We collect Teams data through the graph Export API on behalf of our costumers using the security and compliance workflows. Generally, only a small subset of users are targeted for collection. Customers do not want to grant access to all users data if they only require the collection of some. The permissions required for use of the Export API and other Teams API's within graph grant access to all users in the environment. We prefer to have least privileged access necessary to perform the collection. Right now, the only levels of privilege are full access and no access.
Can you add the ability to scope access on the app registration to prevent/allow this app from accessing the scoped users/groups data?