May 12 2020 12:14 AM - edited May 13 2020 12:55 AM
Hello everyone,
I'd like to discuss the fact that setting group settings for a single O365 group via MS Graph needs
Directory.ReadWrite.All |
permissions.
See this article for details:
https://docs.microsoft.com/en-us/graph/api/groupsetting-update?view=graph-rest-1.0&tabs=csharp
Changing the settings of a group is a very common task and important settings like setting access for external are included there.
This should not be blocked behind such a "dangerous" permission level as Directory.ReadWrite.All. Instead it should use Group.ReadWrite.All.
I don't care what goes on behind the scenes (creating a new local GroupSettingTemplate everytime for the group etc which is a huge overhead for 99% of the cases). I just want to ensure that we can change settings for single groups. These are local settings only and should behave the same as changing settings for a single team.
And I know this is an azure ad topic therefore the chances that there will be any feedback from the Microsoft side (in comparison to Teams or SharePoint topics) are near 0. :(
May 12 2020 07:58 AM
Use the feedback controls under each documentation article to leave such feedback, or post it on the Graph UserVoice.
May 13 2020 12:59 AM