Azure Service Principal to read few Azure AD groups(not all)

Azuretech 80

How to grant an Azure Service Principal access to read few specific Azure AD groups(not all).

Do we need to give the api permission (directory read all) but this we dont want to give,

any other least privileges' role that we can give on the group level ? like adding SP as member or owner of group?

Sandeep G-MSFT 7,441 Reputation points Microsoft Employee

2023-05-16T08:15:23.51+00:00

@Azuretech

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread.

1 answer

Andy David - MVP 121.3K Reputation points MVP

2023-05-11T14:49:48.75+00:00

There a few options:

https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-restrict-your-app-to-a-set-of-users

or use a delegated access for the SP and administrative groups perhaps.

Otherwise, there is no built-in easy button like you have for scoping access to an Exchange Mailbox for example.
Please sign in to rate this answer.
CarlZhao-MSFT 23,526 Reputation points

2023-05-15T02:22:58.35+00:00

Hi @Azuretech

Hope things are going well. I am writing to see if the above suggestions help. If there's anything else we can help, feel free to let us know.
Sign in to comment

Activity