Azure Service Principal to read few Azure AD groups(not all)

Azuretech 90 Reputation points
2023-05-11T14:26:49.8466667+00:00

How to grant an Azure Service Principal access to read few specific Azure AD groups(not all).

Do we need to give the api permission (directory read all) but this we dont want to give,

any other least privileges' role that we can give on the group level ? like adding SP as member or owner of group?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2023-05-11T14:49:48.75+00:00

    There a few options:

    https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-restrict-your-app-to-a-set-of-users

    or use a delegated access for the SP and administrative groups perhaps.

    Otherwise, there is no built-in easy button like you have for scoping access to an Exchange Mailbox for example.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.