MS Teams | Azure AD API | Access Restriction(Limitation)

lightupdifire
Brass Contributor
Nov 22, 2023
Prasad_Das-MSFT
We plan to use the Power Automate standard connector for creating channels in MS Teams.
For this, we must register Azure AD API, and give permissions like: Channel.Create/Delete,
Channel.Members.ReadWriteAll and permissions are required to be set on Application, not Delegated.
When the Application level permissions are set, then this API will be able to Delete/Create any channel in any MS Teams.
Then of course a question, how can limit this API to access only dedicated MS Teams?
- Prasad_Das-MSFT
  Microsoft
  Nov 22, 2023
  lightupdifire -
  
  The Azure AD API permissions mentioned (Channel.Create/Delete, Channel.Members.ReadWriteAll) can allow an application to create or delete any channel in any Microsoft Teams in your organization. However, Azure AD does not provide a direct way to limit these permissions to a specific team.
  
  To achieve your requirements, we recommend you give your feedback in Teams Feedback Portal.
  
  Thanks,
  
  Prasad Das
  
  ------------------------------------------------------------------------------------------
  
  If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link.
  - lightupdifire
    Brass Contributor
    Nov 22, 2023
    Strange isn't it?
    There is a solution for limiting Exchange Online API using: New-ApplicationAccessPolicy
    There is a solution for limiting SharePoint Online API access by using "Sites.Selected"
    But when developing the MS Teams, no security solution was added 🙂
    Feedback is on the way.
    Have a great one 😉

Forum Discussion

MS Teams | Azure AD API | Access Restriction(Limitation)

Resources