Today, when a service principal is an owner of a group, certain functionality using the MS Graph works with no addtional grants, such as add/remove member and get a group's specific detail. However i...
Application.ReadWrite.OwnedBy is already supported, but other high‑risk permissions—such as Group.ReadWrite.All, GroupMember.ReadWrite.All, and User.ReadWrite.All—are still NOT having the same security option. This causes significant friction: the security team finds it extremely difficult to approve any automation that requires these high‑risk Graph API permissions, making it nearly impossible to move forward with automation solutions that depend on them