "dangerous" permission level as Directory.ReadWrite.All. Instead it should use Group.ReadWrite.All.
I don't care what goes on behind the scenes (creating a new local https://docs.microsoft.com/en-us/graph/api/groupsetting-post-groupsettings?view=graph-rest-1.0&tabs=http everytime for the group etc which is a huge overhead for 99% of the cases). I just want to ensure that we can change settings for single groups. These are local settings only and should behave the same as changing settings for a https://docs.microsoft.com/de-de/graph/api/team-update?view=graph-rest-1.0&tabs=http.
And I know this is an azure ad topic therefore the chances that there will be any feedback from the Microsoft side (in comparison to Teams or SharePoint topics) are near 0. 😞
2 Replies
Use the feedback controls under each documentation article to leave such feedback, or post it on the Graph UserVoice.
- Thanks. I'll try my luck on GitHub. The dozens of input sources for feedback don't make it easy to deal with these kind of topics.
