cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Scope azure app graph permissions to a group to enable/prevent access to group members content

Scope azure app graph permissions to a group to enable/prevent access to group members content
6

Upvotes

Upvote
 Nov 15 2022
2 Comments (2 New)
New

We collect Teams data through the graph Export API on behalf of our costumers using the security and compliance workflows. Generally, only a small subset of users are targeted for collection. Customers do not want to grant access to all users data if they only require the collection of some. The permissions required for use of the Export API and other Teams API's within graph grant access to all users in the environment. We prefer to have least privileged access necessary to perform the collection. Right now, the only levels of privilege are full access and no access.

 

Can you add the ability to scope access on the app registration to prevent/allow this app from accessing the scoped users/groups data?

Comment
Comments
g-evans88
Copper Contributor
‎Nov 15 2022 07:29 AM
‎Nov 15 2022 07:29 AM

Ideally scoping of Azure Application permissions for groups/individuals would be supported for not just Teams, but for all accessible data in M365/G365 (e.g. Outlook mailboxes, OneDrive/SharePoint)

BChason
Copper Contributor
‎Jan 16 2023 11:10 AM
‎Jan 16 2023 11:10 AM

We have been searching for an access control framework to solve this problem for going on 2 years now.  Entitlement Management was brought up by one Microsoft Partner but that doesn't appear to completely solve the problem.  We have yet to find any resources at Microsoft who can provide a path to a solution.

Similar Ideas
No similar ideas