Hello everyone,
I am working on a new internal tooling system for my company. This includes direct read access to the prod environment and some instances of write-able features, mainly to maintain the referential tables used by our users. This tool is purely internal, on an in-house server and behind a VPN.

Nonetheless, access to this powerful tool must be logged and right-restricted. As a developer quite new to Graph and all AAD-related topics, I wanted to use the AAD to ensure that only a hand-picked accounts could have access.

To do so, I wanted to read all users registered in an application, using the GraphClient given by Microsoft. This client is used elsewhere in our code to send mails for instance, and is registered properly.

My problem is the following : I want to be able to find users associated to an application, and check that their email addresses and rights are OK to proceed. Could you point me to the correct direction? I can modify rights and groups as I wish in the AAD and is open to a wide range of propositions.

Many thanks in advance,
Julien