Forum Discussion
Graph API permissions restriction
Hello External website requires the need to read group members from Azure AD for login. Under Azure AD -> App registrations -> AppName -> API permissions i have given Directory.ReadAll. Un...
By default, Graph API permissions are tenant-wide. If you are using the delegate permissions model, they can be restricted by the permission given to the user you're currently running with, and you can also use administrative units to scope them down to just select objects: https://learn.microsoft.com/en-us/azure/active-directory/roles/administrative-units
If you are using the application permissions model, there is no way to restrict access currently. Assigning groups under the application properties is a different functionality, won't help you here.
If you are using the application permissions model, there is no way to restrict access currently. Assigning groups under the application properties is a different functionality, won't help you here.