Limit application permissions to a tenant subset of rooms

Riccardo Suardi 21 Reputation points

Our platform offers an integration to synchronize outlook rooms meetings from a 365 tenant. We allow our customers to map rooms from their tenant with our platform's rooms through an entra application, which requires admin consent permissions such as Place.Read.All, User.Read.All, Calendars.ReadWrite.

A new customer security policy requires to not expose all rooms in their tenant to external applications, the aforementioned permissions cannot be granted, is there a way read/write only on a subset of rooms (maybe manageable by a service account), without the tenant admin permissions?

Thank you

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,409 questions
Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
5,068 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,383 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,576 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 100.1K Reputation points MVP

    You can limit access via Application access policies, or the newly introduced RBAC for apps feature:

    It allows you to scope access based on management scopes in Exchange, or Entra ID administrative units. Both can be scoped to include only a subset of the rooms, as needed. If you need a more detailed writeup on the method, I have one here:

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Saurabh-MSFT 0 Reputation points Microsoft Vendor

    Hi Riccardo,

    Thanks for posting this in Q&A.

    Please let me know if you still have any questions.


    0 comments No comments