grant an application being registered with an Azure Active Directory (tenant) permission scoped to view groups assigned to this application only ? Groups.Read.All permission returns all available groups.

Ol S 1 Reputation point
2022-05-29T08:13:14.593+00:00

Is it possible to grant an application being registered with an Azure Active Directory (tenant) permission to view some, but not all, groups? There's the Groups.Read.All permission, but the customers of the application in question don't wish to expose all groups (and users) in the AD to the application.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,592 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. CarlZhao-MSFT 36,896 Reputation points
    2022-05-30T02:44:22.2+00:00

    Hi @Ol S

    No, most of the Graph permissions are tenant-wide, and currently we can't manage the permissions of tenant-wide groups in a finer-grained way.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.