Azure Service Principal to read few Azure AD groups(not all)

Azuretech 90 Reputation points
2023-05-11T14:26:49.8466667+00:00

How to grant an Azure Service Principal access to read few specific Azure AD groups(not all).

Do we need to give the api permission (directory read all) but this we dont want to give,

any other least privileges' role that we can give on the group level ? like adding SP as member or owner of group?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,034 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,076 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 143.6K Reputation points MVP
    2023-05-11T14:49:48.75+00:00

    There a few options:

    https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-restrict-your-app-to-a-set-of-users

    or use a delegated access for the SP and administrative groups perhaps.

    Otherwise, there is no built-in easy button like you have for scoping access to an Exchange Mailbox for example.