Consistency for limited scope application permissions

Consistency for limited scope application permissions



 Jun 30 2021
1 Comments (1 New)

Please be more consistent in the approach that is used across the workloads for application level scoped permissions.

For example, for EXO, we still use the app permissions of Mail.ReadWrite, which clearly states it grants access to all mailboxes in the tenant (unless you use an Application access policy, which is not shown or even part of AAD). For SharePoint, there is a new permission called Sites.Selected which more clearly defines that the permissions is only for selected sites, not all sites in the tenant. This is a better model and should be used / implemented for all workloads that are going to support a scoped permissions model.

Copper Contributor

Yes, agreed! It would be wonderful to be able to use Application Access Policy to limit the scope of "application permissions" to specific users in other parts of the API (i.e. beyond just mail and calendar scopes)