We have had several requests to restrict the access alllowed by the Azure AD User.ReadAll Application API permission. Our application only needs access to a couple of the fields in the User object and our customers, for security reasons, would prefer not to allow us access to every possible property. Allowing the Azure portal to specifically list attributes per object that are exposed to a given API Registration would address this security need.
e.g. API Registration ABC for User.ReadAll Application permission would be given access only to the ID, Mail, and DisplayName properties.
No CommentsBe the first to comment
