Hello everyone,

I'd like to discuss the fact that setting group settings for a single O365 group via MS Graph needs 

permissions.

See this article for details:

https://docs.microsoft.com/en-us/graph/api/groupsetting-update?view=graph-rest-1.0&tabs=csharp

Changing the settings of a group is a very common task and important settings like setting access for external are included there.

This should not be blocked behind such a "dangerous" permission level as Directory.ReadWrite.All. Instead it should use Group.ReadWrite.All.

I don't care what goes on behind the scenes (creating a new local GroupSettingTemplate everytime for the group etc which is a huge overhead for 99% of the cases). I just want to ensure that we can change settings for single groups. These are local settings only and should behave the same as changing settings for a single team.

And I know this is an azure ad topic therefore the chances that there will be any feedback from the Microsoft side (in comparison to Teams or SharePoint topics) are near 0. :(