Azure Service Principal to read few Azure AD groups(not all)

Azuretech 80 Reputation points
2023-05-11T14:26:49.8466667+00:00

How to grant an Azure Service Principal access to read few specific Azure AD groups(not all).

Do we need to give the api permission (directory read all) but this we dont want to give,

any other least privileges' role that we can give on the group level ? like adding SP as member or owner of group?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,882 questions
Microsoft Graph Groups API
Microsoft Graph Groups API
A Microsoft API that creates and manages different types of groups and group functionality.
204 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 121.3K Reputation points MVP
    2023-05-11T14:49:48.75+00:00

    There a few options:

    https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-restrict-your-app-to-a-set-of-users

    or use a delegated access for the SP and administrative groups perhaps.

    Otherwise, there is no built-in easy button like you have for scoping access to an Exchange Mailbox for example.