Azure Service Principal to read few Azure AD groups(not all)

Azuretech 90

How to grant an Azure Service Principal access to read few specific Azure AD groups(not all).

Do we need to give the api permission (directory read all) but this we dont want to give,

any other least privileges' role that we can give on the group level ? like adding SP as member or owner of group?

Sandeep G-MSFT 20,911 Reputation points Microsoft Employee Moderator

2023-05-16T08:15:23.51+00:00

@Azuretech

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread.

1 answer

Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator

2023-05-11T14:49:48.75+00:00

There a few options:

https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-restrict-your-app-to-a-set-of-users

or use a delegated access for the SP and administrative groups perhaps.

Otherwise, there is no built-in easy button like you have for scoping access to an Exchange Mailbox for example.
Please sign in to rate this answer.
CarlZhao-MSFT 46,376 Reputation points

2023-05-15T02:22:58.35+00:00

Hi @Azuretech

Hope things are going well. I am writing to see if the above suggestions help. If there's anything else we can help, feel free to let us know.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Your answer