Is it possible to scope API Permissions in an Azure App Registration to a single domain in an Azure Tenant?
I am working on a project where there are several domains consolidated into a single Azure tenant. When creating an app registration and adding API permissions, I would like the ability to scope the app registration to a defined scope of directory entries - specifically 1 or 2 domains versus the 100 in the single tenant. I need the API permissions of Directory.Read.All (but just for a defined scope) and AuditLog.Read.All (for the same defined scope). I am coming up empty on how to reduce the visibility scope of the App Registration to a defined scope versus the entire Azure directory. Is this possible? If so, how might I be able to do this?